Understood about Desktop -- I always download to Desktop. It was unzipping that created a folder on the desktop; I moved the file from there "up" to the desktop.
I did my best to follow the instructions above. Here's what I did:
Deleted ComboFix and downloaded it again, renaming it to Friday.exe. Didn't run it yet.
Deleted OTL and downloaded it again. Ran it per your first instructions for running OTL, including the custom scans/fixes you gave me way above in this thread. OTL only produced a single log (called OTL.txt) but it seems to contain custom stuff at the end. I've inserted it all below.
I downloaded exeHelper to the Desktop but didn't run it.
Finally, I'm going to post this msg and then run Fix.bat and post its log.
---------------------------------------------------------------------------
OTL logfile created on: 6/20/2012 2:44:59 PM - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Charlie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 471.81 Mb Available Physical Memory | 46.12% Memory free
1.84 Gb Paging File | 1.27 Gb Available in Paging File | 68.96% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 4.68 Gb Free Space | 25.10% Space Free | Partition Type: NTFS
Drive F: | 450.00 Gb Total Space | 449.88 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: BEACON1003 | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Charlie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Adobe\uhdovosl.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\WINDOWS\system32\tsd32.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (Rksample) -- system32\DRIVERS\rksample.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (DMusic) -- system32\drivers\DMusic.sys File not found
DRV - (Changer) -- File not found
DRV - (Chan2vletmf) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Charlie\LOCALS~1\Temp\catchme.sys File not found
DRV - (basic2) -- system32\DRIVERS\basic2.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KUSBusByTCPMasterBus) -- C:\WINDOWS\system32\drivers\KUSBusByTCPMasterBus.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (KUSBusByTCP) -- C:\WINDOWS\system32\drivers\KUSBusByTCP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys (D-Link )
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (ati2mpaa) -- C:\WINDOWS\system32\drivers\ati2mpaa.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E C4 D5 5A D0 48 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "
http://docs.google.com/#all|http://mail.andoverbeacon.com/"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/11 17:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 14:41:34 | 000,000,000 | ---D | M]
[2009/08/24 17:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Extensions
[2012/06/14 12:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6mdemgdl.default\extensions
[2010/06/10 11:24:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\6mdemgdl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/14 12:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 13:02:15 | 000,004,550 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CHARLIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6MDEMGDL.DEFAULT\EXTENSIONS\{9BAE5926-8513-417D-8E47-774955A7C60D}.XPI
[2012/06/11 17:00:19 | 000,340,198 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CHARLIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6MDEMGDL.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2002/06/25 17:43:40 | 000,004,813 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CHARLIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6MDEMGDL.DEFAULT\EXTENSIONS\
SCJXJNYQEP@SCJXJNYQEP.ORG.XPI
[2012/06/11 17:00:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 16:59:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/11 16:59:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2002/06/25 17:38:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Control Center] C:\Program Files\TRENDnet\MFP Server\Control Center.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKCU..\Run: [Adobe] C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Adobe\uhdovosl.dll ()
O4 - HKCU..\Run: [Update] rundll32.exe ",DllRegisterServer File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247325868874 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74ACFCE6-C54F-480E-972A-727A489DF736}: DhcpNameServer = 192.168.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/11 10:53:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2822d588-8de4-11de-823d-0013466d4b29}\Shell - "" = AutoRun
O33 - MountPoints2\{2822d588-8de4-11de-823d-0013466d4b29}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2822d588-8de4-11de-823d-0013466d4b29}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/06/20 14:29:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\OTL.exe
[2012/06/20 14:23:59 | 004,563,905 | ---- | C] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\friday.exe
[2012/06/20 10:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\bootkit_remover
[2012/06/19 10:36:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/19 10:15:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/19 10:15:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/19 10:15:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/19 10:15:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/19 10:14:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/19 10:13:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/19 10:11:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/18 14:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/06/18 14:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/18 14:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Application Data\Oracle
[2012/06/18 12:05:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/12 10:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/06/12 10:51:57 | 000,000,000 | ---D | C] -- C:\rsit
[2012/06/12 09:03:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/06/12 09:03:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charlie\My Documents\My Videos
[2012/06/12 09:03:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/06/12 09:03:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/06/12 09:03:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charlie\My Documents\My Music
[2012/06/12 09:03:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charlie\Start Menu\Programs\Administrative Tools
[2012/06/12 09:02:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\dds.exe
[2012/06/11 17:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/11 17:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/08 09:28:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/08 09:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Application Data\Malwarebytes
[2012/06/07 12:18:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charlie\Recent
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/20 14:29:59 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\OTL.exe
[2012/06/20 14:24:13 | 004,563,905 | ---- | M] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\friday.exe
