OTL logfile created on: 1/22/2012 8:14:17 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ENTERPRISE\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.82 Mb Total Physical Memory | 145.20 Mb Available Physical Memory | 16.24% Memory free 2.01 Gb Paging File | 0.81 Gb Available in Paging File | 40.18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225.21 Gb Total Space | 134.73 Gb Free Space | 59.82% Space Free | Partition Type: NTFS Drive D: | 7.67 Gb Total Space | 0.87 Gb Free Space | 11.38% Space Free | Partition Type: NTFS Computer Name: ENTERPRISE-PC | User Name: ENTERPRISE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/01/22 20:04:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ENTERPRISE\Downloads\OTL.exe PRC - [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/07/24 17:55:30 | 000,356,864 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe PRC - [2009/04/11 01:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WerFault.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/02/20 17:22:34 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/11/20 23:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/10/08 10:58:06 | 008,522,400 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll MOD - [2009/07/24 17:55:30 | 000,356,864 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe MOD - [2009/02/20 17:22:30 | 000,913,408 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2009/02/20 17:22:28 | 000,102,400 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\clientmanager.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2010/11/16 00:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2011/11/28 13:22:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120121.009\NAVEX15.SYS -- (NAVEX15) DRV - [2011/11/28 13:22:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011/11/28 13:22:36 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/11/28 13:22:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120121.009\NAVENG.SYS -- (NAVENG) DRV - [2011/11/24 06:34:20 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvix86.sys -- (IDSVix86) DRV - [2011/05/02 17:59:06 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP) DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv) DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA) DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS) DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON) DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/05/08 08:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2008/05/08 08:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP) DRV - [2008/04/24 13:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/05/04 04:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2006/09/28 16:41:46 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73) DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie9" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/01 14:04:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/22 17:08:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 17:17:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/03/02 21:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ENTERPRISE\AppData\Roaming\Mozilla\Extensions [2009/03/02 21:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ENTERPRISE\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/12/15 17:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ENTERPRISE\AppData\Roaming\Mozilla\Firefox\Profiles\szy7ru7v.default\extensions [2011/12/15 17:14:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\ENTERPRISE\AppData\Roaming\Mozilla\Firefox\Profiles\szy7ru7v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/11/28 17:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/28 17:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2011/11/28 17:17:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.250.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CC682B-9A45-4428-A9F5-4F47F11688A7}: DhcpNameServer = 68.237.161.12 71.250.0.12 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\ENTERPRISE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\ENTERPRISE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/02/27 13:26:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/01/21 21:19:18 | 000,000,000 | ---D | C] -- C:\Users\ENTERPRISE\AppData\Roaming\Systweak [2012/01/21 21:17:47 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012/01/21 21:15:17 | 003,603,208 | ---- | C] (Systweak Inc ) -- C:\Users\ENTERPRISE\Documents\rcpsetup_onlyad2.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/01/22 20:10:21 | 000,001,223 | ---- | M] () -- C:\Users\ENTERPRISE\Desktop\OTL - Shortcut.lnk [2012/01/22 19:08:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/22 19:08:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/22 17:07:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/22 17:07:34 | 938,008,576 | -HS- | M] () -- C:\hiberfil.sys [2012/01/21 21:11:00 | 003,603,208 | ---- | M] (Systweak Inc ) -- C:\Users\ENTERPRISE\Documents\rcpsetup_onlyad2.exe [2012/01/21 13:21:12 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - ENTERPRISE.job [2012/01/20 16:39:09 | 000,018,432 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\KEITH.wps [2012/01/20 16:39:09 | 000,003,306 | ---- | M] () -- C:\Users\ENTERPRISE\AppData\Roaming\wklnhst.dat [2012/01/19 15:35:15 | 000,191,488 | ---- | M] () -- C:\Users\ENTERPRISE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/05 