I believe my computer has been hit with the WindowsFixDisk virus. I remember seeing some of the error screens shown when I reviewed that topic and I had a WindowsFixDisk folder in My Documents.
The symptoms (that I am aware of) were that all windows desktop icons and wallpaper were hidden, Start Menu items were hidden, My Documents were hidden, Task Manager was disabled, background voice ads could be heard, script errors pop up and IE8 continuously adds random pages to the browser history even while closed.
Searching the net I have been able to enable the Task Manager and unhide My Documents including desktop icons, wallpaper and some of the Start Menu items. I am still missing over half of the Start Menu items and the background voice ads, script error pop ups and random browser history additions are still occurring.
I have been Using AVG free for years on two different computers and this is the first time I have had a problem. When the problem started the AVG found and quarantined 3 files and Malwarebytes found 4 issues on its first scan. My current AVG scans and Malwarebytes scans come up clean. The OTL log is attached below. Thank you for your time and support!
OTL logfile created on: 4/18/2011 3:27:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Brian Stolte\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 68.47 Gb Free Space | 61.28% Space Free | Partition Type: NTFS
Drive D: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DELL1 | User Name: Brian Stolte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Brian Stolte\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
PRC - C:\Program Files\Verizon\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
PRC - C:\Program Files\Software by Design\Calendar.exe (Gregory Braun -- Software Design)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Brian Stolte\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Verizon\SmartBridge\SBHook.dll (Motive Communications, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
========== Driver Services (SafeList) ==========
DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (RTLWUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111v2.sys (NETGEAR Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (hamachi_oem) -- C:\WINDOWS\SYSTEM32\DRIVERS\gan_adapter.sys (Applied Networking Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (EMATCORE) -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsVid.sys (Dell Computer Corporation)
DRV - (AtlsAud) -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsAud.sys (Dell Computer Corporation)
DRV - (pfc) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys (Padus, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (msloop) -- C:\WINDOWS\SYSTEM32\DRIVERS\loop.sys (Microsoft Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 08:22:51 | 000,000,000 | ---D | M]
[2007/02/02 02:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brian Stolte\Application Data\Mozilla\Firefox\Profiles\z95qb0qn.default\extensions
[2007/02/02 02:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/09 15:05:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
O4 - Startup: C:\Documents and Settings\Brian Stolte\Start Menu\Programs\Startup\Calendar 2000.lnk = C:\Program Files\Software by Design\Calendar.exe (Gregory Braun -- Software Design)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} http://download.yaho...l/yautoiol1.cab (YAutoImport Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral....bs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.verizon.n...tivePreQual.cab (PreQualifier Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! NFL GameChannel StatTracker http://aud7.sports.s...lgcst1008_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\Brian Stolte\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brian Stolte\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/09 01:00:58 | 000,000,022 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{259eb399-ea68-11d7-869d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{259eb399-ea68-11d7-869d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{259eb399-ea68-11d7-869d-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001/04/30 13:33:00 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{a3cc0a00-92cd-11dc-8847-0007e94e7cea}\Shell - "" = AutoRun
O33 - MountPoints2\{a3cc0a00-92cd-11dc-8847-0007e94e7cea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3cc0a00-92cd-11dc-8847-0007e94e7cea}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/18 15:19:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian Stolte\Desktop\OTL.exe
[2011/04/18 11:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Stolte\Application Data\Malwarebytes
[2011/04/18 11:34:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 11:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/14 21:51:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brian Stolte\Recent
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brian Stolte\My Documents\*.tmp files -> C:\Documents and Settings\Brian Stolte\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/18 15:19:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Stolte\Desktop\OTL.exe
[2011/04/18 14:22:13 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Brian Stolte\Desktop\Microsoft Office Word 2007.lnk
[2011/04/18 13:33:10 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/18 13:32:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/18 13:31:59 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 13:31:59 | 000,345,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/18 13:30:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/18 13:21:42 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/18 13:21:42 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/18 11:34:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 10:32:16 | 112,716,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/15 13:13:44 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/04/15 10:29:20 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Brian Stolte\Desktop\Microsoft Office Excel 2007.lnk
