Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Check & Removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 JLGMSI

JLGMSI

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 29 February 2012 - 04:02 PM

Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. 64bit 2k3
OTL File
__________

OTL logfile created on: 2/29/2012 8:02:54 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator.JLG\Desktop
64bit-Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

47.99 Gb Total Physical Memory | 46.16 Gb Available Physical Memory | 96.18% Memory free
125.85 Gb Paging File | 125.25 Gb Available in Paging File | 99.52% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.31 Gb Total Space | 12.71 Gb Free Space | 26.31% Space Free | Partition Type: NTFS
Drive D: | 87.77 Gb Total Space | 8.75 Gb Free Space | 9.97% Space Free | Partition Type: NTFS
Drive G: | 1103.43 Gb Total Space | 124.58 Gb Free Space | 11.29% Space Free | Partition Type: NTFS
Drive X: | 999.99 Gb Total Space | 481.36 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
Drive Y: | 326.01 Gb Total Space | 300.96 Gb Free Space | 92.31% Space Free | Partition Type: NTFS
Drive Z: | 1862.00 Gb Total Space | 955.17 Gb Free Space | 51.30% Space Free | Partition Type: NTFS

Computer Name: JLGTERM | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.JLG\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Server\avscan.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Server\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Server\avshadow.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Server\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Server\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\microsoft.net\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SysWOW64\mmc.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Avira\AntiVir Server\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (BackupExecAgentAccelerator) -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe (Symantec Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Server\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir Server\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\microsoft.net\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\SysWOW64\rsopprov.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\WINDOWS\SysWOW64\ntfrs.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\SysWOW64\llssrv.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\SysWOW64\ismserv.exe (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\SysWOW64\dfssvc.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\SysWOW64\trksvr.dll (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\SysWOW64\wdfmgr.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgio) -- C:\Program Files (x86)\Avira\AntiVir Server\avgio.sys (Avira GmbH)
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2055656589-2139255296-390635388-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKU\S-1-5-21-2055656589-2139255296-390635388-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2055656589-2139255296-390635388-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 08:48:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/15 08:58:11 | 000,000,000 | ---D | M]

[2009/05/08 12:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.JLG\Application Data\Mozilla\Extensions
[2010/09/09 12:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.JLG\Application Data\Mozilla\Firefox\Profiles\yiabdjvc.default\extensions
[2009/09/28 13:00:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.JLG\Application Data\Mozilla\Firefox\Profiles\yiabdjvc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/02 10:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/25 16:09:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2012/02/21 08:48:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/14 12:01:45 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\atgpcdec.dll
[2011/07/06 08:49:59 | 000,550,712 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\atgpcext.dll
[2009/07/30 12:22:22 | 000,046,408 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\atmccli.dll
[2009/07/30 12:20:02 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\ieatgpc.dll
[2009/07/30 12:20:12 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/12 08:51:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/12 08:51:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O3 - HKLM\..\Toolbar: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2055656589-2139255296-390635388-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-2055656589-2139255296-390635388-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-2055656589-2139255296-390635388-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Server\avgnt.exe (Avira GmbH)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2055656589-2139255296-390635388-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O15 - HKU\S-1-5-21-2055656589-2139255296-390635388-500\..Trusted Domains: jlgweb2 ([]http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220039310865 (WUWebControl Class)
O16 - DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://jlgweb2:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab (Crystal Reports Print Control 12.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jlg.priv
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92289243-1540-4A8D-B4C3-8B4DB434FC8F}: Domain = jlg.priv
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92289243-1540-4A8D-B4C3-8B4DB434FC8F}: NameServer = 192.168.2.231,192.168.5.34
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 14:41:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 07:16:26 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JLG\Desktop\OTL.exe
[2012/02/29 07:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JLG\Application Data\Avira
[2012/02/28 19:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JLG\Application Data\SUPERAntiSpyware.com
[2012/02/28 19:10:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JLG\Recent
[2012/02/28 19:05:30 | 012,836,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.JLG\Desktop\adminpak.exe
[2012/02/28 19:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JLG\Desktop\admintools
[2012/02/28 10:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/02/28 10:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/02/28 10:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/28 09:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/02/28 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/02/28 09:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/02/13 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/13 12:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 07:59:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/29 07:47:19 | 000,003,583 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/29 07:43:18 | 000,550,478 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/02/29 07:16:28 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JLG\Desktop\OTL.exe
[2012/02/28 19:06:16 | 012,836,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.JLG\Desktop\adminpak.exe
[2012/02/28 10:10:35 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/26 02:00:00 | 000,000,206 | ---- | M] () -- C:\WINDOWS\tasks\RebootTerm26th.job
[2012/02/19 02:00:00 | 000,000,206 | ---- | M] () -- C:\WINDOWS\tasks\RebootTerm19th.job
[2012/02/12 02:00:00 | 000,000,206 | ---- | M] () -- C:\WINDOWS\tasks\RebootTerm12th.job
[2012/02/05 02:00:00 | 000,000,206 | ---- | M] () -- C:\WINDOWS\tasks\RebootTerm5th.job
[2012/02/04 10:16:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\remove temp files.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/29 07:18:22 | 000,003,583 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/28 10:10:35 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/08 07:37:21 | 000,000,460 | ---- | C] () -- C:\Program Files (x86)\Shortcut to SAP.lnk
[2011/07/25 12:32:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2010/05/14 11:08:57 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd

< End of report >


Extras File
______________

OTL Extras logfile created on: 2/29/2012 8:02:54 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator.JLG\Desktop
64bit-Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