15:13:44 | 000,144,384 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\TRIVIA FACTOIDS.wps [2012/01/04 20:02:29 | 000,035,328 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\PICKLE.wps [2012/01/02 16:35:52 | 000,042,275 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders.jpg [2012/01/02 16:21:55 | 000,013,172 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders in gray hoodie.jpg [2012/01/02 03:04:14 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/01/02 03:04:14 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/01/01 18:10:08 | 000,046,334 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\cody simpson on left in shorts.jpg [2011/12/31 16:06:49 | 000,024,576 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\KEYTONE MEMBERSHIP LIST 2010.wps [2011/12/31 15:28:54 | 000,111,462 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders 4.jpg [2011/12/31 15:21:50 | 000,050,074 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders and jesse starr.jpg [2011/12/31 15:20:11 | 000,051,369 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders 5.jpg [2011/12/31 15:19:21 | 000,056,923 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tyler berke and tommy anders.jpg [2011/12/31 13:22:53 | 000,075,857 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders 1.jpg [2011/12/31 13:22:12 | 000,036,595 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders 3.jpg [2011/12/31 13:18:02 | 000,038,821 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\tommy anders 2.jpg [2011/12/31 13:14:02 | 000,085,369 | ---- | M] () -- C:\Users\ENTERPRISE\Documents\brent corrigan and chris martinson.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/22 20:09:37 | 000,001,223 | ---- | C] () -- C:\Users\ENTERPRISE\Desktop\OTL - Shortcut.lnk [2012/01/20 16:30:29 | 000,018,432 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\KEITH.wps [2012/01/02 16:35:51 | 000,042,275 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders.jpg [2012/01/02 16:21:35 | 000,013,172 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders in gray hoodie.jpg [2012/01/01 18:09:52 | 000,046,334 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\cody simpson on left in shorts.jpg [2011/12/31 15:28:52 | 000,111,462 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders 4.jpg [2011/12/31 15:21:50 | 000,050,074 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders and jesse starr.jpg [2011/12/31 15:20:09 | 000,051,369 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders 5.jpg [2011/12/31 15:19:19 | 000,056,923 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tyler berke and tommy anders.jpg [2011/12/31 13:22:53 | 000,075,857 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders 1.jpg [2011/12/31 13:22:11 | 000,036,595 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders 3.jpg [2011/12/31 13:18:01 | 000,038,821 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\tommy anders 2.jpg [2011/12/31 13:13:44 | 000,085,369 | ---- | C] () -- C:\Users\ENTERPRISE\Documents\brent corrigan and chris martinson.jpg [2011/12/30 19:19:14 | 938,008,576 | -HS- | C] () -- C:\hiberfil.sys [2009/11/22 11:34:47 | 000,077,406 | ---- | C] () -- C:\Windows\hpqins05.dat [2009/10/20 12:59:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/10/20 12:59:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/06/24 15:38:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/06/08 18:15:17 | 000,116,891 | ---- | C] () -- C:\Windows\hpqins00.dat [2009/04/01 16:17:36 | 000,001,356 | ---- | C] () -- C:\Users\ENTERPRISE\AppData\Local\d3d9caps.dat [2009/03/17 17:56:43 | 000,157,425 | ---- | C] () -- C:\Windows\hpoins28.dat [2009/03/17 17:56:43 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat [2009/03/08 14:41:52 | 000,191,488 | ---- | C] () -- C:\Users\ENTERPRISE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 01:09:15 | 000,157,566 | ---- | C] () -- C:\Windows\hpoins28.dat.temp [2009/03/07 01:09:15 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2009/03/04 20:59:16 | 000,003,306 | ---- | C] () -- C:\Users\ENTERPRISE\AppData\Roaming\wklnhst.dat [2009/02/27 20:29:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007/02/27 13:06:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007/02/27 13:03:01 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll [2007/02/27 13:03:01 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll [2007/01/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,358,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/08/11 02:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/08/11 02:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll [color=#E56717]========== LOP Check ==========[/color] [2011/05/16 23:59:56 | 000,000,000 | ---D | M] -- C:\Users\ENTERPRISE\AppData\Roaming\IrfanView [2012/01/22 20:01:49 | 000,000,000 | ---D | M] -- C:\Users\ENTERPRISE\AppData\Roaming\Systweak [2009/03/04 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\ENTERPRISE\AppData\Roaming\Template [2011/05/10 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\ENTERPRISE\AppData\Roaming\Tific [2011/05/13 21:24:47 | 000,000,000 | ---D | M] -- C:\Users\ENTERPRISE\AppData\Roaming\Uniblue [2009/04/10 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\ENTERPRISE\AppData\Roaming\WinBatch [2012/01/21 21:34:25 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF < End of report >