Need Help regarding recurring Trojan:JS/Redirector.CR

View previous topic View next topic Go down

Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sun Apr 25, 2010 9:42 pm

Need Help regarding recurring Trojan:JS/Redirector.CR

Hello GeekPolice
I am encountering recurring Trojan:JS/Redirector.CR since last April 20 and it keeps re-appearing everyday even if my Microsoft Security Essential keeps detecting it and deleting it.

History: A month a go I was infected by Vista Security 2010 Antivirus and it took over my Security Center and created a fake security center and displaying fake alerts that I am being hacked, have different viruses and prompting to a website that I need to buy the Vista Security 2010 Antivirus. I was able to remove it and restore my original security center by following the instruction at bleepingcomputer,com and downloaded Malawarebyte.

I was OK for about 3 weeks and then my antivitus detected that I am infected by many types of Trojan virus. Since my anti-virus detected them and removed them, I thought the problem was fixed, I never encounter the re-appearance of Trojan for one week until end of March something weird is happening with my laptop. My friends emailed me and because they received an email from me (with links on the email) and asking me if I sent the e-mail. I told them I didn't send the email, it looks like my yahoo mail is hacked or something. What scares me is that I checked my sent items but the email received by my friends is not there but I noticed that all my 2009-2010 sent items are all gone and I didn't delete them nor there is no setting of automatic delete. And if there is a setting of automatic delete, it should delete the older sent items not the recent items..The 2009-2010 were deleted but the 2008 are still there. At that time every time I open my yahoo mail an md.ph file keeps appearing saying "You have chosen to open md.php which is a php file from from mail.yahoo.com". Of course I keep choosing the cancel button. I run the Malawarebyte again to be sure and the popping md.ph file from yahoo was gone.

I thought I was OK but after 2 weeks, last April 20, I keep receiving one type of Trojan that is the Trojan:JS/Redirector.CR and my antivirus (Microssoft Security Essential) keeps detecting it, keeps removing it but since April 20 until a while ago the Trojan:JS/Redirector.CR keeps re-appearing everyday. Please help me with my problem, Trojan keeps re-infecting my laptop and I still do not know if I am being hacked.

Thanks.

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sun Apr 25, 2010 9:48 pm

I cannot post the OTL.txt because I am getting an error "The posted message is too big." even if I tried posting it to 2 different quick replies. Any suggestion on how to post this txt file here? Thanks


Last edited by kelly2010 on Sun Apr 25, 2010 9:59 pm; edited 2 times in total

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sun Apr 25, 2010 9:58 pm

OTL Extras logfile created on: 4/25/2010 9:37:09 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Daiichi Jitsugyo Inc\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.78 Gb Total Space | 28.16 Gb Free Space | 32.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 946.69 Mb Total Space | 163.42 Mb Free Space | 17.26% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAQUEL
Current User Name: Daiichi Jitsugyo Inc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15EF0B95-1F32-4F64-9AEF-8BCA75488C3F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2EC40B30-BBA0-43AE-A23E-F14DFD77F6B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8B657A22-ED15-46FE-8822-7178B63D2D82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25B6FE9B-1196-465C-AE5C-5E2CE64BDCBB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{2BB0DA90-D811-4972-AFE9-819CB05050DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4B43CF6C-53AF-49E6-AE59-D9AC43654540}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5037CCBE-547F-45E2-AAB4-B96D2F9F611E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6F6ABB34-8305-4E7B-AB14-63E60854E757}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A7EA3E0F-EAEA-4607-9BDA-1166502D7296}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BE640270-4B0A-4B12-8C83-1926B0E39A1B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C930CA26-EB76-4D42-96DE-A17225E9302F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DF519A6A-290D-430F-866E-A89FF2492913}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{2ED495BA-5D22-4936-A914-6D57D8015D23}C:\kav\kav7.0\english\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav7.0\english\setup.exe |
"TCP Query User{7665A5E2-C11E-4003-A21C-CB77FB471103}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{7DF0ADE4-9442-4CFD-A58F-58BDE602D344}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9DC31A61-0E05-457B-91F4-FB92A7C10D29}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B578025B-9344-4B1E-874F-CB4A264B20D7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C6C03C03-DDBD-470A-9791-EEC02542A614}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{D835B2DF-2D86-4A90-A908-68F02BE0CD4C}C:\program files\yahoo!\messenger\yserver.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"UDP Query User{15B176B0-FF52-40F6-8092-F8C1F70E11DE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{18B2418F-A64E-47A9-8A03-47BB60508667}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{3068C1D4-2BF8-43B8-8EEE-4B4B7CF498AB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{68D823B4-72B7-46E8-98F3-D50BE1E420D5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{977EF50E-B9BC-4A0C-A660-5791B4D8E79C}C:\kav\kav7.0\english\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav7.0\english\setup.exe |
"UDP Query User{A134F8B6-80E8-4109-A489-1DD33FD432D1}C:\program files\yahoo!\messenger\yserver.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"UDP Query User{CF1E0EC6-3353-42FF-873A-10F03D6F29FA}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{333210DA-4E7F-402A-ABBF-41D70CF00503}" = Presto! MaxReader 4.5 LE
"{3361D415-BA35-4143-B301-661991BA6219}" = MyEpson Portal
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8225BAEB-4C64-4881-8229-E5BBCD076E37}" = QuickSolutions
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959B7040-8448-4705-B951-BDB603CF69A0}_is1" = PDF Converter 2.0
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"EPSON TX110 Series" = EPSON TX110 Series Printer Uninstall
"FileZilla Client" = FileZilla Client 3.2.2.1
"FTP Commander" = FTP Commander
"Good Keywords v3_is1" = Good Keywords v3 072809
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyEpson Portal" = MyEpson Portal
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Traffic Travis_is1" = Traffic Travis 3.1.0
"uTorrent" = µTorrent
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2009 3:41:49 AM | Computer Name = Raquel | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.0.3526 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 664 Start Time: 01ca529f3a911248 Termination Time: 710

