Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Potential root Kit virus?

Started by shoofly793 , Aug 25 2011 01:12 PM

  • Please log in to reply

#1
shoofly793
Posted 25 August 2011 - 01:12 PM

shoofly793

    New Member

  • Member
  • Pip
  • 1 posts
Greetings -

I am a new user and this is my first post, so my apologies in advance for any faux pas!

Below are the results from running OLT.

Some very weird behavior of my computer. I noticed a few weeks ago a new user was added to my machine. So I deleted it. It happened a few days ago again.

Today, When going to Control Panel,Users - no users are displayed. Also, I am unable to perform a system restore. When I tried to open our POS program, a message indicated that I did not have permission. Under System Tools, I tried to Defrag but it would not respond.

I am running Windows XP SP3 on a Dell Precision T5400.

Any help would be GREATLY appreciated, especially since this our store POS computer.

Thanks in advance,

David Schueckler

OTL Extras logfile created on: 8/25/2011 2:52:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\TreeHouse\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.51% Memory free
16.50 Gb Paging File | 15.38 Gb Available in Paging File | 93.26% Paging File free
Paging file location(s): C:\pagefile.sys 15000 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 166.75 Gb Free Space | 71.64% Space Free | Partition Type: NTFS
Drive E: | 5.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 232.75 Gb Total Space | 191.66 Gb Free Space | 82.35% Space Free | Partition Type: NTFS

Computer Name: D6KCHW81 | User Name: TreeHouse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5902:TCP" = 5902:TCP:*:Enabled:svchost
"10231:TCP" = 10231:TCP:*:Enabled:Explorer
"53:TCP" = 53:TCP:*:Enabled:Explorer
"5506:TCP" = 5506:TCP:*:Enabled:IIS-Admin-Service=ENABLE
"5506:UDP" = 5506:UDP:*:Enabled:IIS-Admin-Service=ENABLE
"60991:TCP" = 60991:TCP:*:Enabled:MSSQLSERVER=ENABLE
"60991:UDP" = 60991:UDP:*:Enabled:MSSQLSERVER=ENABLE
"8806:TCP" = 8806:TCP:*:Enabled:Workstation=ENABLE
"8806:UDP" = 8806:UDP:*:Enabled:Workstation=ENABLE
"62980:TCP" = 62980:TCP:*:Enabled:WebClient=ENABLE
"62980:UDP" = 62980:UDP:*:Enabled:WebClient=ENABLE

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Retail Management System\Store Operations\SOADMIN.exe" = C:\Program Files\Microsoft Retail Management System\Store Operations\SOADMIN.exe:*:Enabled:Store Operations Administrator -- (Microsoft Corporation)
"C:\Program Files\NitroSell\NSc Sync\NScSync.exe" = C:\Program Files\NitroSell\NSc Sync\NScSync.exe:*:Enabled:NSc Sync
"C:\Program Files\Microsoft Retail Management System\Store Operations\SOMANAGER.exe" = C:\Program Files\Microsoft Retail Management System\Store Operations\SOMANAGER.exe:*:Enabled:Store Operations Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft Retail Management System\Store Operations\SOPOSUSER.exe" = C:\Program Files\Microsoft Retail Management System\Store Operations\SOPOSUSER.exe:*:Enabled:Store Operations POS -- (Microsoft Corporation)
"C:\Program Files\NitroSell\PAM\PAM.exe" = C:\Program Files\NitroSell\PAM\PAM.exe:*:Enabled:NSc PAM - Pro Edition -- (NitroSell Limited)
"C:\WINDOWS\system32\svchost.dll" = C:\WINDOWS\system32\svchost.dll:*:Enabled:Unspecified
"C:\WINDOWS\system32\inetsrv\Explorer.exe" = C:\WINDOWS\system32\inetsrv\Explorer.exe:*:Enabled:Unspecified -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{0E316E1E-75EB-4F43-91FC-72DBCA5EEDB7}_is1" = NSc Mail - RMS Store Operations Edition v2.0.0.32
"{0EEDEE2B-7C9D-4584-B2B5-C28C93678BC1}" = EPSON OPOS ADK Version 2.62
"{12FE86D4-77FA-4FC7-8C23-A988E72FC5A5}" = hpp3390usg
"{171A4CF5-A428-4CB0-B372-203F8B0EB271}_is1" = Get Web Orders
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1DD670BE-C678-4D83-89D0-E7CF65D8DB98}" = hppManuals3390
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22AF6BEF-B0ED-4A81-AEBB-C5D446401F10}" = Microsoft Dynamics RMS Store Operations
"{2342F13E-E0C1-4905-86CB-39D2DEAB4FC3}_is1" = NitroSell Commerce 2.0.0.32 - RMS Store Operations Edition
"{24739100-AD64-40C0-936C-03590B95C225}" = hppSendFax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 25
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{337445D4-2204-4373-AF01-7C45FDAC5147}" = MagSwipe Configuration Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5B32A23C-2BB0-4767-8150-F977E43E7E2A}" = hppscan3390
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7642C5E3-0E6D-48E5-AE0B-A4878362711E}" = hppToolBoxFX
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{8038AEF9-EF53-4B55-97CA-CF3D8574C135}" = hpzTLBXFX
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83E016DD-1566-457E-B65C-B531186CED56}" = hppfaxdrv3390
"{89FC6B3B-4FD5-46B5-ACE6-959A7738DCAC}_is1" = NSc PAM - RMS Store Operations Edition v2.0.0.32
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92F0B809-0D52-48CF-9694-23E500DF6AA6}" = hppLJ3390
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9651D2CF-B973-4F96-9D49-7D499000EC21}" = hppScanTo
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CA56FE36-091E-4914-A70A-93E3C09D3093}" = hppTooCool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2169E0C-1C6A-4B83-BD30-9E8DADE1C391}" = hppFaxUtility
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EAF846FB-AEA4-49AC-94DA-7333EA4B846C}" = Broadcom NetXtreme II Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FA634EA3-7B13-48F3-9E68-69F4C0954450}" = USB KB OPOS MagSwipe Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"BASICR" = Microsoft Office Basic 2007
"Carbonite Backup" = Carbonite
"EditPro_is1" = EditPro 1.57
"HP LaserJet 3050/3052/3055/3390/3392" = HP LaserJet 3050/3052/3055/3390/3392 4.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HTC_WModemDriver" = WModem Driver Installer
"ID TECH USB Reader Setup" = ID TECH USB Reader Setup
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Multimedia Reader USB 2.0 Drivers_is1" = Multimedia Reader USB 2.0 Drivers
"NitroSell License Manager_is1" = NitroSell License Manager
"NVIDIA Drivers" = NVIDIA Drivers
"ophcrack" = ophcrack 3.3.1
"Picasa 3" = Picasa 3
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"RegCure" = RegCure
"SP-JSVS-5506-8806-62980-FR SP-JSVS-5506-8806-62980-FR" = SP-JSVS-5506-8806-62980-FR SP-JSVS-5506-8806-62980-FR
"Standard Horizon CPV350 PC Emulator_is1" = CPV350 emulator (V16.02.01R)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2011 10:25:22 AM | Computer Name = D6KCHW81 | Source = Application Error | ID = 1001
Description = Fault bucket 581054937.

