Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Firefox exploited by Sedoparking

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Firefox exploited by Sedoparking

Unread postby fabrizio » October 6th, 2009, 5:49 pm

Hello,

I'm using Firefox 3.5.3. A couple of days ago I tried to access a (trusted) site I often read and I found me diverted to Sedoparking.com, that seems to be a rotten source of all kinds of malware. From then on, every time I try to access the trusted site I find myself on Sedoparking, both if I use my usual bookmark or I type the correct URL in the navigation bar.

Other browsers (Chrome, Explorer) bring me to the correct site, that I've been confirmed has always been working regularly.

I tried to deactivate Java scripts, to reinstall Firefox, to bring my computer to a previous system halt, but to no avail. My NOD32 antivirus doesn't find anything wrong. I made a scan with SuperAntiSpyware Free Edition, with no success.

I'm stuck, I don't know how to solve the problem.

The Hijackthis log follows.

Thanks for any possible help.

Fabrizio

-------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.15.24, on 06/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\DESKonTOP\DESKonTOP.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Launchy\Launchy.exe
C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\DeskPins\DeskPins.exe
C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\stickies\stickies.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
F:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\FireTrust\MailWasher Pro\MailWasher.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Programmi\Afreet\IonoProbe\IonoProbe.exe
C:\Internet\Eudora\Eudora.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Disattivazione del cookie per la pubblicità - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programmi\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Programmi\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DESKonTOP] C:\Programmi\DESKonTOP\DESKonTOP.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O4 - Startup: DeskPins.lnk = C:\Programmi\DeskPins\DeskPins.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Stickies.lnk = C:\Programmi\stickies\stickies.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98a38d3f2afce) (gupdate1c98a38d3f2afce) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - F:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11439 bytes
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top
Advertisement
Register to Remove

Re: Firefox exploited by Sedoparking

Unread postby MWR 3 day Mod » October 9th, 2009, 6:53 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am
Top

Re: Firefox exploited by Sedoparking

Unread postby peku006 » October 11th, 2009, 1:54 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Top

Re: Firefox exploited by Sedoparking

Unread postby fabrizio » October 11th, 2009, 2:54 pm

Hello Peku006,

thank you for your assistance. Here are the two required files in two separate messages, due to maximum characters number limit.

Fabrizio



\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\



OTL logfile created on: 11/10/2009 20.36.55 - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,50 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 33,93% Memory free
2,11 Gb Paging File | 1,25 Gb Available in Paging File | 59,15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 57,26 Gb Total Space | 4,86 Gb Free Space | 8,49% Space Free | Partition Type: NTFS
Drive D: | 2,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 301,16 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALFA
Current User Name: Fabrizio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Internet\Eudora\Eudora.exe (QUALCOMM Incorporated)
PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programmi\Afreet\IonoProbe\IonoProbe.exe (Afreet Software, Inc.)
PRC - C:\Programmi\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\Programmi\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\Programmi\DESKonTOP\DESKonTOP.exe (Shuric Com.)
PRC - C:\Programmi\DeskPins\DeskPins.exe (Elias Fotinis)
PRC - C:\Programmi\Eset\nod32krn.exe (Eset )
PRC - C:\Programmi\Eset\nod32kui.exe (Eset )
PRC - C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programmi\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
PRC - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programmi\Google\Google Updater\GoogleUpdater.exe (Google)
PRC - C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programmi\Launchy\Launchy.exe ()
PRC - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programmi\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmi\MRP40v60\MRP40v60.exe ()
PRC - C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\stickies\stickies.exe (Zhorn Software)
PRC - C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\Programmi\TextPad 4\TextPad.exe (Helios Software Solutions)
PRC - C:\Programmi\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe (WareCentral.com)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\ntvdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - F:\Programmi\CDBurnerXP\NMSAccessU.exe ()

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Stopped]) -- File not found
SRV - (AcrSch2Svc [Auto | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus(R) Helper [On_Demand | Stopped]) -- C:\Programmi\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate1c98a38d3f2afce [Auto | Stopped]) -- C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Running]) -- C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- File not found
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programmi\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMSAccessU [Auto | Running]) -- F:\Programmi\CDBurnerXP\NMSAccessU.exe ()
SRV - (NOD32krn [Auto | Running]) -- C:\Programmi\Eset\nod32krn.exe (Eset )
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AMON [Auto | Running]) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (ATRUM4AS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ATRUM4AS.sys (Atmel Germany GmbH)
DRV - (ATRUM4CC [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ATRUM4CC.sys (Atmel Germany GmbH)
DRV - (com0com [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\com0com.sys (Vyacheslav Frolov)
DRV - (CyUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\CyUsb.sys (Cypress Semiconductor)
DRV - (es1371 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (EterlogicVirtualSerialDriver [System | Running]) -- C:\WINDOWS\System32\drivers\VSPE.sys (Eterlogic Software)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nod32drv [System | Running]) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Point32 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Programmi\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (truecrypt [System | Running]) -- C:\WINDOWS\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys (Nokia)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys (Nokia)
DRV - (vCOM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vCOM.sys (N8VB vCOM)
DRV - (XRNBO [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\XRNBO.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1715567821-179605362-839522115-1003\S-1-5-21-1715567821-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.5.20090919
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.50
FF - prefs.js..extensions.enabledItems: bandwidthmeter@gotomyhelp.com:1.2.5
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
FF - prefs.js..extensions.enabledItems: optout@google.com:1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.5
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: ProxySwitch@MM3Tools.com:2009.60
FF - prefs.js..extensions.enabledItems: {8E722C16-301F-43d7-A17D-3882AC67FAA5}:0.73.17
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.07
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:0.9947
FF - prefs.js..extensions.enabledItems: tabsopenrelative@jomel.me.uk:0.4
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:2.0
FF - prefs.js..extensions.enabledItems: {D5EDC062-A372-4936-B782-BD611DD18D86}:3.1.0.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.MM3ProxySwitch.type: 1
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 4001
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 4001
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 4001
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 4001
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1:8080"
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 14.12.50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programmi\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/13 14.32.30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2008/12/09 14.32.47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/10/05 00.55.29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/10/05 00.55.27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: F:\Programmi\Mozilla Thunderbird\components [2009/07/26 21.13.43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: F:\Programmi\Mozilla Thunderbird\plugins