Error - 10/24/2009 11:59:05 PM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 12:12:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 12:59:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 1:12:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 1:59:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 2:12:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 2:59:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 3:12:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

Error - 10/25/2009 3:59:05 AM | Computer Name = Raquel | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 3/27/2008 5:36:20 AM | Computer Name = Raquel | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29011
seconds with 4020 seconds of active time. This session ended with a crash.

Error - 5/30/2008 2:29:37 PM | Computer Name = Raquel | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 59579
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/24/2010 1:02:12 AM | Computer Name = Raquel | Source = TPM | ID = 393228
Description = The device driver for the Trusted Platform Module (TPM) encountered
an error in the TPM hardware, which might prevent some applications using TPM services
from operating correctly. Please restart your computer to reset the TPM hardware.
For further assistance on this hardware issue, please contact the computer manufacturer
for more information.

Error - 4/24/2010 3:52:12 AM | Computer Name = Raquel | Source = TPM | ID = 393228
Description = The device driver for the Trusted Platform Module (TPM) encountered
an error in the TPM hardware, which might prevent some applications using TPM services
from operating correctly. Please restart your computer to reset the TPM hardware.
For further assistance on this hardware issue, please contact the computer manufacturer
for more information.

Error - 4/24/2010 5:08:07 AM | Computer Name = Raquel | Source = Service Control Manager | ID = 7000
Description =

Error - 4/24/2010 6:10:56 AM | Computer Name = Raquel | Source = DCOM | ID = 10010
Description =

Error - 4/24/2010 12:54:09 PM | Computer Name = Raquel | Source = TPM | ID = 393228
Description = The device driver for the Trusted Platform Module (TPM) encountered
an error in the TPM hardware, which might prevent some applications using TPM services
from operating correctly. Please restart your computer to reset the TPM hardware.
For further assistance on this hardware issue, please contact the computer manufacturer
for more information.

Error - 4/24/2010 8:17:30 PM | Computer Name = Raquel | Source = TPM | ID = 393228
Description = The device driver for the Trusted Platform Module (TPM) encountered
an error in the TPM hardware, which might prevent some applications using TPM services
from operating correctly. Please restart your computer to reset the TPM hardware.
For further assistance on this hardware issue, please contact the computer manufacturer
for more information.

Error - 4/25/2010 12:33:37 AM | Computer Name = Raquel | Source = DCOM | ID = 10010
Description =

Error - 4/25/2010 12:33:58 AM | Computer Name = Raquel | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0019D23673C2. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 4/25/2010 6:16:41 AM | Computer Name = Raquel | Source = TPM | ID = 393228
Description = The device driver for the Trusted Platform Module (TPM) encountered
an error in the TPM hardware, which might prevent some applications using TPM services
from operating correctly. Please restart your computer to reset the TPM hardware.
For further assistance on this hardware issue, please contact the computer manufacturer
for more information.

