The windows installation is a bit old, it was made around 2002-3 and none of the service packs were installed. I have the windows cd and it doesn't include any service pack. Also windows were not updated since then as it hasn't a decent connection with internet. As for the validation I don't know exactly why it wasn't made.Here is the malwarebytes' anti-malware log:Malwarebytes' Anti-Malware 1.12
Database version: 722
Scan type: Full Scan (C:\|)
Objects scanned: 65652
Time elapsed: 18 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\System32\divxrs.dll (Rootkit.Agent) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\virtualdns.virtualdnsobj (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{86c510e9-97ef-4749-914f-0280247be3a6} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\virtualdns.virtualdnsobj.1 (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f63b171-e2f3-4362-a484-8563144d62e6} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{143414d1-c324-4d6f-9756-5075d9a4a485} (Adware.WebDir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\divxrs (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dprot (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dprot (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dprot (Rootkit.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\VirtualDNS.dll (Adware.WebDir) -> No action taken.
C:\WINDOWS\System32\divxrs.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\System32\dprot.sys (Rootkit.Agent) -> No action taken.
_______________________________________________________________________________________________________
I could not update the malwarebytes' anti-malware since the computer has no internet and I couldn't find any update file in order to patch it so I run it without updating.
Also I received the following message from AVG during the scan:
Threat detected!
While opening file: C:\System Volume Information\-restore{..-a lot of letters-..}\RP260\A0037336.exe
Trojan horse Generic10.KED
and also the same message while opening C:\WINODWS\system32\msdtc.exe
_______________________________________________________________________________________________________Here are the two logs from Deckard's system scanner:main.txt:Deckard's System Scanner v20071014.68
Run by user on 2008-05-28 15:04:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
35: 2008-05-28 12:04:05 UTC - RP282 - Deckard's System Scanner Restore Point
34: 2008-05-26 10:33:29 UTC - RP281 - Installed AVG 7.5
33: 2008-05-21 09:08:25 UTC - RP280 - Σημείο ελέγχου συστήματος
32: 2008-05-20 08:54:59 UTC - RP279 - Installed AVG 7.5
31: 2008-05-20 08:53:47 UTC - RP278 - Removed AVG 7.5
-- First Restore Point --
1: 2008-02-28 07:13:20 UTC - RP248 - Σημείο ελέγχου συστήματος
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:32 μμ, on 28/5/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\user\Επιφάνεια εργασίας\dss.exe
C:\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.otenet.gr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.otenet.gr/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OTEnet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Γραμμή Συντομεύσεων του Microsoft Office.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.otenet.gr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{98BA8F23-8F21-4319-9112-0C7780467233}: NameServer = 195.170.0.2
O23 - Service: aawservice - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\1\svchost.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe (file missing)
O23 - Service: Συντονισμός κατανεμημένων συναλλαγών (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe
O23 - Service: NetDDE - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: NetDDEdsdm - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\1\svchost.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
--
End of file - 4932 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 prodrv04 (HDEA S0220 @@@@ @@@@@@@@@@ @@@@@@ @@) - c:\windows\system32\drivers\prodrv04.sys <Not Verified; Protection Technology Co.; Star Force copy protection>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
S3 acfva - c:\windows\system32\drivers\acfva.sys <Not Verified; CONEXANT; Windows 2K/XP ACF Value-added driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>
S2 aawservice - c:\docume~1\user\locals~1\temp\1\svchost.exe (file missing)
S3 ClipSrv - c:\windows\system32\clipsrv.exe (file missing)
S3 ImapiService - c:\windows\system32\imapi.exe (file missing)
S3 mnmsrvc - c:\windows\system32\mnmsrvc.exe (file missing)
S3 NetDDE - c:\windows\system32\netdde.exe (file missing)
S3 NetDDEdsdm - c:\windows\system32\netdde.exe (file missing)
S3 RasMan - c:\docume~1\user\locals~1\temp\1\svchost.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-04-28 and 2008-05-28 -----------------------------