[2008/06/17 23.05.10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Extensions
[2008/06/17 23.05.10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/15 17.02.25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/03/15 17.09.15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/03/15 17.09.15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/03/15 17.09.15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b}
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c}
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009/03/15 17.09.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2009/10/11 14.20.03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions
[2008/12/27 22.28.00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}
[2008/12/27 22.27.41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}(2)
[2008/04/09 23.51.45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}(2)
[2009/09/03 12.36.45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/15 17.09.17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009/05/28 09.34.57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/12/27 22.27.41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2009/04/13 09.36.29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(3)
[2009/04/21 08.26.47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(4)
[2009/07/27 22.45.55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/06/22 08.30.26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/10/07 00.37.57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/04/09 23.51.40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/04/13 09.35.19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/07/17 21.55.41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{8E722C16-301F-43d7-A17D-3882AC67FAA5}
[2009/09/23 13.21.15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/04/13 09.36.15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2009/04/21 08.26.49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(3)
[2009/10/10 13.28.47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/13 09.35.33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2009/06/27 08.27.47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2009/07/26 19.37.11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/04/09 23.51.44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2009/05/02 09.40.01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/12/27 22.28.26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}(2)
[2009/03/15 17.09.17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}(3)
[2009/08/11 19.25.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2009/09/21 09.07.46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/03/15 19.18.38 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2008/12/27 22.28.01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2008/12/27 22.28.01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}(2)
[2009/09/20 09.01.08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\abhere2@moztw.org
[2008/11/14 00.10.38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\bandwidthmeter@gotomyhelp.com
[2009/04/13 09.35.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\closeforget@addons.mozilla(2).org
[2009/04/21 08.26.50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\closeforget@addons.mozilla(3).org
[2009/04/13 09.36.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\ctrl-tab@design-noir(2).de
[2009/02/25 00.52.39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/04/13 09.35.18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\externalip@erik(2).morlin
[2009/04/21 08.26.50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\externalip@erik(3).morlin
[2009/08/01 18.27.22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\externalip@erik.morlin
[2009/04/13 09.35.26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\foxmarks@kei(2).com
[2009/04/21 08.26.48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\foxmarks@kei(3).com
[2009/08/14 08.00.49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\foxmarks@kei.com
[2008/12/27 22.27.31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\foxyproxy@eric.h(2).jung
[2008/12/27 22.27.33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\foxyproxy@eric.h.jung
[2009/07/26 19.37.09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\isreaditlater@ideashower.com
[2009/02/25 00.52.40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2009/08/01 18.27.22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\optout@dubfire.net
[2009/07/10 22.37.11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\optout@google.com
[2008/12/27 22.27.44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\piclens@cooliris(2).com
[2009/07/08 22.49.13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\piclens@cooliris.com
[2009/02/25 00.52.52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\ProxySwitch@MM3Tools(2).com
[2009/03/15 19.30.41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\ProxySwitch@MM3Tools.com
[2009/04/20 23.52.53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\staged-xpis(2)
[2009/04/13 09.30.57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\StreamingPlugin@conviva(2).com
[2009/04/13 09.35.19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\taboo@runningfrombears.com
[2009/05/06 13.39.34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\mozilla\Firefox\Profiles\tv8qs9zh.default\extensions\tabsopenrelative@jomel.me.uk
[2009/07/11 23.57.49 | 00,002,172 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\bing.xml
[2009/03/15 16.02.02 | 00,000,853 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\delicious-tag.xml
[2009/07/12 00.01.04 | 00,000,939 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\dictionary.xml
[2009/07/12 00.02.16 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\eccellio-science.xml
[2009/07/12 00.02.44 | 00,001,907 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\flickr-tags.xml
[2009/07/12 00.03.32 | 00,004,868 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\google-images.xml
[2009/07/12 00.03.10 | 00,002,443 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\google-scholar.xml
[2009/07/19 13.09.18 | 00,002,653 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\kickasstorrents.xml
[2009/07/11 23.59.17 | 00,001,626 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\mozilla-add-ons.xml
[2009/07/12 00.06.46 | 00,001,558 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\scroogle-ssl-search.xml
[2007/07/30 23.16.16 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\siteadvisor.xml
[2009/07/12 00.07.44 | 00,002,033 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\the-dxzonecom.xml
[2009/07/12 00.08.19 | 00,001,686 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\thepiratebayorg.xml
[2009/07/12 00.09.09 | 00,001,599 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\translate---referencecom.xml
[2009/07/12 00.09.36 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\ultradxcom.xml
[2008/06/25 22.34.58 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\wikipedia-en.xml
[2009/10/05 14.04.50 | 00,002,218 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Mozilla\FireFox\Profiles\tv8qs9zh.default\searchplugins\wolfram-alpha.xml
[2009/10/11 14.20.03 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions
[2009/10/05 00.55.27 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/15 19.13.53 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/05/09 13.59.47 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/18 15.31.17 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/09 14.19.50 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/09 16.45.46 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/09 22.39.22 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/09 14.33.24 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/19 22.21.16 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/08 00.01.45 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/24 22.20.53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 22.20.53 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\brwsrcmp.dll
[2008/09/22 00.27.21 | 00,122,880 | ---- | M] (Google) -- C:\Programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/07/25 05.23.01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeploytk.dll
[2007/12/19 14.57.38 | 00,310,272 | ---- | M] () -- C:\Programmi\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/08/24 22.20.53 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programmi\mozilla firefox\plugins\npnul32.dll
[2003/07/15 07.56.52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\NPOFFICE.DLL
[2007/03/05 13.59.06 | 00,645,504 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\npOGAPlugin.dll
[2009/02/27 12.13.42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\mozilla firefox\plugins\nppdf32.dll
[2007/01/10 00.25.42 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\mozilla firefox\plugins\nppl3260.dll
[2009/01/01 13.40.01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin.dll
[2009/01/01 13.40.01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/01 13.40.01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/01 13.40.02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/01 13.40.02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/01 13.40.02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/01 13.40.02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Programmi\mozilla firefox\plugins\npqtplugin7.dll
[2007/01/10 00.26.18 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\mozilla firefox\plugins\nprjplug.dll
[2007/01/10 00.25.29 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\mozilla firefox\plugins\nprpjplug.dll
[2009/09/03 11.53.00 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Programmi\mozilla firefox\plugins\np_gp.dll
[2009/08/24 21.02.19 | 00,001,534 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 21.02.19 | 00,001,412 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\demauro.xml
[2009/08/24 21.02.19 | 00,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2009/08/24 21.02.19 | 00,002,371 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\google.xml
[2009/08/24 21.02.19 | 00,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2009/08/24 21.02.19 | 00,000,649 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: (804 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Disattivazione del cookie per la pubblicità) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programmi\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1715567821-179605362-839522115-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1715567821-179605362-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DESKonTOP] C:\Programmi\DESKonTOP\DESKonTOP.exe (Shuric Com.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] C:\Programmi\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelliPoint] C:\Programmi\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1715567821-179605362-839522115-1003..\Run: [AdobeUpdater6] C:\Programmi\File comuni\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1715567821-179605362-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKU\S-1-5-21-1715567821-179605362-839522115-1003..\Run: [Google Update] C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1715567821-179605362-839522115-1003..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1715567821-179605362-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1715567821-179605362-839522115-1003..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1715567821-179605362-839522115-1003..\Run: [Taskbar Shuffle] C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKLM..\RunOnce: [EraserRestartErase (1)] C:\WINDOWS\System32\Eraserl.exe (-)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Launchy.lnk = C:\Programmi\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PrintKey-Pro.lnk = C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe (WareCentral.com)
O4 - Startup: C:\Documents and Settings\Fabrizio\Menu Avvio\Programmi\Esecuzione automatica\BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - Startup: C:\Documents and Settings\Fabrizio\Menu Avvio\Programmi\Esecuzione automatica\DeskPins.lnk = C:\Programmi\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Documents and Settings\Fabrizio\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Fabrizio\Menu Avvio\Programmi\Esecuzione automatica\Stickies.lnk = C:\Programmi\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1715567821-179605362-839522115-1003\..Trusted Domains: zazzle.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-179605362-839522115-1003\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/ ... arth3D.cab (SentinelVE3D Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 151.99.125.1 151.99.0.100
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programmi\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll - c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Internet\Eudora\EuShlExt.dll (Qualcomm Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/29 23.13.16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/27 20.52.39 | 02,016,668 | ---- | M] () - C:\AutoHotkey104705_Install.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/08 00.16.00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2009/10/06 00.06.17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
[2009/10/08 00.16.08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\Malwarebytes
[2009/10/06 00.06.01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fabrizio\Dati applicazioni\SUPERAntiSpyware.com
[2009/10/06 00.05.37 | 00,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2009/10/08 00.15.59 | 00,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2009/10/11 19.08.59 | 00,000,000 | ---D | C] -- C:\Programmi\MRP40v60
[2009/10/06 00.06.01 | 00,000,000 | ---D | C] -- C:\Programmi\SUPERAntiSpyware
[2009/10/06 00.01.04 | 00,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2009/10/11 18.22.11 | 00,000,000 | ---D | C] -- C:\Programmi\TRUETTY
File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2009/10/11 20.35.01 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2009/10/08 00.16.02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/08 00.16.00 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/08 00.01.42 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/08 00.01.42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/08 00.01.42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/07 00.19.51 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Fabrizio\Desktop\setup-spybotsd162.exe
[2009/10/06 22.28.33 | 00,000,000 | ---D | C] -- C:\rsit
[2009/10/06 13.21.59 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/06 13.21.36 | 00,119,808 | ---- | C] (Atribune.org) -- C:\VundoFix.exe
[2009/10/06 00.00.51 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2009/10/04 21.24.05 | 07,888,848 | ---- | C] (Mozilla) -- C:\Firefox Setup 3.5.3.exe
[2009/10/04 17.57.40 | 00,516,424 | ---- | C] (UltraDefrag Development Team) -- C:\ultradefrag-3.2.0.bin.i386.exe
[2009/09/25 14.05.54 | 03,211,616 | ---- | C] (Ghisler Software GmbH) -- C:\tcmd750a.exe
[2009/09/19 23.33.32 | 09,631,536 | ---- | C] (FireTrust Limited ) -- C:\MailWasherPro_653_Setup.exe

