IE7 Install Error Code 0x3F5

13 januari, 2009

Har en dator med XP SP3 installerat på, men fick aldrig in IE7, får felmeddelandet 0x3F5.

Har läst på många forum om folk som har samma problem, men som inte fattar någon lösning, har ar kollat på microsofts hemsida o prövat det de har att säga.

Vissa saker jag kör får jag ju upp lite medelande om så skulle ju vara skönt om man hade någon att bolla med på svenska, ifall det är språket som gör att jag inte fixar det. Här kommer senaste loggen

[log]

================================================================================

0.234: 2009/01/08 21:13:44.031 (local)

0.234: c:\c250c3711bead4f83d10c9\update\update.exe (version 6.2.29.0)

0.250: Failed To Enable SE_SHUTDOWN_PRIVILEGE

0.265: Hotfix started with following command line: /quiet /norestart /er /log:C:\WINDOWS

0.265: IECUSTOM: Scanning for proper registry permissions...

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\ProxyStubClsid32

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}\TypeLib

0.594: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

0.797: IECUSTOM: Scanning for proper registry permissions...

0.984: IECUSTOM: Scanning for proper registry permissions...

1.203: IECUSTOM: Unwriteable key HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

1.250: IECUSTOM: Backing up registry permissions...

1.250: IECUSTOM: Finished backing up registry permissions...

1.250: IECUSTOM: Setting new registry permissions...

1.250: IECUSTOM: Unable to clear DACLs HKCR\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}

1.250: IECUSTOM: Finished setting new registry permissions...

1.250: IECUSTOM: An error occured verifying registry permissions. ERROR: 0x80070534

1.250: DoInstallation: CustomizeCall Failed: 0x3f5

1.250: IECUSTOM: Restoring registry permissions...

1.250: IECUSTOM: Finished restoring registry permissions...

1.265: Registernyckeln för konfigurationen kan inte skrivas.

1.265: Installationen av Internet Explorer 7 slutfördes inte.

1.265: Update.exe extended error code = 0x3f5

[/log]

Hade virus för en vecka sen kan ju vara något sånt kanske, Hade något som hette W32.Spybot.Worm, som verkar varit inne i registret o härjat,

en hette Infostealer.Gamepass låg i en skärmsläckarde jag packade upp.

Sen klagade norton på de filer som hette dotnetfx.exe, netfxupdate.exe, qttask.exe, pythonservice.exe, sgvhost.exe, asussetup.exe, autorun.exe, nvuninst.exe pythonw.exe, re.exe, nwiz.exe

[inlägget ändrat 2009-01-13 09:25:27 av Sabelström]

13 januari, 2009

Loggen visar på problem med registret, troligen problem med att ha tillräckliga rättigheter att skriva där.

Sen klagade norton på de filer som hette dotnetfx.exe, netfxupdate.exe, qttask.exe, pythonservice.exe, sgvhost.exe, asussetup.exe, autorun.exe, nvuninst.exe pythonw.exe, re.exe, nwiz.exe

Vad har hänt med dessa filer? För en del ser ju ut som normala filer och en del som skadliga.

Har du kollat upp datorn med något annat säkerhetsprogram?

14 januari, 2009

Kolla Microsofts lösning:

http://support.microsoft.com/kb/917925

Metod D: Återställ behörigheter för oskrivbara registerundernycklar

OBS!

Om du har svensk version av XP så måste du ändra gruppnamnen

Sedan kan det vara lite klurit med åäö i notepad, Jag använde wordpad och valde att spara filen som Text dokument - MSDos format

Administrators - Administratörer

Users - Användare

Lycka till

Magnus

16 januari, 2009

Vad har hänt med dessa filer? För en del ser ju ut som normala filer och en del som skadliga.
Har du kollat upp datorn med något annat säkerhetsprogram?

Om jag visste hur o var norton lägger upp loggar så skulle jag kunna lägga upp den.

Har inte kört med något annat förutom spybot, SUPERAntiSpyware och Malwarebytes' Anti-Malware.