2008-05-28 14:35:09 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-28 14:35:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 14:35:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-26 13:39:43 0 dr-h----- C:\$VAULT$.AVG
2008-05-26 13:37:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-26 13:36:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-26 13:34:07 0 d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-05-26 13:34:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-26 13:33:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-22 14:07:42 0 d-------- C:\Program Files\Lavasoft
2008-05-22 13:56:19 0 dr-h----- C:\Documents and Settings\user\Recent
2008-05-20 11:54:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-19 12:08:45 0 d-------- C:\hijackthis
2008-05-19 12:03:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 11:02:22 0 d-------- C:\otenetmp
2008-04-30 15:58:00 0 d-------- C:\Program Files\NetWaiting
2008-04-30 15:56:23 12074 -ra------ C:\WINDOWS\System32\hsfinst.dll <Not Verified; Conexant Systems; SoftK56>
2008-04-30 15:56:15 81920 --a------ C:\WINDOWS\System32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface>
2008-04-30 15:56:15 11683 --a------ C:\WINDOWS\System32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
2008-04-30 15:56:15 51168 --a------ C:\WINDOWS\System32\drivers\acfva.sys <Not Verified; CONEXANT; Windows 2K/XP ACF Value-added driver>
2008-04-30 15:56:14 495616 --a------ C:\WINDOWS\System32\drivers\UIUSetup.exe <Not Verified; Conexant Systems, Inc.; Conexant Universal Device Install/Uninstall Application>
2008-04-30 15:55:45 0 d-------- C:\WINDOWS\UnModem
2008-04-30 15:45:11 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-04-30 15:43:08 0 d---s---- C:\WINDOWS\System32\Microsoft
2008-04-30 15:43:07 0 d-------- C:\WINDOWS\System32\Cache
2008-04-30 15:42:35 0 d-------- C:\Inetpub
2008-04-30 15:42:20 0 d-------- C:\WINDOWS\System32\Logfiles
-- Find3M Report ---------------------------------------------------------------
2008-05-28 14:58:32 0 --a------ C:\WINDOWS\System32\k86.bin
2008-05-19 12:02:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 11:38:21 456302 --a------ C:\WINDOWS\System32\perfh008.dat
2008-05-14 11:38:21 80050 --a------ C:\WINDOWS\System32\perfc008.dat
2008-04-30 16:12:13 0 d-------- C:\Program Files\CCleaner
2008-04-30 15:58:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 15:56:52 0 d-------- C:\Program Files\RS232 Modem
2008-04-15 11:18:32 7 --a------ C:\WINDOWS\System32\ngxt.bin
2008-04-11 13:23:50 14336 --a------ C:\WINDOWS\System32\msdtc.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [21/03/2002 05:23 §£ C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [26/07/2003 12:14 §£]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [21/08/2003 07:23 §£]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [25/06/2003 11:24 §£]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [21/08/2003 07:15 §£]
"WFXSwtch"="C:\PROGRA~1\WinFax\WFXSWTCH.exe" [12/12/2002 03:45 ££]
"WinFaxAppPortStarter"="wfxsnt40.exe" [12/12/2002 03:45 ££ C:\WINDOWS\system32\WFXSNT40.EXE]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 05:40 ££]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 09:24 ££]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [26/05/2008 01:33 ££]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [27/11/2001 03:00 ££]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/06/2006 02:32 ££]
C:\Documents and Settings\user\Start Menu\¨¦¨α££«\„΅΅ε¤©\
‚¨££γ ‘¬¤«¦£η©ΰ¤ «¦¬ Microsoft Office.Lnk [28/7/2006 4:31:38 ££]
C:\Documents and Settings\All Users\Start Menu\¨¦¨α££«\„΅΅ε¤©\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [19/10/2006 1:15:40 ££]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\WinFax\WfxSeh32.Dll [27/07/1998 04:54 §£ 38400]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dprot.sys]
@="Driver"
-- End of Deckard's System Scanner: finished at 2008-05-28 15:05:52 ------------
_______________________________________________________________________________________________________
extra.txt:Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: Other (0408) - see
http://preview.tinyurl.com/mhhp6CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 767.49 MiB / 517.09 MiB
Pagefile Memory (total/avail): 1878.63 MiB / 1664.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.78 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 15.94 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (FAT32)
\\.\PHYSICALDRIVE0 - WDC WD400JB-00ENA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Σύστημα αρχείων προς εγκατάσταση - 37.26 GiB - C:
\\.\PHYSICALDRIVE1 - HP photosmart 7700 USB Device