========== Files - Modified Within 30 Days ==========

[16 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2009/10/11 20.35.30 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2009/10/11 20.32.00 | 00,001,252 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-179605362-839522115-1003UA.job
[2009/10/11 20.02.00 | 00,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/11 19.15.30 | 00,000,041 | ---- | M] () -- C:\WINDOWS\System32\1255281330.(null)
[2009/10/11 19.10.10 | 00,009,719 | ---- | M] () -- C:\WINDOWS\MRP40V60.LIC
[2009/10/11 19.10.10 | 00,000,071 | ---- | M] () -- C:\WINDOWS\netctrl.ini
[2009/10/11 19.09.28 | 00,000,686 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Desktop\MRP4060.lnk
[2009/10/11 18.49.12 | 00,000,204 | ---- | M] () -- C:\WINDOWS\PTTXYDRV.INI
[2009/10/11 18.49.06 | 00,000,068 | ---- | M] () -- C:\WINDOWS\LOGINPUT.INI
[2009/10/11 18.06.52 | 00,073,382 | -H-- | M] () -- C:\treeinfo.wc
[2009/10/11 16.19.38 | 00,016,500 | ---- | M] () -- C:\WINDOWS\System32\drivers\B1D4FA3B.bin
[2009/10/11 15.57.05 | 00,000,213 | ---- | M] () -- C:\WINDOWS\PCWGXDRV.INI
[2009/10/11 15.00.06 | 00,081,781 | ---- | M] () -- C:\Risultati - FEBE 2009 10-11 15.00.06.html
[2009/10/11 15.00.06 | 00,067,724 | ---- | M] () -- C:\GooglePreview{3.4}.xpi
[2009/10/11 15.00.05 | 00,462,660 | ---- | M] () -- C:\DownloadStatusbar{0.9.6.5}.xpi
[2009/10/11 15.00.05 | 00,299,395 | ---- | M] () -- C:\WizzRSSNewsReader{3.1.0.4}.xpi
[2009/10/11 15.00.05 | 00,057,678 | ---- | M] () -- C:\AdobeDLMpoweredbygetPlusR{16244}.xpi
[2009/10/11 14.59.59 | 00,239,088 | ---- | M] () -- C:\CoolPreviews{2.7.6.0623}.xpi
[2009/10/11 14.59.58 | 00,553,121 | ---- | M] () -- C:\DownloadHelper{4.6.4}.xpi
[2009/10/11 14.59.58 | 00,031,495 | ---- | M] () -- C:\Answers{2.3.50}.xpi
[2009/10/11 14.59.57 | 00,743,730 | ---- | M] () -- C:\WOT{20090918}.xpi
[2009/10/11 14.59.57 | 00,444,648 | ---- | M] () -- C:\NoScript{1.9.9.07}.xpi
[2009/10/11 14.59.57 | 00,091,839 | ---- | M] () -- C:\N0HRPropfire{0.73.17}.xpi
[2009/10/11 14.59.56 | 00,338,219 | ---- | M] () -- C:\ChatZilla{0.9.85}.xpi
[2009/10/11 14.59.55 | 00,956,189 | ---- | M] () -- C:\FEBE{6.2}.xpi
[2009/10/11 14.59.55 | 00,135,439 | ---- | M] () -- C:\PDFDownload{2.2.0.2}.xpi
[2009/10/11 14.59.55 | 00,019,086 | ---- | M] () -- C:\Microsoft.NETFrameworkAssistant{1.1}.xpi
[2009/10/11 14.59.54 | 03,019,021 | ---- | M] () -- C:\Cooliris{1.11.1}.xpi
[2009/10/11 14.59.54 | 00,035,185 | ---- | M] () -- C:\MM3-ProxySwitch{2009.60}.xpi
[2009/10/11 14.59.54 | 00,007,109 | ---- | M] () -- C:\TabsOpenRelative{0.4}.xpi
[2009/10/11 14.59.51 | 00,771,980 | ---- | M] () -- C:\Xmarks{3.3.2}.xpi
[2009/10/11 14.59.51 | 00,284,901 | ---- | M] () -- C:\ReaditLater{0.9947}.xpi
[2009/10/11 14.59.51 | 00,008,277 | ---- | M] () -- C:\AdvertisingCookieOpt-out{1.1}.xpi
[2009/10/11 14.59.51 | 00,007,604 | ---- | M] () -- C:\TargetedAdvertisingCookieOpt-OutTACO{2.0}.xpi
[2009/10/11 14.59.41 | 00,035,887 | ---- | M] () -- C:\AddBookmarkHere{3.5.20090919}.xpi
[2009/10/11 14.59.41 | 00,013,799 | ---- | M] () -- C:\BandwidthMeterandDiagnostics{1.2.5}.xpi
[2009/10/11 14.59.41 | 00,006,673 | ---- | M] () -- C:\externalIP{0.9.9.5}.xpi
[2009/10/11 13.32.00 | 00,001,200 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-179605362-839522115-1003Core.job
[2009/10/11 13.02.00 | 00,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/11 12.59.29 | 00,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/11 12.59.26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/11 12.59.23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/11 12.59.21 | 16,101,45792 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/09 13.20.14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/07 02.32.45 | 00,002,395 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Desktop\Google Chrome.lnk
[2009/10/07 00.21.53 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Desktop\Spybot - Search & Destroy.lnk
[2009/10/07 00.20.42 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Fabrizio\Desktop\setup-spybotsd162.exe
[2009/10/06 22.28.10 | 00,781,909 | ---- | M] () -- C:\RSIT.exe
[2009/10/06 13.21.40 | 00,119,808 | ---- | M] (Atribune.org) -- C:\VundoFix.exe
[2009/10/06 00.06.07 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/06 00.05.07 | 07,174,176 | ---- | M] () -- C:\SUPERAntiSpyware.exe
[2009/10/06 00.01.07 | 00,001,730 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Desktop\HijackThis.lnk
[2009/10/06 00.00.52 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2009/10/05 22.30.00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/05 00.55.35 | 00,001,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/04 21.24.14 | 07,888,848 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.5.3.exe
[2009/10/04 17.57.52 | 00,516,424 | ---- | M] (UltraDefrag Development Team) -- C:\ultradefrag-3.2.0.bin.i386.exe
[2009/10/04 15.42.45 | 01,930,483 | ---- | M] () -- C:\transmute161setup.zip
[2009/10/03 15.24.31 | 00,000,398 | ---- | M] () -- C:\WINDOWS\crackpdf.INI
[2009/09/25 14.06.08 | 03,211,616 | ---- | M] (Ghisler Software GmbH) -- C:\tcmd750a.exe
[2009/09/20 13.09.03 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/20 09.24.36 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/20 00.07.33 | 00,000,854 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Desktop\MailWasher Pro.lnk
[2009/09/19 23.34.07 | 09,631,536 | ---- | M] (FireTrust Limited ) -- C:\MailWasherPro_653_Setup.exe
[2009/09/19 01.08.33 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\Fabrizio\Documenti\Corso scrittura.doc
[2009/09/15 23.25.52 | 11,676,2476 | ---- | M] () -- C:\w-code_6700.zip
[2009/09/15 23.25.35 | 00,044,965 | ---- | M] () -- C:\toothbrushporn1.jpg
[2009/09/14 23.52.31 | 00,219,196 | ---- | M] () -- C:\Albo Odontoiatri 7 agosto.pdf