Kanske skulle pröva med något annat virus program med.

På filerna står det: Affected Area: Windows Startup Settings, Recommended Actin: No Action Requierd, Detta står på filer som är nämda tidigare.

Trojaner, downloader och HSloader står det blocked på.

På alla virus o vissa trojaner o filen dotnetfx.exe står det removed på.

O sen står det protected på massa firewalls rules om program som updaterar sig mot nätet och som använs över nätet.

16 januari, 2009

Jag vet inte hur man hittar loggar i Norton heller.

Har Spybot, SUPERAntiSpyware eller Anti-Malware hittat något?

Du kan ju pröva med någon online-skanning mot virus:

http://usa.kaspersky.com/products_services/free-virus-scanner.php

Men det är ju möjligt att det inte finns något kvar i datorn efter att Norton har varit framme, men det är ju svårt att veta.

16 januari, 2009

Kolla Microsofts lösning:
http://support.microsoft.com/kb/917925

Metod D: Återställ behörigheter för oskrivbara registerundernycklar

Har prövat alla metoder, ingen funkar.

Men när jag kör D så hinner jag snappa upp detta: Last Failed: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAI : 2 Det går inte att

LAst Failed: HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Windwos NT\CurrentVersin\Per sen får det inte plats mer i fönstret o hjälper ej att förstora det.

Och det slutar med att det står Failed 5.

Om det finns en log till det skulle man ju kunna se vilka fem det är.

16 januari, 2009

Har Spybot, SUPERAntiSpyware eller Anti-Malware hittat något?

Det ända som hittat något är Superantispyware, men det är ju det vanliga: Adware.Tracking Cookie och det mindre vanliga Adware.Vundo Variant.

Det senaste dom hänt i spybots teetimer är:

[log]2009-01-10 16:26:39 Denied (based on user blacklist) value "Video Driver" (new data: "sgvhost.exe") added in System Startup global entry!

2009-01-10 17:25:39 Allowed (based on user decision) value "MSConfig" (new data: "") deleted in System Startup global entry!

2009-01-11 11:04:32 Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\THE_LO~1.SCR") changed in Desktop settings!

2009-01-11 11:07:07 Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\Star_War.scr") changed in Desktop settings!

2009-01-11 11:08:15 Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\THE_LO~1.SCR") changed in Desktop settings!

2009-01-11 12:57:00 Allowed (based on user whitelist) value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry!

2009-01-11 12:57:01 Allowed (based on user whitelist) value "MSConfig" (new data: "") deleted in System Startup global entry!

2009-01-11 22:26:00 Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!

2009-01-11 22:26:02 Allowed (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!

2009-01-12 09:42:53 Denied (based on user decision) value "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}" (new data: "") deleted in Internet Explorer searches!

2009-01-12 09:43:17 Allowed (based on user decision) value "!SASWinLogon" (new data: "") deleted in Winlogon Notifiers!

2009-01-12 09:43:25 Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "C:\DOCUME~1\HANNAS~1\LOKALA~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware") changed in System Startup user entry!

2009-01-12 09:56:15 Allowed (based on user decision) value "SUPERAntiSpyware" (new data: "C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe") changed in System Startup user entry!

2009-01-12 11:25:17 Allowed (based on user decision) value "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}" (new data: "") deleted in Internet Explorer searches!

2009-01-13 08:12:55 Allowed (based on user decision) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\HANNAS~1\LOKALA~1\Temp\IXP000.TMP\"") added in System Startup global entry!

2009-01-13 08:13:57 Allowed (based on user decision) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

2009-01-13 08:21:21 Denied (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!

2009-01-13 09:13:27 Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\HANNAS~1\LOKALA~1\Temp\IXP000.TMP\"") added in System Startup global entry!

2009-01-13 12:16:31 Allowed (based on user whitelist) value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!

2009-01-14 08:03:23 Allowed (based on lassh blacklist) value "{EFA24E64-B078-11D0-89E4-00C04FC9E26E}" (new data: "") added in User-specific browser toolbar!

2009-01-14 08:05:57 Allowed (based on user decision) value "CleanSetup" (new data: "cmd /C rmdir /S /Q "C:\Documents and Settings\Hanna Smilla Leon\Lokala inställningar\Temp\nro.tmp\"") added in System Startup global entry!

2009-01-14 08:07:43 Allowed (based on user decision) value "CloneCDTray" (new data: ""C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s") added in System Startup global entry!

2009-01-14 23:33:55 Allowed (based on user decision) value "CleanSetup" (new data: "") deleted in System Startup global entry!

2009-01-14 23:37:03 Allowed (based on user decision) value "CloneCDTray" (new data: "") deleted in System Startup global entry!

2009-01-15 10:15:18 Allowed (based on user whitelist) value "CleanSetup" (new data: "cmd /C rmdir /S /Q "C:\Documents and Settings\Hanna Smilla Leon\Lokala inställningar\Temp\nro.tmp\"") added in System Startup global entry!

2009-01-15 10:15:27 Denied (based on user decision) value "{32099AAC-C132-4136-9E9A-4E364A424E17}" (new data: "DAEMON Tools Toolbar") added in Global browser toolbar!

2009-01-15 10:15:48 Denied (based on user decision) value "{32099AAC-C132-4136-9E9A-4E364A424E17}" (new data: "hex:AC,9A,09,32,32,C1,36,41,9E,9A,4E,36,4A,42,4E,17") added in User-specific browser toolbar!

2009-01-16 00:05:20 Allowed (based on user decision) value "Malwarebytes' Anti-Malware" (new data: "C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent") added in System Startup global entry!

[/log]

Fast innan det är det 2009-01-10 16:26:34 Denied (based on user blacklist) value "Video Driver" (new data: "sgvhost.exe") added in System Startup global entry! varannan sekund i loggen.

16 januari, 2009

Ahha, Vundo, det kan ställa till med mycket.

2009-01-11 11:07:07 Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\Star_War.scr") changed in Desktop settings!

Där ser du ut att ha godkänt Star_War.scr som ny skärmsläckare, du kan läsa om det här:

http://www.siteadvisor.com/sites/softpedia.com/downloads/11808015/

Det ser ut som att det är något du ska avinstallera.

Först så vill jag få en överblick med programmet HijackThis. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

16 januari, 2009

Tror jag fick bort det, för har reagerat på det med, tror även något annat program reagerade på skärmsläckaren när jag installerade den, men lägger upp en log ändå.

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:09:26, on 2009-01-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Video Driver] sgvhost.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\RunServices: [Video Driver] sgvhost.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231442855500

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 6318 bytes

[/log]

16 januari, 2009

Även om man tar bort skärmsläckaren så är det ju inte säkert att avinstallationen tar bort allt skadligt som kom med.

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

17 januari, 2009

Ok, men hur stänger man av norton?, om jag visste vad processen hette kunde jag ju stänga av den.

Kaspersky hittade inget i alla fall.

[inlägget ändrat 2009-01-17 10:03:15 av Sabelström]

17 januari, 2009

Får upp detta felmedelande när jag försöker lägga upp loggarna.

Request object error 'ASP 0104 : 80004005'

Operation not Allowed

/Globalincludes/medlem_commerce/ErrorLog/InsertErrorIntoDB.asp, line 17

17 januari, 2009

Här är den lilla loggen:

[log]

OTViewIt Extras logfile created on: 2009-01-17 09:34:38 - Run 2

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Hanna Smilla Leon\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 74,89% Memory free

3,85 Gb Paging File | 3,53 Gb Available in Paging File | 91,68% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 48,83 Gb Total Space | 32,89 Gb Free Space | 67,37% Space Free | Partition Type: NTFS

Drive D: | 137,47 Gb Total Space | 41,43 Gb Free Space | 30,14% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HANNA

Current User Name: Hanna Smilla Leon

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2009-01-09 15:27:18 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)

[2008-11-07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========