Error - 4/25/2010 9:06:03 AM | Computer Name = Raquel | Source = DCOM | ID = 10010
Description =


< End of report >

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sun Apr 25, 2010 10:02 pm

OTL.txt PART1

OTL logfile created on: 4/25/2010 9:37:09 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Daiichi Jitsugyo Inc\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.78 Gb Total Space | 28.16 Gb Free Space | 32.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 946.69 Mb Total Space | 163.42 Mb Free Space | 17.26% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAQUEL
Current User Name: Daiichi Jitsugyo Inc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/23 11:47:52 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Daiichi Jitsugyo Inc\Downloads\OTL.exe
PRC - [2010/04/12 08:01:02 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/03/18 08:27:43 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 18:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/12/04 16:57:02 | 000,644,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\MyEpson Portal\mepService.exe
PRC - [2009/12/04 16:56:54 | 000,738,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\MyEpson Portal\mep.exe
PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 14:27:43 | 000,950,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/04 09:11:25 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/30 17:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2006/12/03 04:14:58 | 000,425,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2006/12/03 04:14:24 | 000,409,264 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2006/11/30 06:03:12 | 000,523,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2006/11/26 00:29:44 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/11/25 18:05:18 | 000,531,264 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2006/11/21 04:15:14 | 000,446,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2006/11/15 09:02:28 | 002,146,304 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/11/14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/11/14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/11 06:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/10 02:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/06 11:36:30 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/11/06 11:19:12 | 000,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/11/01 14:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/10/28 12:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/10/25 06:19:02 | 001,245,184 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\MobilityCenter\ToshibaMobilityCenter.exe
PRC - [2006/09/29 13:08:46 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2006/09/14 07:29:46 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/09/12 08:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/24 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/26 10:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/02/07 15:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/24 15:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (SafeList) ==========

MOD - [2010/04/23 11:47:52 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Daiichi Jitsugyo Inc\Downloads\OTL.exe
MOD - [2009/04/11 14:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/04 16:57:02 | 000,644,480 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\MyEpson Portal\mepService.exe -- (MyEpson Portal Service)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/25 09:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/17 20:06:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/12/03 04:14:58 | 000,425,648 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/25 18:05:18 | 000,531,264 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/01 14:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/09/12 08:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/26 10:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 17:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/03/26 08:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/05/02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/01/19 15:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/04 01:30:24 | 000,013,336 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/02/08 13:46:16 | 000,016,896 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2006/12/12 10:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/12 10:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/21 09:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/09 11:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/06 11:05:24 | 000,039,056 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/11/03 09:41:00 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/02 17:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 17:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 17:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 17:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 17:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 17:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 17:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 17:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 17:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 17:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 17:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 17:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 17:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 17:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 17:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 17:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 17:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 17:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 17:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 17:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 17:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 15:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/30 09:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/10/28 16:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/10/19 03:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/11 11:33:22 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/06 14:13:12 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2006/10/06 08:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/08/31 06:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/08/30 09:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/02 08:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/12 10:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2005/01/07 05:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2001/08/17 21:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.073
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.32
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 12:57:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 13:27:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 17:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2008/03/20 00:28:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/04/24 17:07:30 | 000,000,000 | ---D | M]

[2008/10/15 08:56:17 | 000,000,000 | ---D | M] -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Extensions
[2010/04/25 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions
[2009/12/17 06:28:37 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/09/03 13:18:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/20 07:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/04/14 21:25:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/05 08:11:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/17 06:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/03/05 08:11:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/10/25 06:57:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/12/17 22:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/07/07 16:04:24 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2008/07/02 10:50:02 | 000,000,000 | ---D | M] (SFE) -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\{fea5f6f0-ca68-11da-a94d-0800200c9a66}
[2010/04/12 09:37:17 | 000,000,000 | ---D | M] -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\mozilla\Firefox\Profiles\e69u89gi.default\extensions\toolbar@ask.com
[2010/04/21 20:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 20:45:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/21 20:43:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/03/20 19:04:16 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON TX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} [You must be registered and logged in to see this link.] (VaxSIPUserAgentCAB Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1890c73f-4569-11df-a39a-00037ae4f3cc}\Shell - "" = AutoRun
O33 - MountPoints2\{1890c73f-4569-11df-a39a-00037ae4f3cc}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{e58b14fa-cb79-11de-a3f9-00037ae4f3cc}\Shell\AutoRun\command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{e58b14fa-cb79-11de-a3f9-00037ae4f3cc}\Shell\Open\Command - "" = wscript.exe solution.vbs
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/18 13:42:23 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4DE49763-459F-2E3C-CB94-CB797F99129C} - Internet Explorer
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A4CF2281-07FB-4A2F-C69F-48337ACA8EB4} -
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
OTL cannot create restorepoints on Vista OSs!