========== Files - No Company Name ==========
[2009/10/11 19.15.30 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\1255281330.(null)
[2009/10/11 19.10.10 | 00,022,528 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2009/10/11 19.10.09 | 00,009,719 | ---- | C] () -- C:\WINDOWS\MRP40V60.LIC
[2009/10/11 19.10.09 | 00,000,071 | ---- | C] () -- C:\WINDOWS\netctrl.ini
[2009/10/11 19.09.28 | 00,000,686 | ---- | C] () -- C:\Documents and Settings\Fabrizio\Desktop\MRP4060.lnk
[2009/10/11 18.22.47 | 00,000,204 | ---- | C] () -- C:\WINDOWS\PTTXYDRV.INI
[2009/10/11 15.00.06 | 00,081,781 | ---- | C] () -- C:\Risultati - FEBE 2009 10-11 15.00.06.html
[2009/10/11 15.00.05 | 00,299,395 | ---- | C] () -- C:\WizzRSSNewsReader{3.1.0.4}.xpi
[2009/10/11 15.00.05 | 00,057,678 | ---- | C] () -- C:\AdobeDLMpoweredbygetPlusR{16244}.xpi
[2009/10/11 14.59.58 | 00,031,495 | ---- | C] () -- C:\Answers{2.3.50}.xpi
[2009/10/11 14.59.57 | 00,743,730 | ---- | C] () -- C:\WOT{20090918}.xpi
[2009/10/11 14.59.57 | 00,553,121 | ---- | C] () -- C:\DownloadHelper{4.6.4}.xpi
[2009/10/11 14.59.57 | 00,091,839 | ---- | C] () -- C:\N0HRPropfire{0.73.17}.xpi
[2009/10/11 14.59.56 | 00,444,648 | ---- | C] () -- C:\NoScript{1.9.9.07}.xpi
[2009/10/11 14.59.54 | 00,019,086 | ---- | C] () -- C:\Microsoft.NETFrameworkAssistant{1.1}.xpi
[2009/10/11 14.59.54 | 00,007,109 | ---- | C] () -- C:\TabsOpenRelative{0.4}.xpi
[2009/10/11 14.59.51 | 00,284,901 | ---- | C] () -- C:\ReaditLater{0.9947}.xpi
[2009/10/11 14.59.51 | 00,008,277 | ---- | C] () -- C:\AdvertisingCookieOpt-out{1.1}.xpi
[2009/10/11 14.59.51 | 00,007,604 | ---- | C] () -- C:\TargetedAdvertisingCookieOpt-OutTACO{2.0}.xpi
[2009/10/11 14.59.41 | 00,771,980 | ---- | C] () -- C:\Xmarks{3.3.2}.xpi
[2009/10/11 14.59.41 | 00,013,799 | ---- | C] () -- C:\BandwidthMeterandDiagnostics{1.2.5}.xpi
[2009/10/11 14.59.40 | 00,035,887 | ---- | C] () -- C:\AddBookmarkHere{3.5.20090919}.xpi
[2009/10/06 22.28.09 | 00,781,909 | ---- | C] () -- C:\RSIT.exe
[2009/10/06 00.06.07 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/06 00.04.16 | 07,174,176 | ---- | C] () -- C:\SUPERAntiSpyware.exe
[2009/10/06 00.01.07 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\Fabrizio\Desktop\HijackThis.lnk
[2009/10/04 15.42.44 | 01,930,483 | ---- | C] () -- C:\transmute161setup.zip
[2009/09/27 22.31.34 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/19 01.08.32 | 00,074,752 | ---- | C] () -- C:\Documents and Settings\Fabrizio\Documenti\Corso scrittura.doc
[2009/09/15 23.25.35 | 00,044,965 | ---- | C] () -- C:\toothbrushporn1.jpg
[2009/09/15 23.22.09 | 11,676,2476 | ---- | C] () -- C:\w-code_6700.zip
[2009/09/14 23.52.29 | 00,219,196 | ---- | C] () -- C:\Albo Odontoiatri 7 agosto.pdf
[2009/03/15 12.23.57 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\AdobeUpdater6.rbt
[2009/01/11 11.15.51 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/01/11 11.15.51 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/01/11 11.15.51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/01/11 11.15.51 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/12/27 09.26.47 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2008/08/30 19.19.02 | 00,000,398 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2008/02/24 20.41.43 | 00,000,222 | ---- | C] () -- C:\WINDOWS\klingfu.ini
[2008/02/03 21.51.02 | 00,000,213 | ---- | C] () -- C:\WINDOWS\PCWGXDRV.INI
[2008/02/03 21.51.02 | 00,000,068 | ---- | C] () -- C:\WINDOWS\LOGINPUT.INI
[2007/12/11 13.48.46 | 00,172,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\XRNBO.sys
[2007/11/24 10.33.27 | 00,060,447 | ---- | C] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\DXToolbox Prefs
[2007/11/18 22.22.57 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
[2007/10/27 23.49.41 | 00,001,403 | ---- | C] () -- C:\WINDOWS\MQPreset.ini
[2007/10/27 23.49.41 | 00,000,163 | ---- | C] () -- C:\WINDOWS\Multique.ini
[2007/08/20 19.38.12 | 00,749,568 | R--- | C] () -- C:\WINDOWS\System32\agi1600.dll
[2007/08/20 19.38.11 | 01,789,952 | R--- | C] () -- C:\WINDOWS\System32\zhp1600r.dll
[2007/08/20 19.38.10 | 00,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP1600.dll
[2007/08/14 20.54.25 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/08/13 22.19.52 | 00,910,368 | ---- | C] () -- C:\WINDOWS\System32\OWL52T.DLL
[2007/05/18 13.16.57 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2007/04/09 00.31.33 | 00,000,772 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/08 19.55.11 | 00,001,174 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2007/02/13 15.04.30 | 00,000,186 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/15 10.38.33 | 02,114,254 | -H-- | C] () -- C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\IconCache.db
[2007/01/07 21.57.28 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2007/01/07 20.40.47 | 00,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/01/05 00.15.51 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/04 17.13.35 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/02 22.57.51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/01/01 21.05.39 | 00,000,252 | ---- | C] () -- C:\WINDOWS\wacars.ini
[2006/12/31 15.22.58 | 00,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/30 00.34.51 | 00,012,062 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2006/12/29 23.21.57 | 00,074,600 | ---- | C] () -- C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2006/12/29 23.18.38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Fabrizio\Dati applicazioni\desktop.ini
[2006/12/29 22.40.04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\desktop.ini
[2006/02/10 12.39.50 | 00,003,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\DXSOFTIO.SYS
[2005/12/09 21.06.00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/09 21.06.00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/09 21.06.00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/09 21.06.00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/09 21.06.00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/09 21.06.00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/09 21.06.00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/07/28 06.44.08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\SPARKEY.DLL
[2003/04/01 11.49.16 | 00,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 18.30.00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/08/31 17.00.00 | 00,000,735 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/31 17.00.00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:DFC5A2B2
< End of report >
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top