Error - 8/25/2011 11:04:43 AM | Computer Name = D6KCHW81 | Source = Application Error | ID = 1000
Description = Faulting application iaanotif.exe, version 7.8.0.1013, faulting module
isdi.dll, version 7.8.0.1013, fault address 0x00016563.

Error - 8/25/2011 11:04:48 AM | Computer Name = D6KCHW81 | Source = SQLWRITER | ID = 4
Description = SQL writer initialization error: the COM security cannot be initialized
[0x800706ba].

Error - 8/25/2011 11:05:02 AM | Computer Name = D6KCHW81 | Source = Application Error | ID = 1001
Description = Fault bucket 581054937.

Error - 8/25/2011 11:19:04 AM | Computer Name = D6KCHW81 | Source = Application Error | ID = 1000
Description = Faulting application iaanotif.exe, version 7.8.0.1013, faulting module
isdi.dll, version 7.8.0.1013, fault address 0x00016563.

Error - 8/25/2011 11:19:08 AM | Computer Name = D6KCHW81 | Source = SQLWRITER | ID = 4
Description = SQL writer initialization error: the COM security cannot be initialized
[0x800706ba].

Error - 8/25/2011 11:19:28 AM | Computer Name = D6KCHW81 | Source = Application Error | ID = 1001
Description = Fault bucket 581054937.

Error - 8/25/2011 11:46:51 AM | Computer Name = D6KCHW81 | Source = Application Error | ID = 1000
Description = Faulting application iaanotif.exe, version 7.8.0.1013, faulting module
isdi.dll, version 7.8.0.1013, fault address 0x00016563.

Error - 8/25/2011 11:46:58 AM | Computer Name = D6KCHW81 | Source = SQLWRITER | ID = 4
Description = SQL writer initialization error: the COM security cannot be initialized
[0x800706ba].

Error - 8/25/2011 11:47:21 AM | Computer Name = D6KCHW81 | Source = Application Error | ID = 1001
Description = Fault bucket 581054937.

[ OSession Events ]
Error - 11/5/2009 5:19:30 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/5/2009 5:19:34 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/5/2009 5:19:40 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/5/2009 5:23:16 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/5/2009 5:23:22 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/5/2009 5:23:25 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/5/2009 5:23:30 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/5/2009 5:24:03 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/23/2010 3:34:15 PM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2614
seconds with 240 seconds of active time. This session ended with a crash.

Error - 5/11/2011 10:25:00 AM | Computer Name = D6KCHW81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/24/2011 7:02:27 PM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/24/2011 8:53:50 PM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/24/2011 9:55:40 PM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/24/2011 11:10:56 PM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/25/2011 12:16:59 AM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/25/2011 12:46:02 AM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/25/2011 4:59:51 AM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/25/2011 7:16:16 AM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/25/2011 8:40:18 AM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).

Error - 8/25/2011 10:12:32 AM | Computer Name = D6KCHW81 | Source = Service Control Manager | ID = 7024
Description = The Distributed Transaction Coordinator service terminated with service-specific
error 3221229584 (0xC0001010).


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 25 August 2011 - 05:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
From the Extras log I can see you are having problems with DTC. Try the instructions at:
http://support.microsoft.com/kb/916926

Step 1:
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER:
msdtc -resetlog
Warning The msdtc -resetlog command can cause data corruption if it is used incorrectly. Make sure that you do not have any pending transactions when you run this command.
Type the following command, and then press ENTER:
net start msdtc

(Does it start or do you get an error message? IF you get an error other than the service is already started then go on to step 2. )

Could you post the OTL log. (You posted the Extras log which is nice to have but I need the other one too.)

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP