I ran the Norton Removal Tool and Rebooted my computer.
I downloaded and ran OTL as well as GMER. Here are the following files:
1) OTL.txt
OTL logfile created on: 4/26/2010 4:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Tirso Moscoso\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.27 Gb Total Space | 193.26 Gb Free Space | 86.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TIRSOMOSCOSO-PC
Current User Name: Tirso Moscoso
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Users\Tirso Moscoso\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Modules (SafeList) ========== MOD - C:\Users\Tirso Moscoso\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/rswin_3653.dll ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... &bmod=TSNAIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/redirectdomain ... &bmod=TSNA IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 BA E7 0C 0B FE DA 49 BD 78 A6 9E CE 73 FB 60 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 BA E7 0C 0B FE DA 49 BD 78 A6 9E CE 73 FB 60 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 BA E7 0C 0B FE DA 49 BD 78 A6 9E CE 73 FB 60 [binary data]
IE - HKU\S-1-5-21-350632221-682335273-3265395669-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... &bmod=TSNAIE - HKU\S-1-5-21-350632221-682335273-3265395669-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/redirectdomain ... &bmod=TSNAIE - HKU\S-1-5-21-350632221-682335273-3265395669-1002\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 BA E7 0C 0B FE DA 49 BD 78 A6 9E CE 73 FB 60 [binary data]
IE - HKU\S-1-5-21-350632221-682335273-3265395669-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/04/09 17:56:34 | 000,000,000 | ---D | M]
[2009/12/16 10:15:18 | 000,000,000 | ---D | M] -- C:\Users\Tirso Moscoso\AppData\Roaming\Mozilla\Extensions
[2009/12/16 10:15:18 | 000,000,000 | ---D | M] -- C:\Users\Tirso Moscoso\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-350632221-682335273-3265395669-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.157.2.140 200.118.2.91 200.118.2.66
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/04/26 15:31:35 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Users\Tirso Moscoso\Desktop\Norton_Removal_Tool.exe
[2010/04/26 15:17:34 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Tirso Moscoso\Desktop\OTL.exe
[2010/04/22 18:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/04/21 17:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/21 17:26:23 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tirso Moscoso\Desktop\HJTInstall.exe
[2010/04/14 09:44:18 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010/04/14 09:44:17 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010/04/14 09:44:03 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2010/04/13 08:43:34 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Roaming\Malwarebytes
[2010/04/13 08:43:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/04/13 08:43:16 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/04/13 08:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/13 08:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 08:40:27 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/04/13 08:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/13 08:21:11 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Tirso Moscoso\Desktop\TFC.exe
[2010/04/09 20:28:38 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Local\CrashDumps
[2010/04/09 17:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/04/09 17:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/09 17:55:54 | 000,280,592 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys
[2010/04/09 17:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/04/09 17:15:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa
[2010/04/09 07:09:56 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2010/04/07 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Local\Tific
[2010/04/07 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Roaming\Tific
[2010/04/05 18:29:03 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2010/04/05 18:29:00 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/04/05 18:23:04 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/04/05 16:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/03 17:46:24 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Roaming\BitDefender
[2010/04/03 17:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/04/03 17:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/04/03 17:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/04/03 16:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2010/04/02 09:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/04/02 09:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/31 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Local\ElevatedDiagnostics
[2010/03/31 15:04:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/03/31 15:04:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/03/31 15:04:32 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/03/29 07:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/29 07:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/28 16:19:55 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Local\Symantec
[2010/03/28 16:13:30 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/03/28 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Tirso Moscoso\AppData\Roaming\iWin
[1 C:\Users\Tirso Moscoso\Documents\*.tmp files -> C:\Users\Tirso Moscoso\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/04/26 16:23:48 | 000,823,808 | ---- | M] () -- C:\windows\System32\drivers\lrfhbp.sys
[2010/04/26 16:22:09 | 004,718,592 | -HS- | M] () -- C:\Users\Tirso Moscoso\ntuser.dat
[2010/04/26 16:08:58 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 16:06:13 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/04/26 16:06:12 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/04/26 16:06:12 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/04/26 16:04:23 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 16:04:23 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 16:00:43 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At114.job
[2010/04/26 15:56:28 | 000,000,434 | ---- | M] () -- C:\windows\tasks\At1.job
[2010/04/26 15:56:28 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/26 15:56:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/26 15:56:19 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 15:55:36 | 001,893,581 | -H-- | M] () -- C:\Users\Tirso Moscoso\AppData\Local\IconCache.db
[2010/04/26 15:34:09 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 15:31:39 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Users\Tirso Moscoso\Desktop\Norton_Removal_Tool.exe
[2010/04/26 15:17:38 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Tirso Moscoso\Desktop\OTL.exe
[2010/04/26 15:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At113.job
[2010/04/26 14:00:20 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At112.job
[2010/04/26 13:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At111.job
[2010/04/26 12:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At110.job
[2010/04/26 11:11:01 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At109.job
[2010/04/26 10:00:01 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At108.job
[2010/04/26 09:00:05 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At107.job
[2010/04/26 08:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At106.job
[2010/04/26 07:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At105.job
[2010/04/26 06:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At104.job
[2010/04/26 05:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At103.job
[2010/04/26 04:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At102.job
[2010/04/26 03:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At101.job
[2010/04/26 02:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At100.job
[2010/04/26 01:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At99.job
[2010/04/26 00:02:26 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At98.job
[2010/04/25 23:00:04 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At121.job
[2010/04/25 22:00:57 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At120.job
[2010/04/25 21:00:15 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At119.job
[2010/04/25 20:27:06 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At118.job
[2010/04/25 19:02:38 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At117.job
[2010/04/24 17:23:41 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At116.job
[2010/04/24 16:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At115.job
[2010/04/23 18:27:01 | 000,007,607 | ---- | M] () -- C:\Users\Tirso Moscoso\AppData\Local\Resmon.ResmonCfg
[2010/04/21 17:36:26 | 000,002,050 | ---- | M] () -- C:\Users\Tirso Moscoso\Desktop\HijackThis.lnk
[2010/04/21 17:26:36 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tirso Moscoso\Desktop\HJTInstall.exe
[2010/04/21 15:55:16 | 260,722,619 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/04/21 15:41:48 | 000,525,824 | ---- | M] () -- C:\Users\Tirso Moscoso\Desktop\dds.scr
[2010/04/21 15:39:39 | 000,000,000 | ---- | M] () -- C:\Users\Tirso Moscoso\defogger_reenable
[2010/04/16 15:08:39 | 000,011,760 | ---- | M] () -- C:\Users\Tirso Moscoso\Documents\AHA_Medical_claim_form.pdf
[2010/04/15 18:51:42 | 000,017,434 | ---- | M] () -- C:\Users\Tirso Moscoso\Documents\Budget TM.xlsx
[2010/04/13 08:43:23 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 08:39:35 | 000,000,905 | ---- | M] () -- C:\Users\Tirso Moscoso\Desktop\NTREGOPT.lnk
[2010/04/13 08:39:35 | 000,000,886 | ---- | M] () -- C:\Users\Tirso Moscoso\Desktop\ERUNT.lnk
[2010/04/13 08:21:12 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tirso Moscoso\Desktop\TFC.exe
[2010/04/13 08:19:30 | 000,029,259 | ---- | M] () -- C:\Users\Tirso Moscoso\Documents\Camila Research Paper.docx
[2010/04/09 18:38:49 | 000,604,140 | -HS- | M] () -- C:\windows\System32\drivers\ISwift3.dat
[2010/04/09 18:27:56 | 000,280,592 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys
[2010/04/09 18:27:56 | 000,128,016 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\drivers\kl1.sys
[2010/04/09 18:27:46 | 000,108,059 | ---- | M] () -- C:\windows\System32\drivers\klin.dat
[2010/04/09 18:27:46 | 000,095,259 | ---- | M] () -- C:\windows\System32\drivers\klick.dat
[2010/04/09 16:46:23 | 000,000,052 | ---- | M] () -- C:\windows\System32\ashttpstats.csv
[2010/04/09 16:44:54 | 000,000,012 | ---- | M] () -- C:\windows\System32\drivers\NIS\1100000.088\Cat.DB
[2010/04/09 11:01:58 | 000,072,200 | ---- | M] (BitDefender LLC) -- C:\windows\System32\drivers\BdfNdisf6.sys
[2010/04/08 14:31:26 | 000,015,601 | ---- | M] () -- C:\Users\Tirso Moscoso\Documents\PTS Letter 2.docx
[2010/04/07 16:50:34 | 000,013,913 | ---- | M] () -- C:\Users\Tirso Moscoso\Documents\PTS Letter.docx
[2010/04/05 18:28:59 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2010/04/05 17:22:54 | 000,000,025 | ---- | M] () -- C:\Users\Tirso Moscoso\AppData\Roaming\bdfvconp.ini
[2010/04/05 07:54:57 | 000,000,056 | -H-- | M] () -- C:\windows\System32\ezsidmv.dat
[2010/04/03 18:42:25 | 000,000,016 | ---- | M] () -- C:\windows\System32\asdict.dat
[2010/04/03 18:42:25 | 000,000,004 | ---- | M] () -- C:\windows\System32\aspdict-en.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\wsbl.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\phar_unmip.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\phar_histprot.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\ph_white.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\ph_summ.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\ph_spoof.sig
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\ph_sign.slf
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\ph_fuzzy.sig
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\ph_black.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pcwords2.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pcwords.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_webproxy.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_video.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_tabloids.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_socialnetworks.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_sign.slf
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_searchengines.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_regionaltlds.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_pornography.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlineshop.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlinepay.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_onlinedating.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_news.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_im.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_illegal.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_hate.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_games.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_gambling.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | M] () -- C:\windows\System32\pc_drugs.dat
[2010/04/03 18:09:37 | 000,000,000 | ---- | M] () -- C:\windows\System32\ab_sbl.sig
[2010/04/03 18:09:37 | 000,000,000 | ---- | M] () -- C:\windows\System32\ab_bl.sig
[2010/04/03 17:51:45 | 000,000,385 | ---- | M] () -- C:\windows\System32\user_gensett.xml
[2010/04/03 17:49:30 | 000,524,288 | -HS- | M] () -- C:\Users\Tirso Moscoso\ntuser.dat{9cad5cb8-3f68-11df-bc8a-002622421711}.TMContainer00000000000000000002.regtrans-ms
[2010/04/03 17:49:30 | 000,524,288 | -HS- | M] () -- C:\Users\Tirso Moscoso\ntuser.dat{9cad5cb8-3f68-11df-bc8a-002622421711}.TMContainer00000000000000000001.regtrans-ms
[2010/04/03 17:49:30 | 000,065,536 | -HS- | M] () -- C:\Users\Tirso Moscoso\ntuser.dat{9cad5cb8-3f68-11df-bc8a-002622421711}.TM.blf
[2010/03/31 10:24:27 | 000,524,288 | -HS- | M] () -- C:\Users\Tirso Moscoso\ntuser.dat{19270df3-3cd3-11df-b81a-002622421711}.TMContainer00000000000000000002.regtrans-ms
[2010/03/31 10:24:27 | 000,524,288 | -HS- | M] () -- C:\Users\Tirso Moscoso\ntuser.dat{19270df3-3cd3-11df-b81a-002622421711}.TMContainer00000000000000000001.regtrans-ms
[2010/03/31 10:24:27 | 000,065,536 | -HS- | M] () -- C:\Users\Tirso Moscoso\ntuser.dat{19270df3-3cd3-11df-b81a-002622421711}.TM.blf
[2010/03/29 23:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 23:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/03/28 14:54:56 | 000,000,300 | ---- | M] () -- C:\windows\System32\stsf.bat
[1 C:\Users\Tirso Moscoso\Documents\*.tmp files -> C:\Users\Tirso Moscoso\Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/04/21 17:36:26 | 000,002,050 | ---- | C] () -- C:\Users\Tirso Moscoso\Desktop\HijackThis.lnk
[2010/04/21 15:49:51 | 000,293,376 | ---- | C] () -- C:\Users\Tirso Moscoso\Desktop\gmer.exe
[2010/04/21 15:41:41 | 000,525,824 | ---- | C] () -- C:\Users\Tirso Moscoso\Desktop\dds.scr
[2010/04/21 15:39:39 | 000,000,000 | ---- | C] () -- C:\Users\Tirso Moscoso\defogger_reenable
[2010/04/16 15:08:39 | 000,011,760 | ---- | C] () -- C:\Users\Tirso Moscoso\Documents\AHA_Medical_claim_form.pdf
[2010/04/13 08:43:23 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 08:39:35 | 000,000,905 | ---- | C] () -- C:\Users\Tirso Moscoso\Desktop\NTREGOPT.lnk
[2010/04/13 08:39:35 | 000,000,886 | ---- | C] () -- C:\Users\Tirso Moscoso\Desktop\ERUNT.lnk
[2010/04/13 08:19:28 | 000,029,259 | ---- | C] () -- C:\Users\Tirso Moscoso\Documents\Camila Research Paper.docx
[2010/04/09 18:38:49 | 000,604,140 | -HS- | C] () -- C:\windows\System32\drivers\ISwift3.dat
[2010/04/09 17:57:03 | 000,108,059 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2010/04/09 17:57:03 | 000,095,259 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2010/04/08 08:04:10 | 000,015,601 | ---- | C] () -- C:\Users\Tirso Moscoso\Documents\PTS Letter 2.docx
[2010/04/07 16:16:53 | 000,013,913 | ---- | C] () -- C:\Users\Tirso Moscoso\Documents\PTS Letter.docx
[2010/04/05 17:22:54 | 000,000,025 | ---- | C] () -- C:\Users\Tirso Moscoso\AppData\Roaming\bdfvconp.ini
[2010/04/05 07:54:57 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/04/03 19:08:57 | 000,000,052 | ---- | C] () -- C:\windows\System32\ashttpstats.csv
[2010/04/03 18:42:25 | 000,000,016 | ---- | C] () -- C:\windows\System32\asdict.dat
[2010/04/03 18:42:25 | 000,000,004 | ---- | C] () -- C:\windows\System32\aspdict-en.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\wsbl.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\phar_unmip.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\phar_histprot.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_white.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_summ.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_spoof.sig
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_sign.slf
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_fuzzy.sig
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_black.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_webproxy.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_video.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_tabloids.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_socialnetworks.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_sign.slf
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_searchengines.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_regionaltlds.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_pornography.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlineshop.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinepay.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinedating.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_news.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_im.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_illegal.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_hate.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_games.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_gambling.dat
[2010/04/03 18:09:38 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_drugs.dat
[2010/04/03 18:09:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ab_sbl.sig
[2010/04/03 18:09:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ab_bl.sig
[2010/04/03 17:51:45 | 000,000,385 | ---- | C] () -- C:\windows\System32\user_gensett.xml
[2010/04/03 16:34:40 | 000,524,288 | -HS- | C] () -- C:\Users\Tirso Moscoso\ntuser.dat{9cad5cb8-3f68-11df-bc8a-002622421711}.TMContainer00000000000000000002.regtrans-ms
[2010/04/03 16:34:40 | 000,524,288 | -HS- | C] () -- C:\Users\Tirso Moscoso\ntuser.dat{9cad5cb8-3f68-11df-bc8a-002622421711}.TMContainer00000000000000000001.regtrans-ms
[2010/04/03 16:34:40 | 000,065,536 | -HS- | C] () -- C:\Users\Tirso Moscoso\ntuser.dat{9cad5cb8-3f68-11df-bc8a-002622421711}.TM.blf
[2010/03/31 10:26:02 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At121.job
[2010/03/31 10:26:02 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At120.job
[2010/03/31 10:26:02 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At119.job
[2010/03/31 10:26:02 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At118.job
[2010/03/31 10:26:02 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At117.job
[2010/03/31 10:26:02 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At116.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At115.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At114.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At113.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At112.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At111.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At110.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At109.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At108.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At107.job
[2010/03/31 10:26:01 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At106.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At99.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At98.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At105.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At104.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At103.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At102.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At101.job
[2010/03/31 10:25:59 | 000,000,380 | ---- | C] () -- C:\windows\tasks\At100.job
[2010/03/31 10:24:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tirso Moscoso\ntuser.dat{19270df3-3cd3-11df-b81a-002622421711}.TMContainer00000000000000000002.regtrans-ms
[2010/03/31 10:24:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tirso Moscoso\ntuser.dat{19270df3-3cd3-11df-b81a-002622421711}.TMContainer00000000000000000001.regtrans-ms
[2010/03/31 10:24:26 | 000,065,536 | -HS- | C] () -- C:\Users\Tirso Moscoso\ntuser.dat{19270df3-3cd3-11df-b81a-002622421711}.TM.blf
[2010/03/28 18:10:13 | 000,005,230 | ---- | C] () -- C:\Users\Tirso Moscoso\AppData\Local\AA9AECA3-77DF-48D3-BEE5-20092059270D.txt
[2010/03/28 16:26:14 | 000,823,808 | ---- | C] () -- C:\windows\System32\drivers\lrfhbp.sys
[2010/03/28 16:20:52 | 000,000,434 | ---- | C] () -- C:\windows\tasks\At1.job
[2010/03/28 16:13:18 | 260,722,619 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/03/28 14:54:53 | 000,000,300 | ---- | C] () -- C:\windows\System32\stsf.bat
[2009/11/07 18:06:24 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/10/20 08:55:17 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/10/20 08:36:25 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009/10/20 08:34:36 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
2) Extras.txt
OTL Extras logfile created on: 4/26/2010 4:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Tirso Moscoso\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.27 Gb Total Space | 193.26 Gb Free Space | 86.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TIRSOMOSCOSO-PC
Current User Name: Tirso Moscoso
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PocketRAR" = Pocket RAR documentation
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.16
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-350632221-682335273-3265395669-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 4/10/2010 8:01:25 AM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x001bb1cf Faulting
process id: 0xe18 Faulting application start time: 0x01cad8a44779750e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: c94caa68-4498-11df-838a-002622421711
Error - 4/11/2010 10:16:44 AM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x001bb1cf Faulting
process id: 0x4a8 Faulting application start time: 0x01cad97ec134e3be Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: dad13e66-4574-11df-be1e-002622421711
Error - 4/12/2010 7:58:31 AM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x001bb1cf Faulting
process id: 0x13d0 Faulting application start time: 0x01cada35bdc7d7aa Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: b625c781-462a-11df-8554-002622421711
Error - 4/12/2010 8:18:21 AM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pctsSvc.exe, version: 6.0.0.22, time stamp:
0x48ed60ec Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaae Exception code: 0x0eedfade Fault offset: 0x00009617 Faulting process id:
0x28c Faulting application start time: 0x01cada39f4734c3d Faulting application path:
C:\Program Files\Spyware Doctor\pctsSvc.exe Faulting module path: C:\windows\system32\KERNELBASE.dll
Report
Id: 7b46963f-462d-11df-bf84-002622421711
Error - 4/12/2010 8:36:33 AM | Computer Name = TirsoMoscoso-PC | Source = Windows Search Service | ID = 3100
Description =
Error - 4/12/2010 9:11:39 AM | Computer Name = TirsoMoscoso-PC | Source = Windows Search Service | ID = 3100
Description =
Error - 4/12/2010 2:09:05 PM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x001bb1cf Faulting
process id: 0x1760 Faulting application start time: 0x01cada614e416cbc Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 7aab7dc9-465e-11df-beaf-002622421711
Error - 4/12/2010 4:42:39 PM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x001cc0f7 Faulting
process id: 0xa04 Faulting application start time: 0x01cada458ec2805f Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: eea2cc17-4673-11df-beaf-002622421711
Error - 4/12/2010 5:28:51 PM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x001bb1cf Faulting
process id: 0x8b4 Faulting application start time: 0x01cada86f6b777c1 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 62ddfb71-467a-11df-83ae-002622421711
Error - 4/12/2010 5:28:51 PM | Computer Name = TirsoMoscoso-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x001bb1cf Faulting
process id: 0x574 Faulting application start time: 0x01cada86fbd01898 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 6345bdfa-467a-11df-83ae-002622421711
[ Media Center Events ]
Error - 12/4/2009 8:55:58 AM | Computer Name = TirsoMoscoso-PC | Source = MCUpdate | ID = 0
Description = 7:55:56 AM - Failed to retrieve Broadband (Error: The operation has
timed out)
Error - 12/6/2009 10:13:22 AM | Computer Name = TirsoMoscoso-PC | Source = MCUpdate | ID = 0
Description = 9:13:19 AM - Failed to retrieve SportsV2 (Error: The operation has
timed out)
Error - 12/6/2009 10:15:05 AM | Computer Name = TirsoMoscoso-PC | Source = MCUpdate | ID = 0
Description = 9:15:02 AM - Failed to retrieve Broadband (Error: The operation has
timed out)
Error - 1/15/2010 11:34:50 PM | Computer Name = TirsoMoscoso-PC | Source = MCUpdate | ID = 0
Description = 10:34:50 PM - Error connecting to the internet. 10:34:50 PM - Unable
to contact server..
Error - 1/15/2010 11:34:59 PM | Computer Name = TirsoMoscoso-PC | Source = MCUpdate | ID = 0
Description = 10:34:55 PM - Error connecting to the internet. 10:34:55 PM - Unable
to contact server..
Error - 1/16/2010 1:22:18 PM | Computer Name = TirsoMoscoso-PC | Source = MCUpdate | ID = 0
Description = 12:22:17 PM - Error connecting to the internet. 12:22:17 PM - Unable
to contact server..
[ System Events ]
Error - 4/21/2010 6:35:54 PM | Computer Name = TirsoMoscoso-PC | Source = DCOM | ID = 10001
Description =
Error - 4/22/2010 12:21:28 PM | Computer Name = TirsoMoscoso-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:20:23 PM on ?4/?22/?2010 was unexpected.
Error - 4/22/2010 12:21:35 PM | Computer Name = TirsoMoscoso-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Composite Battery Helper service terminated with the
following error: %%126
Error - 4/22/2010 12:21:36 PM | Computer Name = TirsoMoscoso-PC | Source = Service Control Manager | ID = 7024
Description = The Norton Internet Security service terminated with service-specific
error %%-1.
Error - 4/22/2010 12:22:47 PM | Computer Name = TirsoMoscoso-PC | Source = DCOM | ID = 10001
Description =
Error - 4/22/2010 3:39:47 PM | Computer Name = TirsoMoscoso-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 4/22/2010 7:23:05 PM | Computer Name = TirsoMoscoso-PC | Source = Service Control Manager | ID = 7030
Description = The Akamai NetSession Interface service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.
Error - 4/23/2010 7:14:22 AM | Computer Name = TirsoMoscoso-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:19:06 PM on ?4/?22/?2010 was unexpected.
Error - 4/23/2010 7:14:27 AM | Computer Name = TirsoMoscoso-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Composite Battery Helper service terminated with the
following error: %%126
Error - 4/23/2010 7:14:28 AM | Computer Name = TirsoMoscoso-PC | Source = Service Control Manager | ID = 7024
Description = The Norton Internet Security service terminated with service-specific
error %%-1.
< End of report >
3) gmer.txt
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-04-26 16:47:09
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\TIRSOM~1\AppData\Local\Temp\uxryipow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C22AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C22104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C223F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0A634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C221DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C22958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C226F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C22F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C231A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C82599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\lrfhbp.sys A device attached to the system is not functioning. !
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x833BA000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x833FF000, 0x3DC, 0x48000040]
.text peauth.sys 98044C9D 28 Bytes [D5, B3, 43, 98, 70, E2, 61, ...]
.text peauth.sys 98044CC1 28 Bytes [D5, B3, 43, 98, 70, E2, 61, ...]
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1624] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1624] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1624] USER32.dll!NotifyWinEvent + 48F 76D3F728 4 Bytes [70, 11, 32, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1696] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1696] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1696] USER32.dll!NotifyWinEvent + 48F 76D3F728 4 Bytes [70, 11, 32, 6D]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86B3C0C0
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\lrfhbp@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\lrfhbp@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\lrfhbp@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\lrfhbp@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\lrfhbp@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\lrfhbp@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\lrfhbp@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\lrfhbp@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 1
---- EOF - GMER 1.0.15 ----