Last edited by kelly2010 on Sun Apr 25, 2010 10:04 pm; edited 1 time in total

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sun Apr 25, 2010 10:03 pm

OTL. txt PART2


========== Files/Folders - Created Within 30 Days ==========

[2010/04/23 11:45:07 | 000,000,000 | ---D | C] -- C:\Users\Daiichi Jitsugyo Inc\Tracing
[2010/04/23 11:45:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/04/23 11:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/04/23 11:21:06 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/04/23 11:21:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/23 11:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/04/23 11:18:27 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/04/23 11:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/23 11:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/23 11:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/23 10:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/23 10:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/23 10:01:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/21 20:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/21 20:44:13 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/21 20:44:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/21 20:44:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/21 20:44:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/15 22:10:29 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 22:10:27 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 15:08:23 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 15:08:23 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/15 12:23:24 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/12 08:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/12 08:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/04/12 07:52:07 | 000,000,000 | ---D | C] -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\uTorrent
[2010/04/12 07:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
[2010/04/11 22:21:41 | 000,000,000 | ---D | C] -- C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Western_Digital
[2010/04/11 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\Western Digital
[2010/04/11 22:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010/04/11 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/04/11 22:01:03 | 000,000,000 | ---D | C] -- C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Western Digital
[2010/04/06 10:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/03 06:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/03/31 11:20:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 11:20:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 11:20:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 11:20:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 11:20:01 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 11:19:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 11:19:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 11:19:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 11:19:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 11:19:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 11:19:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 11:19:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 11:19:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 11:19:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 11:19:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files - Modified Within 30 Days ==========

[2010/04/25 21:41:04 | 002,883,584 | -HS- | M] () -- C:\Users\Daiichi Jitsugyo Inc\ntuser.dat
[2010/04/25 21:40:54 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C4B65F94-ED79-4343-B595-941A6EBDBA93}.job
[2010/04/25 21:36:29 | 000,000,543 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\Desktop\OTL - Shortcut.lnk
[2010/04/25 21:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 21:18:00 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304721785-2956669800-3676259420-1000UA.job
[2010/04/25 21:06:05 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/25 21:06:05 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/25 21:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/25 12:45:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 08:16:48 | 004,014,872 | -H-- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Local\IconCache.db
[2010/04/24 22:18:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304721785-2956669800-3676259420-1000Core.job
[2010/04/24 17:07:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/24 17:07:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/24 17:07:07 | 1601,363,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/24 16:53:50 | 000,524,288 | -HS- | M] () -- C:\Users\Daiichi Jitsugyo Inc\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/04/24 16:53:50 | 000,065,536 | -HS- | M] () -- C:\Users\Daiichi Jitsugyo Inc\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/04/23 10:26:19 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/23 10:20:55 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/04/22 09:53:30 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/22 09:53:30 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/22 09:53:30 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/21 20:43:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/21 20:43:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/21 20:43:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/21 20:43:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/21 19:44:02 | 000,002,128 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\Desktop\Google Chrome.lnk
[2010/04/15 06:42:21 | 000,000,680 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Local\d3d9caps.dat
[2010/04/14 19:16:04 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/14 16:12:58 | 000,000,134 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\Desktop\Network and Sharing Center - Shortcut.lnk
[2010/04/12 08:01:03 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/04/11 22:08:43 | 000,001,293 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/04/11 22:08:43 | 000,001,232 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/04/07 07:20:21 | 002,332,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/07 06:43:42 | 000,114,056 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/06 22:47:12 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/04/06 10:10:29 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/04/05 19:35:34 | 000,000,008 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\gmzalr.dat
[2010/04/05 19:35:20 | 000,000,012 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\avdrn.dat