\\.\PHYSICALDRIVE2 - Sony Storage Media USB Device - 494.19 MiB - 1 partition
\PARTITION0 - FAT των 16 bit - 500 MiB
-- Security Center -------------------------------------------------------------
AUState says computer is in an unknown state.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CNVPATH=C:\Program Files\Systran_En\4_0\PersonalWOI\Dicts
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GRAMMATIA
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\GRAMMATIA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=GRAMMATIA
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
user
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Αυτόματος Μεταφραστής SYSTRAN Personal 4 της MLS --> C:\WINDOWS\unvise32.exe C:\Program Files\Systran_En\4_0\PersonalWOI\uninstal.log
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Concord WinFax Plugin v3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1008475-75B2-4475-B98C-51FAE8B62960}\setup.exe"
Conexant ACF External PnP v92 Data Fax Voice Modem --> C:\Program Files\InstallShield Installation Information\{207DD102-9883-416E-8F9B-4A4197AE9B09}\setup.exe deinst -removeonly
HijackThis 2.0.2 --> "C:\hijackthis\HijackThis.exe" /uninstall
HP Software Update --> MsiExec.exe /X{D43BB532-3537-4CE9-9CBB-92533BD29F0C}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 97 Professional --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Mozilla Firefox (1.5) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (el)"
Nero 7 Essentials --> MsiExec.exe /I{11EED87A-E30F-4B09-890B-586E58A51032}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x8 ControlPanelAnyText
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Syberia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Syberia\Uninstall\setup.exe" -l0x9
Symantec pcAnywhere --> MsiExec.exe /I{C05E8183-866A-11D3-97DF-0000F8D8F2E9}
Symantec WinFax PRO --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinFax\WFXUNIST.ISU" -c"C:\Program Files\WinFax\UNINSTUB.DLL"
Video CD HP --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Windows Live Messenger --> MsiExec.exe /I{39CD7D93-BF66-4B8F-9A9C-560A1F939A0E}
-- Application Event Log -------------------------------------------------------
Event Record #/Type3638 / Error
Event Submitted/Written: 05/26/2008 01:39:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Κρεμασμένη εφαρμογή MGADiag.exe, έκδοση 1.7.95.0, στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.
Event Record #/Type3637 / Error
Event Submitted/Written: 05/26/2008 01:37:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Κρεμασμένη εφαρμογή MGADiag.exe, έκδοση 1.7.95.0, στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.
Event Record #/Type3635 / Error
Event Submitted/Written: 05/26/2008 01:01:48 PM
Event ID/Source: 1000 / Windows Live Messenger
Event Description:
msnmsgr.exe8.1.178.045b12d6antdll.dll5.1.2600.03c02cf8300000254c
Event Record #/Type3634 / Error
Event Submitted/Written: 05/26/2008 00:59:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Κρεμασμένη εφαρμογή msnmsgr.exe, έκδοση 8.1.178.0, στοιχείο ελέγχου κρεμάσματος hungapp, έκδοση 0.0.0.0, διεύθυνση κρεμάσματος 0x00000000.
Event Record #/Type3571 / Error
Event Submitted/Written: 04/30/2008 03:43:30 PM
Event ID/Source: 4691 / COM+
Event Description:
Δεν ήταν δυνατό να προετοιμαστεί το περιβάλλον χρόνου εκτέλεσης για συναλλαγές που απαιτούνται για την υποστήριξη στοιχείων συναλλαγής. Βεβαιωθείτε ότι η υπηρεσία MS-DTC εκτελείται.(DtcGetTransactionManagerEx(): hr = 0x8004d01b)
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3488 / Error
Event Submitted/Written: 05/28/2008 03:04:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας RasMan εξαιτίας του ακόλουθου σφάλματος:
%%3
Event Record #/Type3487 / Error
Event Submitted/Written: 05/28/2008 03:01:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας RasMan εξαιτίας του ακόλουθου σφάλματος:
%%2
Event Record #/Type3486 / Error
Event Submitted/Written: 05/28/2008 03:01:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας RasMan εξαιτίας του ακόλουθου σφάλματος:
%%2
Event Record #/Type3485 / Error
Event Submitted/Written: 05/28/2008 03:01:04 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας RasMan εξαιτίας του ακόλουθου σφάλματος:
%%2
Event Record #/Type3471 / Error
Event Submitted/Written: 05/28/2008 03:00:38 PM
Event ID/Source: 29 / W32Time
Event Description:
Η υπηρεσία παροχής χρόνου NtpClient έχει ρυθμιστεί να λαμβάνει ώρα από μία ή
περισσότερες προελεύσεις χρόνου, ωστόσο αυτή τη στιγμή δεν είναι προσπελάσιμη
καμία από αυτές.
Δεν θα γίνει καμία προσπάθεια επικοινωνίας με κάποια προέλευση χρόνου
για 14 λεπτά.
Ο NtpClient δεν έχει προέλευση ακριβούς ώρας.
-- End of Deckard's System Scanner: finished at 2008-05-28 15:05:52 ------------