Re: Firefox exploited by Sedoparking

Unread postby fabrizio » October 11th, 2009, 2:56 pm

OTL Extras logfile created on: 11/10/2009 20.36.55 - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,50 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 33,93% Memory free
2,11 Gb Paging File | 1,25 Gb Available in Paging File | 59,15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 57,26 Gb Total Space | 4,86 Gb Free Space | 8,49% Space Free | Partition Type: NTFS
Drive D: | 2,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 301,16 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALFA
Current User Name: Fabrizio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = TextPad.ini] -- C:\Programmi\TextPad 4\TextPad.exe (Helios Software Solutions)
.txt [@ = TextPad.txt] -- C:\Programmi\TextPad 4\TextPad.exe (Helios Software Solutions)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programmi\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programmi\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programmi\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programmi\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programmi\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programmi\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programmi\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4662:TCP" = 4662:TCP:*:Enabled:eMule
"4672:UDP" = 4672:UDP:*:Enabled:eMule
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\File comuni\Ahead\Nero Web\SetupX.exe" = C:\Programmi\File comuni\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programmi\Google\Google Talk\googletalk.exe" = C:\Programmi\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\RADIO\CODE300-32\Code300-32_3.0.exe" = C:\RADIO\CODE300-32\Code300-32_3.0.exe:*:Enabled:Code300 DSP-decoder -- (HOKA ELECTRONIC)
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\HOKA Electronic\CODE300-32\CODE300-32.exe" = C:\Programmi\HOKA Electronic\CODE300-32\CODE300-32.exe:*:Enabled:Code300 DSP-decoder -- (HOKA ELECTRONIC)
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (Ghisler Software GmbH)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"F:\Programmi\uTorrent\uTorrent.exe" = F:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{100F1C28-4E08-4C64-884C-8137011ABD9B}" = Google Disattivazione del cookie per la pubblicità
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java(TM) SE Development Kit 6 Update 2
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}" = Virtual Earth 3D (Beta)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{402BA7EA-6BA0-439E-AF80-858327677EE0}" = Eudora
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A8535B5-E3BF-484F-A9AC-BC0FEDF5BB3A}" = StickySorter
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81B73249-906F-4C50-86A6-FAA837625815}" = WildEdit
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{85F0337D-33AC-43B4-A003-DF35061F1D8D}" = OpenOffice.org 3.0
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8FF3A31A-5131-48A4-A689-542CAF185001}" = Eudora
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9B2ADD3A-AFAF-4622-AC6F-C86FF36CC245}" = USB Flash Disk Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1684CE-3FD1-4E27-BBD3-709CA771A483}" = BOINC
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1040-7B44-A91000000001}" = Adobe Reader 9.1 - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EC637522-73A5-4428-8B46-65A621529CC7}" = Microsoft Location Finder
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F43D1D00-6C4A-40AA-A9D9-0388FC9A19DE}" = Free Virtual Serial Ports Emulator
"{F69A6F41-493F-405B-9BA6-03B327A841DD}" = CIG
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F87EE6E7-AB46-4A13-821D-3CFF24443CF5}" = SP TimeSync 2.3
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{FBD461E5-52C3-4F46-A484-2E64D8043521}" = PrintKey-Pro v1.04
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in
"0831EE42E002E0E92952CE6799D93DAA58BBB438" = Windows Driver Package - ATMEL (ATRUM4CC) USB (11/23/2006 5.0.9999.3)
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro (remove only)
"ARRLAView" = ARRL AView
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"AutoHotkey" = AutoHotkey 1.0.47.05
"Birthday Reminder v1.24" = Birthday Reminder v1.24
"CCleaner" = CCleaner (remove only)
"Code300-32 Standard with toolkit" = Code300-32 Standard with toolkit
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com0com" = Null-modem emulator (com0com)
"CwGet_is1" = CwGet V1.61 beta
"dabMate-KOGAN" = dabMate-KOGAN
"DBFViewer_is1" = DBFViewer
"Defraggler" = Defraggler (remove only)
"DESKonTOP" = DESKonTOP
"DeskPins" = DeskPins (remove only)
"Ditto_is1" = Ditto 3.15.4.0
"Dream" = Dream
"DRM Software Radio" = DRM Software Radio
"DSCdecoder_is1" = DSCdecoder 4.2b
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pacchetto driver Windows - Nokia Modem (06/01/2009 4.1)
"eMule" = eMule
"Eraser" = Eraser
"Everything" = Everything 1.2.0.323
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pacchetto driver Windows - Nokia Modem (06/01/2009 7.01.0.3)
"FC RecordTimer_is1" = FC RecordTimer Ver. 0.2
"FidoCAD_is1" = FidoCAD 0.96pl4
"Filter Design 4.3_is1" = Filter Design 4.3
"FLV Player" = FLV Player 2.0, build 23
"Forte Agent" = Forté Agent
"FreeCommander_is1" = FreeCommander 2009.02
"GeoAlert-Extreme Wizard_is1" = GeoAlert-Extreme Wizard 4.1.42
"GoldWave v5.08" = GoldWave v5.08
"GOM Player" = GOM Player
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP-Color LaserJet 1600" = Color LaserJet 1600
"HyperSnap 6" = HyperSnap 6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Finestra fotocamera Canon per ZoomBrowser EX
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{F69A6F41-493F-405B-9BA6-03B327A841DD}" = Canon Internet Library for ZoomBrowser EX
"IonoProbe_is1" = IonoProbe 1.36
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"Launchy_21344213_is1" = Launchy 2.1.2
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"minirk12_is1" = mini Ring Core Calculator 1.2
"Morse Runner_is1" = Morse Runner 1.68
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MRP40" = MRP40
"Multiquence v2.50" = Multiquence v2.50
"N8VBvCOM Driver" = N8VBvCOM Driver
"NAVTEX Decoder" = NAVTEX Decoder 2.1.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 Antivirus System
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PC-ALE_is1" = PC-ALE 1.602H
"PC-HFDL" = PC-HFDL 2.031
"PDF Password Cracker Pro v3.0_is1" = PDF Password Cracker Pro v3.0
"PhotoRecord" = Canon PhotoRecord
"Picasa 3" = Picasa 3
"PingPlotter Standard" = PingPlotter Standard 3.20s
"Pizza" = Pizza
"RealPlayer 6.0" = RealPlayer
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"RufzXP_is1" = RufzXP 1.1.0
"sigtools_1r1" = sigtools_1r1 display name
"SkySwePro" = SkySwePro
"SlowMousion" = SlowMousion 1.1
"Spectrum Lab_is1" = Spectrum Lab V2.7
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = WWSU6.2 Revision 4
"ST6UNST #2" = WWSU6.3 Revision 7
"ST6UNST #3" = WWSU6.3 Revision 7 (c:\Programmi\WWSU62\)
"ST6UNST #4" = Perseus-NDB
"Stickies 6.7a" = Stickies 6.7a
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"Totalcmd" = Total Commander (Remove or Repair)
"TotalRecorder" = Total Recorder 5.3
"TrueCrypt" = TrueCrypt
"TrueTTY_is1" = TrueTTY V2.60
"Tunatic" = Tunatic
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.7
"UnPacker" = UnPacker 1,3,2,1856
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-2
"Winrad_is1" = Winrad V1.32 build 19
"XiphQT" = Xiph QuickTime Components
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/05/2009 16.01.49 | Computer Name = ALFA | Source = Google Update | ID = 20
Description =

Error - 07/07/2009 5.33.18 | Computer Name = ALFA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore gom.exe, versione 2.1.17.4710,
modulo che ha provocato l'errore mpeg2decfilter.ax, versione 1.0.0.0, indirizzo
errore 0x00012b5b.

Error - 26/07/2009 15.07.33 | Computer Name = ALFA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore thunderbird.exe, versione 1.8.20090.60502,
modulo che ha provocato l'errore thunderbird.exe, versione 1.8.20090.60502, indirizzo
errore 0x0043deaa.

Error - 31/07/2009 7.15.26 | Computer Name = ALFA | Source = Google Update | ID = 20
Description =

Error - 31/07/2009 7.32.14 | Computer Name = ALFA | Source = Google Update | ID = 20
Description =

Error - 27/09/2009 16.19.01 | Computer Name = ALFA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore ad-aware.exe, versione 7.1.0.12,
modulo che ha provocato l'errore ad-aware.exe, versione 7.1.0.12, indirizzo errore
0x00164d6c.

Error - 27/09/2009 16.19.14 | Computer Name = ALFA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore ad-aware.exe, versione 7.1.0.12,
modulo che ha provocato l'errore ad-aware.exe, versione 7.1.0.12, indirizzo errore
0x00164d6c.