========== Files Created - No Company Name ==========

[2010/04/25 21:36:29 | 000,000,543 | ---- | C] () -- C:\Users\Daiichi Jitsugyo Inc\Desktop\OTL - Shortcut.lnk
[2010/04/23 10:26:19 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/23 10:20:55 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/04/15 06:42:21 | 000,000,680 | ---- | C] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Local\d3d9caps.dat
[2010/04/14 19:16:04 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/14 16:12:58 | 000,000,134 | ---- | C] () -- C:\Users\Daiichi Jitsugyo Inc\Desktop\Network and Sharing Center - Shortcut.lnk
[2010/04/12 08:01:02 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/04/11 22:08:43 | 000,001,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/04/11 22:08:43 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/04/06 10:10:29 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/04/05 19:35:34 | 000,000,008 | ---- | C] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\gmzalr.dat
[2010/03/30 09:42:14 | 000,000,012 | ---- | C] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\avdrn.dat
[2010/01/18 18:12:28 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/06/17 07:10:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/03/22 19:36:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/12/21 08:39:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/21 08:39:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/21 08:39:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/12/21 08:39:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/12/14 00:48:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2006/12/14 00:48:54 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2006/12/14 00:48:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2006/12/14 00:48:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2006/12/14 00:48:54 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2006/12/14 00:48:54 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006/12/14 00:42:07 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/12/13 12:25:33 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2006/12/13 12:25:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2006/12/13 12:25:33 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2006/12/13 12:25:33 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 09:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/11 07:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2005/07/23 13:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 19:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 19:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 14:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 14:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 18:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 18:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 18:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 15:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 14:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 15:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 15:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 15:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 15:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 15:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 15:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 15:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 15:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 15:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 15:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 15:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 15:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 15:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 15:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/08/14 21:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/12/13 11:45:28 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/24 17:07:07 | 1601,363,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/24 17:07:04 | 1915,166,720 | -HS- | M] () -- C:\pagefile.sys
[2008/09/11 08:29:59 | 000,001,588 | ---- | M] () -- C:\photodex-presenter-install.log
[2010/03/20 13:52:03 | 000,000,501 | ---- | M] () -- C:\rkill.log
[2008/03/19 07:29:54 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2010/04/23 10:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/02/17 20:13:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2006/12/13 12:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2010/04/06 13:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Article Submitter
[2010/04/12 08:02:57 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2008/11/10 08:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/03/03 15:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\CamStudio
[2008/12/07 11:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/12/29 16:15:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/03/20 14:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\Chikka Messenger
[2010/01/30 17:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/18 18:46:59 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/01/18 18:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2009/03/17 12:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2008/05/26 15:45:07 | 000,000,000 | ---D | M] -- C:\Program Files\FTP Commander
[2008/05/26 13:36:29 | 000,000,000 | ---D | M] -- C:\Program Files\FTP Commander Pro
[2010/04/14 19:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/20 11:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2009/03/17 12:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\HyperVRE
[2010/01/18 18:38:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/04/01 22:17:54 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/03/12 15:23:53 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/04/21 20:42:42 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/12/13 12:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/04/23 11:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/03/22 19:34:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/04/23 11:21:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/04/06 10:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials
[2010/04/23 10:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/04/23 11:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/23 11:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2008/03/22 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/03/22 15:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/07 00:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/03/22 15:38:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/11 17:31:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/03 13:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/03/22 15:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/03/23 08:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/12/13 12:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\My Company Name
[2008/03/20 00:28:27 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2010/01/18 18:33:55 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2009/03/02 18:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Converter
[2008/03/12 15:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
[2009/10/02 09:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickSolutions
[2000/05/01 14:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 20:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/03/25 13:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2009/11/10 00:36:20 | 000,000,000 | ---D | M] -- C:\Program Files\Softnik Technologies
[2000/05/01 14:14:33 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2009/06/02 10:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Traffic Travis v3
[2006/12/14 00:45:27 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 21:01:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/04/12 08:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/04/11 22:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2009/06/17 07:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/06/17 07:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/06/17 07:40:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/06/17 07:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/04/23 11:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/04/23 11:16:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/04/15 23:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/28 09:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 20:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/06/17 07:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 06:49:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/06/17 07:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/11/11 06:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2010/04/05 19:35:20 | 000,000,012 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\avdrn.dat
[2010/04/05 19:35:34 | 000,000,008 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\gmzalr.dat
[2010/03/20 07:25:09 | 000,000,008 | ---- | M] () -- C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\jasltw.dat


< MD5 for: AGP440.SYS >
[2008/01/19 15:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 15:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 15:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 15:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 17:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 17:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 15:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 15:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 17:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/20 07:37:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/20 07:37:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/20 07:37:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 14:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 14:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 14:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 15:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 15:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 17:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EVENTLOG.DLL >
[2006/11/06 11:36:58 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=A5E4205CE290BFAE9E57F290588E5AA1 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 15:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 15:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 17:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 14:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 14:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 15:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 15:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 15:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 15:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 17:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 14:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 14:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/03/20 07:42:32 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2008/03/20 07:42:32 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2008/03/20 07:42:32 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 13:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 13:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 12:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/11 12:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/11 12:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 16:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-24 01:02:51
< End of report >

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Mon Apr 26, 2010 12:18 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O33 - MountPoints2\{1890c73f-4569-11df-a39a-00037ae4f3cc}\Shell - "" = AutoRun



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Mon Apr 26, 2010 6:22 am

Belahzur,
Thanks for reading and replying on my post.
Here is the result after pasting the commands and clicking the Run Fix


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1890c73f-4569-11df-a39a-00037ae4f3cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1890c73f-4569-11df-a39a-00037ae4f3cc}\ not found.

OTL by OldTimer - Version 3.2.2.0 log created on 04262010_141527

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Mon Apr 26, 2010 9:20 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Tue Apr 27, 2010 12:31 am

Thank.. here is the MBAM logs :


Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4041

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

4/27/2010 8:28:02 AM
mbam-log-2010-04-27 (08-28-02).txt

Scan type: Quick scan
Objects scanned: 106469
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Daiichi Jitsugyo Inc\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Tue Apr 27, 2010 1:18 am

I thought I need to post this ...

After scanning and disinfecting the affected file using MBAM, just a few seconds ago...Microsoft Security Essential pop up an alert that it detected the Trojan JS?redirector.CR again...

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Tue Apr 27, 2010 8:36 pm

Where does MSE detect it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Tue Apr 27, 2010 10:33 pm

[You must be registered and logged in to see this link.] wrote:Where does MSE detect it?

There is no logs here for MSE and the history just listed the virus name and dates no file paths. But I remembered every time MSE will give the alert I will see in the details the path is in C:\Users\Daiichi Jitsugyo Inc\ ..... I cannot recall the exact file/s....but I'm sure it is always on C:\Users\Daiichi Jitsugyo Inc\

thanks

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Wed Apr 28, 2010 12:18 am

Next time it happens, please get the full file path, other than that, this looks good.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Thu Apr 29, 2010 8:08 pm

Thanks....now that I'm waiting for the Traojan:JS.Redirector.CR to comeback because I need to get the exact file path...It failed to show up, almost 3 days now.....I'm still waiting because it happened before, it somehow get tired for a week or so and didn't show up and then suddenly it re-appeared everyday.

Thanks...will post updates again if the problem is totally fixed...for now looks like my laptop is OK....hope...it will not return again..

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Fri Apr 30, 2010 12:19 pm

Hello Belahzur,
It came back a while ago and the path flle is:

C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Mozilla\Firefox\Profiles\e69u89gi.default\Cache\EF962F9Ed01->(SCRIPT0004)->(EmbeddedCode)

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Fri Apr 30, 2010 7:05 pm

Ah, it's just Firefox cache.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

That should do it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sat May 01, 2010 3:52 am

It appeared again a while ago at this same file path after disinfecting by MSE a while ago

file:C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Mozilla\Firefox\Profiles\e69u89gi.default\Cache\EF962F9Ed01->(SCRIPT0004)->(EmbeddedCode)

Please help...thanks,,

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sat May 01, 2010 4:47 am

Belahzur,
Thanks I already did the ATF Cleaning... I'll keep monitoring..
Hope this stubborn trojan will not come back again...

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Sat May 01, 2010 3:01 pm

Hello.
If it returns, delete this folder:

C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Mozilla\Firefox\Profiles\e69u89gi.default\Cache\EF962F9Ed01


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Tue May 04, 2010 12:34 am

Hello,
It happened again at
file:C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Mozilla\Firefox\Profiles\e69u89gi.default\Cache\EF962F9Ed01->(SCRIPT0004)->(EmbeddedCode)

I tried locating the file manually before clicking the recommended action on MSE which is Remove... but I am wondering why I cannot locate the file manually. All I can see at explorer is C:\Users\Daiichi Jitsugyo Inc\ folder and there is no folder AppData\Local\Mozilla\Firefox\Profiles. I tried to do an automatic search and the result is no matches found.

I do not know what to do...but I de-installed my firefox and re-installed it. I do not know if after de-installation all components of firefox were already removed.

Thanks again for your help

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Wed May 05, 2010 5:45 am

I cannot find the file to manually delete it.. the Trojan virus re-appeared. Yesterday I uninstalled firefox and re-installed it. But today the stubborn Trojan/JS Redirector.CR appeared again.

After removing the virus through MSE and while waiting for further instruction here. I uninstalled my MSE and bring back my Windows Defender (updated) and installed Avast as my virus and spyware protection.

I scanned and no threads found. I do not know if the trojan file will return tonight or tomorrow..


thanks.

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Wed May 05, 2010 10:03 pm

Hello.
The AppData folder is hidden, you'll need to unhide it.


  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.

Can you see it now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Wed May 05, 2010 11:19 pm

Yes I saw it now. You said:

If it returns, delete this folder:

C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Mozilla\Firefox\Profiles\e69u89gi.default\Cache\EF962F9Ed01

Did you mean delete the folder or the file? I saw the fie EF962F9Ed01 but there is a little bit changes on .default folder it is now located at C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Mozilla\Firefox\Profiles\qwy5nglw.default\Cache\EF962F9Ed01

I am confused if you want me to delete the file or folder but I deleted the file EF962F9Ed01.

So I verified that it is really deleted and it was deleted but it keeps coming back once I visited a certain site that my antivirus blocks for possible Trojan threats but it seems that to others (verified it with other people) the website is Ok and not a threat alert on their PC.

The file keeps returning back after my manual deletion..