[2012/06/20 12:30:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/20 12:29:15 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\fix.bat
[2012/06/20 10:33:36 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Charlie\Desktop\boot_cleaner.exe
[2012/06/20 10:31:30 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\bootkit_remover.zip
[2012/06/19 10:37:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/18 14:37:34 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\My thread.url
[2012/06/18 13:24:43 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\[Active] - Malwarebytes - blocked potently malicious website popup - TechSpot Forums.url
[2012/06/18 09:56:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/13 10:45:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\Firefox.lnk
[2012/06/13 10:04:07 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\Office.lnk
[2012/06/13 09:55:35 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\UPDATED 5-step VirusesSpywareMalware Preliminary Removal Instructions - TechSpot Forums.URL
[2012/06/12 15:18:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\dds.exe
[2012/06/12 10:45:28 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\how-to-disable-script-blocking-392291.url
[2012/06/12 08:42:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\gmer.exe
[2012/06/08 11:41:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 14:16:37 | 000,001,530 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2012/06/07 14:16:36 | 000,009,580 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2012/06/07 12:54:43 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\79MGbT8KrmIYHf
[2012/06/07 12:37:12 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/06/07 12:37:11 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/06/07 12:20:41 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~79MGbT8KrmIYHf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/20 12:28:07 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\fix.bat
[2012/06/20 10:31:27 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\bootkit_remover.zip
[2012/06/19 10:37:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/19 10:37:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/19 10:15:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/19 10:15:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/19 10:15:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/19 10:15:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/19 10:15:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/18 13:26:16 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\My thread.url
[2012/06/13 10:45:35 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\Firefox.lnk
[2012/06/12 15:21:49 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\[Active] - Malwarebytes - blocked potently malicious website popup - TechSpot Forums.url
[2012/06/12 15:13:20 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/12 10:45:28 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\how-to-disable-script-blocking-392291.url
[2012/06/12 09:05:09 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\UPDATED 5-step VirusesSpywareMalware Preliminary Removal Instructions - TechSpot Forums.URL
[2012/06/12 08:42:56 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\gmer.exe
[2012/06/08 11:41:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 17:13:00 | 000,213,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/22 18:27:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 18:31:18 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~79MGbT8KrmIYHf
[2012/01/06 18:31:18 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~79MGbT8KrmIYHfr
[2012/01/06 18:31:10 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\79MGbT8KrmIYHf
[2012/01/06 13:56:47 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iYADj09iT3gaEf
[2012/01/06 13:56:47 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iYADj09iT3gaEfr
[2012/01/06 13:56:38 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iYADj09iT3gaEf
[2011/01/18 15:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/08/10 17:20:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/08/10 13:56:41 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPWF310.ini
[2010/08/05 15:42:23 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/08/05 15:42:23 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/08/05 15:42:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/08/05 15:42:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/08/05 15:42:23 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/08/05 15:42:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/08/05 15:42:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/08/05 15:42:23 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/08/05 15:42:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/05 15:42:22 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/08/05 15:42:22 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/05 15:42:22 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/08/05 15:42:22 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/08/05 15:42:22 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/08/05 15:42:22 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/08/05 15:42:22 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/08/05 15:41:29 | 000,000,080 | ---- | C] () -- C:\WINDOWS\EPWF1100.ini
[2010/06/30 16:02:41 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
========== LOP Check ==========
[2009/08/24 15:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/13 17:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/05/14 14:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/08/10 13:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/09/02 10:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2012/01/06 13:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/06/07 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2009/09/18 17:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/05/14 14:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/09/18 17:20:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/08/05 18:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Canon
[2009/09/18 18:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/22 15:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\eFax Messenger
[2011/04/07 17:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Epson
[2010/01/13 17:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\j2 Global
[2010/08/05 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Leadertech
[2009/09/15 17:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\OpenOffice.org
[2012/06/18 14:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Oracle
[2009/10/26 17:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\pdf995
[2009/09/18 17:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\TuneUp Software
[2009/10/02 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\uniblue
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: USERINIT.EXE >
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s >
< End of report >