[2011/04/14 21:51:59 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/14 21:51:59 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/14 21:51:49 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/01 18:24:15 | 000,199,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/30 08:22:52 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/03/22 01:09:54 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brian Stolte\My Documents\*.tmp files -> C:\Documents and Settings\Brian Stolte\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/18 11:34:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/14 21:51:59 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/14 21:51:57 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/14 21:51:49 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/03/15 18:52:41 | 001,346,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/20 19:46:11 | 000,000,043 | ---- | C] () -- C:\WINDOWS\BC.INI
[2010/04/20 19:44:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BS.INI
[2010/04/20 19:35:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\progman.ini
[2008/12/06 14:38:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2008/12/06 14:38:46 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2008/12/06 14:38:46 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/22 01:15:04 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Brian Stolte\Local Settings\Application Data\fusioncache.dat
[2007/01/01 21:07:30 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/27 14:09:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/12/09 15:05:12 | 000,002,818 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/06 14:42:56 | 000,003,374 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/22 22:59:53 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/10/06 15:35:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\nicmgr.exe
[2006/10/06 15:35:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\nicmgr.dll
[2005/12/15 22:16:15 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2005/11/27 10:25:39 | 000,036,872 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2005/10/15 10:25:08 | 000,000,117 | ---- | C] () -- C:\WINDOWS\NavWin.INI
[2005/10/15 10:23:11 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\G32_TICK.DLL
[2005/10/15 10:23:11 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\G32_rkey.dll
[2005/10/15 10:23:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\free_res.exe
[2005/10/12 20:55:31 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/09/29 00:04:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/27 22:03:47 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2005/09/27 16:39:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/06/02 00:19:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2005/02/09 01:02:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2005/02/09 01:01:05 | 000,000,111 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/02/09 00:59:41 | 000,001,024 | ---- | C] () -- C:\WINDOWS\scharts.ini
[2005/02/09 00:59:41 | 000,000,205 | ---- | C] () -- C:\WINDOWS\omega.ini
[2005/02/09 00:59:41 | 000,000,133 | ---- | C] () -- C:\WINDOWS\or_dman.ini
[2005/02/09 00:59:41 | 000,000,075 | ---- | C] () -- C:\WINDOWS\opcalc.ini
[2004/10/05 22:52:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2003/12/20 12:42:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/05 08:11:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2003/09/24 12:51:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/21 08:32:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\f_light.ini
[2003/09/21 04:00:11 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Brian Stolte\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/21 02:04:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/09/21 02:04:45 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/09/21 02:04:45 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/09/02 22:51:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/02 22:48:25 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/02 22:44:05 | 000,000,834 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/09/02 22:42:52 | 000,001,454 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/02 22:37:39 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/09/02 22:37:39 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/09/02 22:37:27 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/09/02 22:37:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/09/02 22:37:26 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/09/02 22:37:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/09/02 22:37:02 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/09/02 22:33:02 | 000,000,889 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/02 22:20:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/09/02 22:17:12 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/09/02 22:17:12 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/09/02 22:16:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/02 21:53:36 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/07/08 15:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/12/18 17:10:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[2002/09/03 10:05:08 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,429 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980/01/01 01:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
========== LOP Check ==========
[2009/04/10 14:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/11/21 13:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/21 10:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/23 15:30:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/07 23:39:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/04/05 17:22:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/11/21 13:01:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/21 10:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/12/27 14:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/11/21 13:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\AVG10
[2010/04/05 17:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\Canon
[2010/03/23 18:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\Canon Easy-WebPrint EX
[2010/03/23 14:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\Centra
[2005/12/22 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\ICAClient
[2003/12/21 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\Leadertech
[2006/10/22 22:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\Musicmatch
[2008/06/09 12:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\OfficeUpdate12
[2010/03/23 14:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\Saba
[2004/09/04 10:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Stolte\Application Data\The Labyrinth Plus! Edition
========== Purity Check ==========
< End of report >
Sign In
Create Account