I will explain it further.. I will type a longer explanation. I just send this post right away to answer your question if I saw the files now. Yes I saw it..

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Thu May 06, 2010 1:04 am

I have my own websites hosted by a paid hosting provider. Yesterday my hosting provider emailed me about a weird html files on one of my domains or websites they hosted. They asked me to log on and find the file and delete it and they also asked me to change my password. So I did and they take care of everything since it is their server and they own the hosting. They said that they are upgrading to stronger security since it looks like my account was hacked. So I guess I’m done and my account is Ok and they will take care of everything. (I will refer to this scenario again at the end of my post)

So I went back to this recurring Trojan problem. And since I am waiting for further instruction here and the Trojan keeps coming back, I thought is there something wrong with my MSE? Is this a wrong detection? So I uninstalled my MSE and installed Spybot S&D. I scanned my laptop and no threats found. But Spybot is not automatically integrated to my Security Center and it is alerting me that I need to protect my laptop. I cannot figure out how to integrate Spybot to my Security Center so after scanning and no threats found I uninstalled Spybot

Since I already uninstalled both MSE and Spybot, I bring back my default security which is Windows Defender, updated it and scanned my laptop (full system scan) no threats found. Since Defender is just an antispyware, I downloaded Avast Free as my Antivirus and while using Avast I Found something

While using Avast, it detected again the Trojan horse while I’m doing my usual internet browsing and etc. I am noticing something, the Avast alerts me with possible Trojan threats every time I access my websites hosted by the hosting provider (I mentioned on the 1st paragraph of my post). Avast says I do not have to do something and it detected possible Trojan Horse Threats with its Web-Shield features and then blocks the site and make it offline. I tried several of my sites and the same happened. It is not the same with MSE because at MSE I cannot pinpoint where the threat is coming from it just post an alert and ask me of the action to be done. I’m not even sure with MSE if it is just a detection of the possible Trojan accessing my laptop or if it is already on my laptop. With Avast I know it is just a detection and it will just block the website.

The MSE History looks like this (I cannot post the screen capture and I guess no txt log at MSE as I cannot find it before so I just typed it here)


Detected Item Trojan:JS/Redirect.CR
Alert level Severe
date5/4/2010 8:23PM
Action Taken Removed


With Avast here is the log (I changed the URL of my site to “mywebsite1” and so on)

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Wednesday, May 05, 2010 11:54:11 AM
*

5/5/2010 2:06:59 PM http://mywebsite1/[L] JS:Illredir-AQ [Trj] (0)
5/5/2010 2:21:45 PM http:// mywebsite2/ [L] JS:Illredir-AQ [Trj] (0)
5/5/2010 2:23:25 PM http:// mywebsite3/ [L] JS:Illredir-AQ [Trj] (0)
5/5/2010 2:25:04 PM http:// mywebsite4/ [L] JS:Illredir-AQ [Trj] (0)
5/5/2010 3:11:02 PM http:// mywebsite5/ [L] JS:Illredir-AQ [Trj] (0)
5/5/2010 3:11:33 PM http:// mywebsite6/ [L] JS:Illredir-AQ [Trj] (0)
5/5/2010 3:11:46 PM http:// mywebsite7/ [L] JS:Illredir-AQ [Trj] (0)
5/5/2010 3:11:56 PM http:// mywebsite8/ [L] JS:Illredir-AQ [Trj] (0)
* avast! Real-time Shield Scan Report
* This file is generated automatically


I suppose that Trojan:JS/Redirector.CR found at MSE before and that JS:Illredir-AQ [Trj] found at Avast is the same?

I emailed my hosting provider and talked to the owner about my problem but he told me that what I am encountering is not a server problem and not connected with the problem they encountered with one of my domains (the scenario on the 1st paragraph of my post). He said that if the server is infected his websites and the other customers will be affected too. He tested his websites and my websites on his laptops and other PCs on his office and all loaded without problems and no virus alerts. He said they might be something or conflicts with all the virus protection I’ve downloaded or something on my laptop. Their virus protection as he said is very strong and usually business like them invest on very strong protection and will not be infected that easy.

Is it possible? That there are conflicts on my virus protection? That is why all of these things are happening? As far as I can remember these things started happening when I was infected by Vista 2010 Security virus that took over my Security Center but it was removed by Malwarebyte and my Security Center went back to normal.. then after a few weeks or so this Trojan happened and I hop from one antivirus to another because it keeps re-appearing. From Kaspersky to MSE back to defender and to Avast.

Another thing about the file I deleted manually
C:\Users\Daiichi Jitsugyo Inc\AppData\Local\Mozilla\Firefox\Profiles\qwy5nglw.default\Cache\EF962F9Ed01

I deleted the file EF962F9Ed01 but each time I access my website and have the Avast alert the file will come back on the same location

I really do not know what is happening and what to do
Thanks for your patience.