Error - 27/09/2009 16.28.47 | Computer Name = ALFA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 27/09/2009 16.59.32 | Computer Name = ALFA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore eudora.exe, versione 7.1.0.9,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x00000000.

Error - 02/10/2009 7.32.05 | Computer Name = ALFA | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 04/10/2009 15.40.20 | Computer Name = ALFA | Source = Print | ID = 19
Description = Errore di condivisione della stampante + 1722. Stampante: Microsoft
XPS Document Writer. Nome condivisione: Stampante.

Error - 04/10/2009 15.40.21 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 05/10/2009 7.17.27 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 05/10/2009 16.20.15 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 06/10/2009 7.15.31 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 06/10/2009 15.11.36 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 06/10/2009 16.36.00 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 09/10/2009 7.20.38 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 10/10/2009 7.18.47 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3

Error - 11/10/2009 6.59.46 | Computer Name = ALFA | Source = Service Control Manager | ID = 7000
Description = Il servizio Acronis Scheduler2 Service non è stato avviato per il
seguente errore: %%3


< End of report >
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top

Re: Firefox exploited by Sedoparking

Unread postby peku006 » October 12th, 2009, 3:07 am

Hi fabrizio

Remove P2P software
  • IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    eMule
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
  • Please remove them before we continue with fixing your computer.

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Top

Re: Firefox exploited by Sedoparking

Unread postby fabrizio » October 12th, 2009, 5:35 pm

Done. If this can be of any interest, eMule hasn't been used since two or three months.
I've also µTorrent installed (though never used): should I uninstall it too?

Fabrizio


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

sigtools_1r1 display name
AC3Filter (remove only)
Ad-Aware
Adobe Acrobat 8.1.5 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1 - Italiano
Adobe Reader Japanese Fonts
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced PDF Password Recovery Pro (remove only)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260)
Aggiornamento della protezione per Windows Media Player (KB911564)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player (KB973540)
Aggiornamento della protezione per Windows Media Player 6.4 (KB925398)
Aggiornamento della protezione per Windows Media Player 9 (KB917734)
Aggiornamento della protezione per Windows Media Player 9 (KB936782)
Aggiornamento della protezione per Windows XP (KB893756)
Aggiornamento della protezione per Windows XP (KB896358)
Aggiornamento della protezione per Windows XP (KB896423)
Aggiornamento della protezione per Windows XP (KB896424)
Aggiornamento della protezione per Windows XP (KB896428)
Aggiornamento della protezione per Windows XP (KB899587)
Aggiornamento della protezione per Windows XP (KB899591)
Aggiornamento della protezione per Windows XP (KB900725)
Aggiornamento della protezione per Windows XP (KB901017)
Aggiornamento della protezione per Windows XP (KB901214)
Aggiornamento della protezione per Windows XP (KB902400)
Aggiornamento della protezione per Windows XP (KB904706)
Aggiornamento della protezione per Windows XP (KB905414)
Aggiornamento della protezione per Windows XP (KB905749)
Aggiornamento della protezione per Windows XP (KB908519)
Aggiornamento della protezione per Windows XP (KB911562)
Aggiornamento della protezione per Windows XP (KB911927)
Aggiornamento della protezione per Windows XP (KB912919)
Aggiornamento della protezione per Windows XP (KB913580)
Aggiornamento della protezione per Windows XP (KB914388)
Aggiornamento della protezione per Windows XP (KB914389)
Aggiornamento della protezione per Windows XP (KB917344)
Aggiornamento della protezione per Windows XP (KB917422)
Aggiornamento della protezione per Windows XP (KB917953)
Aggiornamento della protezione per Windows XP (KB918118)
Aggiornamento della protezione per Windows XP (KB918439)
Aggiornamento della protezione per Windows XP (KB919007)
Aggiornamento della protezione per Windows XP (KB920213)
Aggiornamento della protezione per Windows XP (KB920670)
Aggiornamento della protezione per Windows XP (KB920683)
Aggiornamento della protezione per Windows XP (KB920685)
Aggiornamento della protezione per Windows XP (KB921398)
Aggiornamento della protezione per Windows XP (KB921503)
Aggiornamento della protezione per Windows XP (KB922616)
Aggiornamento della protezione per Windows XP (KB922819)
Aggiornamento della protezione per Windows XP (KB923191)
Aggiornamento della protezione per Windows XP (KB923414)
Aggiornamento della protezione per Windows XP (KB923561)
Aggiornamento della protezione per Windows XP (KB923689)
Aggiornamento della protezione per Windows XP (KB923694)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento della protezione per Windows XP (KB923980)
Aggiornamento della protezione per Windows XP (KB924191)
Aggiornamento della protezione per Windows XP (KB924270)
Aggiornamento della protezione per Windows XP (KB924496)
Aggiornamento della protezione per Windows XP (KB924667)
Aggiornamento della protezione per Windows XP (KB925454)
Aggiornamento della protezione per Windows XP (KB925486)
Aggiornamento della protezione per Windows XP (KB925902)
Aggiornamento della protezione per Windows XP (KB926255)
Aggiornamento della protezione per Windows XP (KB926436)
Aggiornamento della protezione per Windows XP (KB927779)
Aggiornamento della protezione per Windows XP (KB927802)
Aggiornamento della protezione per Windows XP (KB928090)
Aggiornamento della protezione per Windows XP (KB928255)
Aggiornamento della protezione per Windows XP (KB928843)
Aggiornamento della protezione per Windows XP (KB929123)
Aggiornamento della protezione per Windows XP (KB929969)
Aggiornamento della protezione per Windows XP (KB930178)
Aggiornamento della protezione per Windows XP (KB931261)
Aggiornamento della protezione per Windows XP (KB931768)
Aggiornamento della protezione per Windows XP (KB931784)
Aggiornamento della protezione per Windows XP (KB932168)
Aggiornamento della protezione per Windows XP (KB933566)
Aggiornamento della protezione per Windows XP (KB933729)
Aggiornamento della protezione per Windows XP (KB935839)
Aggiornamento della protezione per Windows XP (KB935840)
Aggiornamento della protezione per Windows XP (KB936021)
Aggiornamento della protezione per Windows XP (KB937894)
Aggiornamento della protezione per Windows XP (KB938127)
Aggiornamento della protezione per Windows XP (KB938464)
Aggiornamento della protezione per Windows XP (KB938829)
Aggiornamento della protezione per Windows XP (KB939653)
Aggiornamento della protezione per Windows XP (KB941202)
Aggiornamento della protezione per Windows XP (KB941568)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB941644)
Aggiornamento della protezione per Windows XP (KB941693)
Aggiornamento della protezione per Windows XP (KB942615)
Aggiornamento della protezione per Windows XP (KB943055)
Aggiornamento della protezione per Windows XP (KB943460)
Aggiornamento della protezione per Windows XP (KB943485)
Aggiornamento della protezione per Windows XP (KB944338)
Aggiornamento della protezione per Windows XP (KB944533)
Aggiornamento della protezione per Windows XP (KB944653)
Aggiornamento della protezione per Windows XP (KB945553)
Aggiornamento della protezione per Windows XP (KB946026)
Aggiornamento della protezione per Windows XP (KB946648)
Aggiornamento della protezione per Windows XP (KB947864)
Aggiornamento della protezione per Windows XP (KB948590)
Aggiornamento della protezione per Windows XP (KB948881)
Aggiornamento della protezione per Windows XP (KB950749)
Aggiornamento della protezione per Windows XP (KB950759)
Aggiornamento della protezione per Windows XP (KB950760)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951698)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB953838)
Aggiornamento della protezione per Windows XP (KB953839)
Aggiornamento della protezione per Windows XP (KB954211)
Aggiornamento della protezione per Windows XP (KB954600)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956390)
Aggiornamento della protezione per Windows XP (KB956391)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956841)
Aggiornamento della protezione per Windows XP (KB957095)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958215)
Aggiornamento della protezione per Windows XP (KB958470)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB958690)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960714)
Aggiornamento della protezione per Windows XP (KB960715)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB960859)
Aggiornamento della protezione per Windows XP (KB961371)
Aggiornamento della protezione per Windows XP (KB961373)
Aggiornamento della protezione per Windows XP (KB961501)
Aggiornamento della protezione per Windows XP (KB968537)
Aggiornamento della protezione per Windows XP (KB969898)
Aggiornamento della protezione per Windows XP (KB970238)
Aggiornamento della protezione per Windows XP (KB971032)
Aggiornamento della protezione per Windows XP (KB971557)
Aggiornamento della protezione per Windows XP (KB971633)
Aggiornamento della protezione per Windows XP (KB971657)
Aggiornamento della protezione per Windows XP (KB973346)
Aggiornamento della protezione per Windows XP (KB973354)
Aggiornamento della protezione per Windows XP (KB973507)
Aggiornamento della protezione per Windows XP (KB973869)
Aggiornamento per Windows XP (KB894391)
Aggiornamento per Windows XP (KB898461)
Aggiornamento per Windows XP (KB900485)
Aggiornamento per Windows XP (KB904942)
Aggiornamento per Windows XP (KB908531)
Aggiornamento per Windows XP (KB910437)
Aggiornamento per Windows XP (KB911280)
Aggiornamento per Windows XP (KB916595)
Aggiornamento per Windows XP (KB920872)
Aggiornamento per Windows XP (KB922582)
Aggiornamento per Windows XP (KB925720)
Aggiornamento per Windows XP (KB927891)
Aggiornamento per Windows XP (KB929338)
Aggiornamento per Windows XP (KB930916)
Aggiornamento per Windows XP (KB931836)
Aggiornamento per Windows XP (KB932823-v3)
Aggiornamento per Windows XP (KB933360)
Aggiornamento per Windows XP (KB936357)
Aggiornamento per Windows XP (KB938828)
Aggiornamento per Windows XP (KB942763)
Aggiornamento per Windows XP (KB942840)
Aggiornamento per Windows XP (KB946627)
Aggiornamento per Windows XP (KB951072-v2)
Aggiornamento per Windows XP (KB955839)
Aggiornamento per Windows XP (KB967715)
Aggiornamento per Windows XP (KB973815)
Aggiornamento rapido per Windows XP - KB873339
Aggiornamento rapido per Windows XP - KB885835
Aggiornamento rapido per Windows XP - KB885836
Aggiornamento rapido per Windows XP - KB886185
Aggiornamento rapido per Windows XP - KB887472
Aggiornamento rapido per Windows XP - KB888302
Aggiornamento rapido per Windows XP - KB890859
Aggiornamento rapido per Windows XP - KB891781
Aggiornamento rapido per Windows XP (KB914440)
Aggiornamento rapido per Windows XP (KB952287)
Aggiornamento rapido per Windows XP (KB961118)
Aggiornamento rapido per Windows XP (KB970653-v3)
Apple Software Update
ARRL AView
Audacity 1.3.7 (Unicode)
AutoHotkey 1.0.47.05
Birthday Reminder v1.24
BOINC
Calculator Powertoy for Windows XP
Canon CanoScan Toolbox 4.6
Canon Internet Library for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CDBurnerXP
CDDRV_Installer
Code300-32 Standard with toolkit
Color LaserJet 1600
Connect
CwGet V1.61 beta
dabMate-KOGAN
DBFViewer
Defraggler (remove only)
DESKonTOP
DeskPins (remove only)
Ditto 3.15.4.0
Dream
DRM Software Radio
DSCdecoder 4.2b
Eraser
Eraser
Eudora
Eudora
Everything 1.2.0.323
FC RecordTimer Ver. 0.2
FidoCAD 0.96pl4
Filter Design 4.3
Finestra fotocamera Canon per ZoomBrowser EX
FLV Player 2.0, build 23
Forté Agent
Free Virtual Serial Ports Emulator
FreeCommander 2009.02
GeoAlert-Extreme Wizard 4.1.42
getPlus(R) for Adobe
GoldWave v5.08
GOM Player
Google Desktop
Google Disattivazione del cookie per la pubblicità
Google Earth
Google Earth Plugin
Google Earth Plug-in
Google Talk (remove only)
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915865)
HyperSnap 6
IonoProbe 1.36
IrfanView (remove only)
JAP
Java DB 10.2.2.0
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 2
KhalInstallWrapper
kuler
Launchy 2.1.2
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
MailWasher Pro
Malwarebytes' Anti-Malware
Manual CanoScan 4200F
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
mini Ring Core Calculator 1.2
Morse Runner 1.68
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.22)
MPEG2 Codec(libmpeg2/mad)
MRP40
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multiquence v2.50
N8VBvCOM Driver
NAVTEX Decoder 2.1.5
NOD32 Antivirus System
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
Notepad++
Null-modem emulator (com0com)
NVIDIA Drivers
OmniPage SE 2.0
OpenOffice.org 3.0
Pacchetto driver Windows - Nokia Modem (06/01/2009 4.1)
Pacchetto driver Windows - Nokia Modem (06/01/2009 7.01.0.3)
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Paint.NET v3.31
PC Connectivity Solution
PC-ALE 1.602H
PC-HFDL 2.031
PDF Password Cracker Pro v3.0
PDF Settings CS4
Perseus-NDB
Photoshop Camera Raw
Picasa 3
PingPlotter Standard 3.20s
Pizza
PrintKey-Pro v1.04
QuickTime
RealPlayer
RemoveIT Pro v4 - SE
RufzXP 1.1.0
Skype™ 3.6
SkySwePro
SlowMousion 1.1
SP TimeSync 2.3
Spectrum Lab V2.7
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stickies 6.7a
StickySorter
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
Taskbar Shuffle version 2.5
TextPad 5
Total Commander (Remove or Repair)
Total Recorder 5.3
TrueCrypt
TrueTTY V2.60
Tunatic
Tweak UI
Unlocker 1.8.7
UnPacker 1,3,2,1856
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Flash Disk Utility
Virtual Desktop Manager Powertoy for Windows XP
Virtual Earth 3D (Beta)
What's Running 2.2
WildEdit
Winamp
Windows Driver Package - ATMEL (ATRUM4CC) USB (11/23/2006 5.0.9999.3)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Presentation Foundation
WinHTTrack Website Copier 3.41-2
Winrad V1.32 build 19
WWSU6.2 Revision 4
WWSU6.3 Revision 7
WWSU6.3 Revision 7 (c:\Programmi\WWSU62\)
Xiph QuickTime Components
XML Paper Specification Shared Components Language Pack 1.0
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top

Re: Firefox exploited by Sedoparking

Unread postby peku006 » October 13th, 2009, 1:49 am

Hi fabrizio

I've also µTorrent installed (though never used): should I uninstall it too?

yes do it :)

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Top

Re: Firefox exploited by Sedoparking

Unread postby fabrizio » October 13th, 2009, 6:14 pm

Hello peku006,

µTorrent uninstalled.

Malwarebytes' Anti-Malware installed, updated and launched. Here is the log, followed by the Hijackthis scan:

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 5.1.2600 Service Pack 2

14/10/2009 0.06.16
mbam-log-2009-10-14 (00-06-16).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 279156
Time elapsed: 1 hour(s), 54 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.11.26, on 14/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\DESKonTOP\DESKonTOP.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Launchy\Launchy.exe
C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\DeskPins\DeskPins.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\stickies\stickies.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
F:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\FireTrust\MailWasher Pro\MailWasher.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\BOINC\boinc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Afreet\IonoProbe\IonoProbe.exe
C:\Internet\Eudora\Eudora.exe
C:\Programmi\TextPad 4\TextPad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Disattivazione del cookie per la pubblicità - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programmi\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Programmi\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DESKonTOP] C:\Programmi\DESKonTOP\DESKonTOP.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O4 - Startup: DeskPins.lnk = C:\Programmi\DeskPins\DeskPins.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Stickies.lnk = C:\Programmi\stickies\stickies.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98a38d3f2afce) (gupdate1c98a38d3f2afce) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - F:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11838 bytes
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top

Re: Firefox exploited by Sedoparking

Unread postby peku006 » October 14th, 2009, 2:37 am

Hi fabrizio

Looking good :)
Let's make sure we got everything

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.

How's the computer running now? Any problems?
Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Top

Re: Firefox exploited by Sedoparking

Unread postby fabrizio » October 15th, 2009, 4:01 am

Hello Peku006,

the scan took several hours; the scan report is attached below, followed by the HijackThis report. I haven't fixed anything yet, among the files found by Kaspersky.

peku006 wrote: How's the computer running now? Any problems?


Hey, the link previously redirected by Sedoparking is working correctly now! :)
No problems detected.

Fabrizio


\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 15, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 14, 2009 14:38:56
Records in database: 2975789
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 191376
Threats found: 10
Infected objects found: 28
Suspicious objects found: 31
Scan duration: 12:03:33


File name / Threat / Threats count
C:\Documents and Settings\Fabrizio\Dati applicazioni\Thunderbird\Profiles\fkavihxo.default\Mail\Local Folders\Eudora Posta.sbd\OLD.sbd\DXLD 2005 Infected: Email-Worm.Win32.Sober.p 2
C:\Documents and Settings\Fabrizio\Dati applicazioni\Thunderbird\Profiles\fkavihxo.default\Mail\Local Folders\Eudora Posta.sbd\OLD.sbd\GTR Suspicious: Trojan-Spy.HTML.Fraud.gen 10
C:\Documents and Settings\Fabrizio\Dati applicazioni\Thunderbird\Profiles\fkavihxo.default\Mail\Local Folders\OLD.sbd\DXLD 2005 Infected: Email-Worm.Win32.Sober.p 2
C:\Internet\Eudora\OLD.fol\Dentistry 2000-5.mbx Infected: Email-Worm.VBS.KakWorm 5
C:\Internet\Eudora\OLD.fol\DXLD 2005.mbx Infected: Email-Worm.Win32.Sober.p 2
C:\Internet\Eudora\OLD.fol\GTR.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 10
C:\Internet\Eudora\OLD.fol\NDB 2000-1.mbx Infected: Email-Worm.VBS.KakWorm 1
C:\Internet\Eudora\OLD.fol\NDB 2000.mbx Infected: Email-Worm.VBS.KakWorm 1
C:\Programmi\eMule\Incoming\L0phtcrack v5.00 Incl Keygen-Lz0 & Saminside v2.2.2.0 Retail.rar Infected: not-a-virus:PSWTool.Win32.SAMInside.af 1
C:\Programmi\PDF Password Cracker Pro v3.0\crackpdf.exe Infected: not-a-virus:PSWTool.Win32.PdfCracker.b 1
F:\ARCHIVIO\SOFTWARE\hueyins.exe Infected: not-a-virus:RemoteAdmin.Win32.Huey 1
F:\ARCHIVIO\SOFTWARE\lister4.exe Suspicious: Type_Win32 1
F:\ARCHIVIO\SOFTWARE\mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
F:\ARCHIVIO\SOFTWARE\Pdf Password Cracker v3.0 Pro Keygen.rar Infected: not-a-virus:PSWTool.Win32.PdfCracker.b 1
F:\ARCHIVIO\SOFTWARE\remote.zip Infected: not-a-virus:RemoteAdmin.Win32.CoolRemCon.b 1
F:\ARCHIVIO\SOFTWARE\remote.zip Infected: not-a-virus:RemoteAdmin.Win32.CoolRemCon.a 1
F:\Programmi\Eudora\OLD.fol\Dentistry 2000-5.mbx Infected: Email-Worm.VBS.KakWorm 5
F:\Programmi\Eudora\OLD.fol\DXLD 2005.mbx Infected: Email-Worm.Win32.Sober.p 2
F:\Programmi\Eudora\OLD.fol\GTR.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 10
F:\Programmi\Eudora\OLD.fol\NDB 2000.mbx Infected: Email-Worm.VBS.KakWorm 1

Selected area has been scanned.



\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.59.15, on 15/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\DESKonTOP\DESKonTOP.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\Launchy\Launchy.exe
C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\DeskPins\DeskPins.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\stickies\stickies.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
F:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\FireTrust\MailWasher Pro\MailWasher.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Java\jre6\bin\java.exe
C:\Programmi\Afreet\IonoProbe\IonoProbe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Internet\Eudora\Eudora.exe
C:\totalcmd\TOTALCMD.EXE
C:\Programmi\TextPad 4\TextPad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Disattivazione del cookie per la pubblicità - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programmi\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Programmi\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DESKonTOP] C:\Programmi\DESKonTOP\DESKonTOP.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O4 - Startup: DeskPins.lnk = C:\Programmi\DeskPins\DeskPins.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Stickies.lnk = C:\Programmi\stickies\stickies.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98a38d3f2afce) (gupdate1c98a38d3f2afce) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - F:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11934 bytes
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top

Re: Firefox exploited by Sedoparking

Unread postby fabrizio » October 15th, 2009, 5:46 pm

Hi Peku006,

as a short update to my previous post, I noticed that, while unistalling of eMule, Windows left behind the Incoming folder with its whole content, as well as a Temp folder with a few uncompleted files. I'll erase these folders manually.

I'll be out of town for my job for a couple of days, I'm back on Sunday. I'm sorry for any inconvenience this may cause.

Fabrizio
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top

Re: Firefox exploited by Sedoparking

Unread postby peku006 » October 16th, 2009, 2:57 am

Hi Fabrizio

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders(if present):

C:\Documents and Settings\Fabrizio\Dati applicazioni\Thunderbird\Profiles\fkavihxo.default\Mail\Local Folders\Eudora Posta.sbd
F:\Programmi\Eudora\OLD.fol\Dentistry 2000-5.mbx
F:\Programmi\Eudora\OLD.fol\DXLD 2005.mbx
F:\Programmi\Eudora\OLD.fol\GTR.mbx
F:\Programmi\Eudora\OLD.fol\NDB 2000.mbx

it seems you don't have any evidence of a third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:


Please reply with

a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Top

Re: Firefox exploited by Sedoparking

Unread postby fabrizio » October 18th, 2009, 12:39 pm

Hello Peku006,

I'm back home.

All the listed folders have been deleted. They files on F: disk were archive copies of email messages from trusted sources, maybe they've been infected at a later time?

Online-Armor Free firewall installed.

The previously exploited link is still working correctly now. This seems promising, doesn't it? :)

The HijackThis log follows.

Fabrizio


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.35.42, on 18/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Tall Emu\Online Armor\OAcat.exe
C:\Programmi\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
F:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\DESKonTOP\DESKonTOP.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Launchy\Launchy.exe
C:\Programmi\Tall Emu\Online Armor\OAhlp.exe
C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\DeskPins\DeskPins.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\stickies\stickies.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\FireTrust\MailWasher Pro\MailWasher.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Disattivazione del cookie per la pubblicità - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programmi\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Programmi\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DESKonTOP] C:\Programmi\DESKonTOP\DESKonTOP.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmi\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O4 - Startup: DeskPins.lnk = C:\Programmi\DeskPins\DeskPins.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Stickies.lnk = C:\Programmi\stickies\stickies.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Programmi\Warecentral\PrintKey-Pro\PKey_Pro.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98a38d3f2afce) (gupdate1c98a38d3f2afce) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - F:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\OAcat.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oasrv.exe

--
End of file - 12034 bytes
fabrizio
Active Member
 
Posts: 11
Joined: October 6th, 2009, 5:27 pm
Top

Re: Firefox exploited by Sedoparking

Unread postby peku006 » October 18th, 2009, 1:14 pm

Hi Fabrizio

welcome back.......Online Armor is a good choice :)

all the logs look good........"Sedoparking" is no longer a problem ?
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 151 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index