47.99 Gb Total Physical Memory | 46.16 Gb Available Physical Memory | 96.18% Memory free
125.85 Gb Paging File | 125.25 Gb Available in Paging File | 99.52% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.31 Gb Total Space | 12.71 Gb Free Space | 26.31% Space Free | Partition Type: NTFS
Drive D: | 87.77 Gb Total Space | 8.75 Gb Free Space | 9.97% Space Free | Partition Type: NTFS
Drive G: | 1103.43 Gb Total Space | 124.58 Gb Free Space | 11.29% Space Free | Partition Type: NTFS
Drive X: | 999.99 Gb Total Space | 481.36 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
Drive Y: | 326.01 Gb Total Space | 300.96 Gb Free Space | 92.31% Space Free | Partition Type: NTFS
Drive Z: | 1862.00 Gb Total Space | 955.17 Gb Free Space | 51.30% Space Free | Partition Type: NTFS

Computer Name: JLGTERM | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2055656589-2139255296-390635388-4194\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2055656589-2139255296-390635388-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"UACDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe:*:Enabled:Backup Exec Remote Agent Utility -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe:*:Enabled:Backup Exec Remote Agent Utility -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe:*:Enabled:Backup Exec Remote Agent Utility -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe:*:Enabled:Backup Exec Remote Agent Utility -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E0E99B-F931-4292-82D5-FB5CC19F5B5F}" = Microsoft SQL Server 2005 Analysis Services ADOMD.NET
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CCCCCC64-CEA7-4C72-A6D0-15BBE998B8DA}" = Symantec Backup Exec Remote Agent for Windows Systems
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE274C2F-D9E5-4DE7-96FC-5D18DC5A71FD}" = Broadcom Management Programs
"{E679FCFF-4429-40CC-A7BF-0602261969ED}" = Crystal Reports for .NET Framework 2.0 (x64)
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Remote Agent for Windows Servers" = Symantec Backup Exec Remote Agent for Windows Systems
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows x64 Service Pack" = Windows Server 2003 Service Pack 2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0BF72DB9-CE2A-4F73-B235-5D0E39245FF3}" = Cisco WebEx Meeting Center for Firefox or Chrome
"{1468862C-2178-42AC-83A3-AAE994359894}" = Avira AntiVir Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3B7CBDC4-20D1-4E0F-8E36-ADFED7E767E5}" = SAP Business One Client
"{437C7142-500A-45A5-81B6-A9D84CDF6C01}" = SAP Business One 2005 - Copy Express
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
"{A76BEAA5-3DC0-48EA-BF4A-B734D431C62D}" = SAP Business One Prerequisites
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Empty Temp Folders 2.8.3" = Empty Temp Folders 2.8.3
"InstallShield_{3B7CBDC4-20D1-4E0F-8E36-ADFED7E767E5}" = SAP Business One Client
"InstallShield_{437C7142-500A-45A5-81B6-A9D84CDF6C01}" = SAP Business One 2005 - Copy Express
"InstallShield_{A76BEAA5-3DC0-48EA-BF4A-B734D431C62D}" = SAP Business One Prerequisites
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/29/2012 8:50:20 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 8:50:20 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 9:00:22 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 9:00:22 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 9:00:45 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 9:00:45 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 9:04:11 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 9:04:11 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/29/2012 9:04:12 AM | Computer Name = JLGTERM | Source = Folder Redirection | ID = 101
Description = Failed to perform redirection of folder My Documents. The new directories
for the redirected folder could not be created. The folder is configured to be redirected
to <\\ohfile1\archive\%USERNAME%\My Documents>, the final expanded path was <\\ohfile1\archive\bsvenson\My
Documents>. The following error occurred: %%1307

Error - 2/29/2012 9:04:12 AM | Computer Name = JLGTERM | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Folder Redirection failed to
execute. Please look for any errors reported earlier by that extension.

[ System Events ]
Error - 2/29/2012 9:05:31 AM | Computer Name = JLGTERM | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 2/29/2012 9:05:33 AM | Computer Name = JLGTERM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193

Error - 2/29/2012 9:05:35 AM | Computer Name = JLGTERM | Source = RemoteAccess | ID = 20070
Description = Point to Point Protocol engine was unable to load the C:\WINDOWS\SysWOW64\rastls.dll
module. %1 is not a valid Win32 application.

Error - 2/29/2012 9:05:35 AM | Computer Name = JLGTERM | Source = RemoteAccess | ID = 20151
Description = The Control Protocol EAP in the Point to Point Protocol module C:\WINDOWS\System32\rasppp.dll
returned an error while initializing. %1 is not a valid Win32 application.

Error - 2/29/2012 9:05:35 AM | Computer Name = JLGTERM | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 2/29/2012 9:05:35 AM | Computer Name = JLGTERM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193

Error - 2/29/2012 9:05:36 AM | Computer Name = JLGTERM | Source = RemoteAccess | ID = 20070
Description = Point to Point Protocol engine was unable to load the C:\WINDOWS\SysWOW64\rastls.dll
module. %1 is not a valid Win32 application.

Error - 2/29/2012 9:05:36 AM | Computer Name = JLGTERM | Source = RemoteAccess | ID = 20151
Description = The Control Protocol EAP in the Point to Point Protocol module C:\WINDOWS\System32\rasppp.dll
returned an error while initializing. %1 is not a valid Win32 application.

Error - 2/29/2012 9:05:36 AM | Computer Name = JLGTERM | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 2/29/2012 9:05:36 AM | Computer Name = JLGTERM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193


< End of report >

Thanks,

-A

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:24 AM

Posted 03 March 2012 - 09:42 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:24 AM

Posted 11 March 2012 - 08:10 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users