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Thu May 06, 2010 9:30 pm

Hello.
It's possible your website has been hacked.

Do you chmod your files so they can be read but not changed? check the security on your .htaccess too, that's how a lot of hackers gain access.

See here:
[You must be registered and logged in to see this link.]

Not exactly the same problem, but give it a read and make sure your site is secure.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Thu May 06, 2010 11:14 pm

Hello,
After posting my last post yesterday, I found something that kept me busy for a couple of hours that led to the solution to my problem. I need to post again a kinda long story just an FYI to others who are having the same problem.

I am wondering if my antivirus is over reacting or something because my hosting provider dismissed the idea that the server might be infected by Trojan Horse as he told my websites are loading fine with his and it might be a conflict of all the antiviruses I use. But I tested my websites on other PC here at home with MSE as antivirus and still has trojan alert. I want to make sure it is not my laptop and not the antivirus I am using. I asked a friend online to view my websites and she also got virus alerts, but she also has the same antivirus which is Avast. So I asked my brother to rent PCs on a net cafe and test my websites there, they have Macafee as antivirus and it also gave Trojan:JS/Redirector.CR...So Bingooo....It is not my laptop not my Antivirus. The problem is not sitting on my laptop. I have no virus... Avast just alerts me with possible virus to be downloaded by my websites every time I loaded it with my web browser.

Though my hosting provider told me that it is impossible that there is a trojan virus on the server, I am still wary about their email about one of my domains and we found 4 files there that I didn't create. It was a proof I was hacked and though they said it is not connected with my Trojan problem I am still suspicious as I cannot find anything on my laptop. Thanks to Avast (Avast Web Shield because on other antivirus they detected the virus already on firefox cache and just record the file path but not the source website, at Avast it blocks the site and you will automatically notice that it is coming from one type of websites, in this case on all websites I own. With other anti virus I cannot figure it out)..To continue with my story. I am still suspicious so I continued reading ( I emailed my provider but till now no answer, I do not know why or they just will not accept I am hacked? Maybe because my websites and account are the only one affected and no clients are complaining).

So I have to do the investigation on my own and so i read and read and I read somewhere on the web about S:Illredir-[Trj] which is also a Trojan:JS/Redirect.CR. I read about someone who owns a hosting, although in her case all her websites are infected and her clients are all suffering from virus problem I still take her advice on the article. She said there are suspicious scripts after /html when she viewed "View Page Source" on all of her websites and she posted the screen capture of the scripts how it looks like. SO there I GOT AN IDEA...I view the Page source of one of my websites and although I saw an entirely different script, I am sure I didn't put it there.. I wish I can post screen capture here..

So there it is..I checked all my websites and they all have the same suspicious scripts after /html . Haven't I read that article I will not know and will not view the page source because looking at my websites I see nothing suspicious on the appearance and no changes on the links. I access my FTP deleted all index.htm of ALL my websites and transfer the original index.hml from my laptop to the server. Tested my websites and NO VIRUS ALERTS now...It happened before that I experience no virus alert for a day or two but I know this time the problem is already fixed

Belahzur THANK YOU for keeping me company with this problem that is bugging me for more than a month. I learned so much from you and I am thankful to find this forum... really have lots of information here, I will surely come back every now and then to read and learn. As obviously I am not qualified to give advice but I hope my problem and story can help others too. I expected something from my hosting provider but then again I guess they are very busy keeping a business (I understand), but that emailed they sent me started to give me suspicions and of course Avast gave detailed warnings than others.

THANK you very much
Thank You!

But I haven't checked the .htaccess I will read the link you provided and will check what I need to check to prevent things like this in the future .. An no I do not know about chmod the files...Any infos on how to do it? I think I need to do it. thanks again

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by Belahzur on Fri May 07, 2010 10:53 pm

Best advice I can give is Google it, because chmod can different for every person sometimes depending what your chmoding on the [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help regarding recurring Trojan:JS/Redirector.CR

Post by kelly2010 on Sat May 08, 2010 12:32 am

I already found it yesterday and checked my chmod setting which is at 755 and this is the secured setting as they say but I still wonder why I was hacked. My hosting provider is not answering my email but I just emailed them as an FYI.. Anyway I just made other security measures and move on but who knows if it is 100% foolproof..that's life.. make strong passwords and although I already deleted and uploaded all index files I deleted all files reload all from back ups to make sure to eliminate if there are other files altered that I didn't notice..

Thanks again and wonderful community here.

kelly2010
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-23
Gender Gender : Female
OS OS : Windows Vista Business
Points Points : 24453
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum