I've been using G2G Editor again with no problem; I'm glad about this; but I would like to know why the attack stopped! Reason of this post is if you please can help me clearing the XSS-Script; so I can make clean HTML-Files of my Canned Speeches, without getting distorted by the XSS bug as mentioned above.
This matter is new for me, so I searched about it on the web and read this link: http://en.wikipedia....-site_scripting _ 2.2 Persistent XSS_ mentions that XSS can be stored on the server of the Hosting Website. I don't know if thats the case! I scanned with Eset online-scan, Karspensky, MBAM, SAS, Spybot, Defender, MSE; nothing was found and I couldn’t remove the malicious script. I also tried another browser but to no avail. I've kept the infected HTLM-Files. I also disabled Jafa on Firefox.
N.B. I posted this post and something went wrong; I think! If that was not the case; my excuse! Its not my intention to double my post.
Regards,
SpyCatsher
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XSS Log
{"prefs":{
"clearClick.plugins":true,
"autoReload.embedders":1,
"proxiedDNS":0,
"showExternalFilters":true,
"surrogate.adagionet.sources":".adagionet.com",
"toStaticHTML":true,
"globalwarning":true,
"forbidExtProtSubdocs":true,
"surrogate.digg.replacement":"window.location.href=document.querySelector('link[rel=canonical]').href",
"surrogate.adfly.replacement":"for each(let s in document.getElementsByTagName('script')){let m=s.textContent.match(/\\bcountdown\\b[\\s\\S]+\\bvar\\s+url\\s+=\\s+[\"'](https?:[^'\"]+)/);if(m){window.location.href=m[1];break}}",
"surrogate.ab_adtiger.replacement":"adspirit_pid={}",
"forbidSilverlight":true,
"cp.last":true,
"filterXExceptions.ggadgets":true,
"sound":false,
"compat.gnotes":true,
"surrogate.picsee.sources":"!^https?://picsee\\.net/2\\d.*\\.html",
"forbidFrames":false,
"docShellJSBlocking":1,
"untrustedGranularity":3,
"forbidFlash":true,
"filterXExceptions.readability":true,
"forbidXBL":1,
"allowLocalLinks":false,
"filterXExceptions.zendesk":true,
"showTemp":true,
"xss.trustExternal":true,
"injectionCheck":2,
"hoverUI.delayExit1":250,
"surrogate.imagebam.sources":"!@*.imagebam.com",
"subscription.lastCheck":-382408154,
"showPlaceholder":true,
"toolbarToggle":3,
"surrogate.ab_adsense.sources":"pagead2.googlesyndication.com",
"notify.hide":false,
"showGlobal":true,
"surrogate.popunder.exceptions":".meebo.com",
"surrogate.skimlinks.sources":".skimlinks.com/api/",
"safeJSRx":"(?:window\\.)?close\\s*\\(\\)",
"firstRunRedirection":true,
"secureCookiesExceptions":"",
"secureCookiesForced":"",
"ABE.notify.namedLoopback":false,
"fixURI.exclude":"",
"alwaysBlockUntrustedContent":true,
"notify.hidePermanent":true,
"nselNever":false,
"surrogate.imagebunk.replacement":"document.body.insertBefore(document.getElementById('img_obj'), document.body.firstChild)",
"forbidPlugins":true,
"jsredirectIgnore":false,
"surrogate.adriver.sources":"ad.adriver.ru/cgi-bin/erle.cgi",
"oldStylePartial":false,
"consoleDump":0,
"surrogate.glinks.sources":"!@^https?://[^/]+google\\..*/search",
"autoReload.global":true,
"xss.notify.subframes":true,
"surrogate.qs.sources":"edge.quantserve.com",
"truncateTitle":true,
"showRecentlyBlocked":true,
"subscription.checkInterval":24,
"forbidIFramesParentTrustCheck":true,
"confirmUnsafeReload":true,
"flashPatch":true,
"STS.expertErrorUI":false,
"allowURLBarJS":false,
"surrogate.revsci.replacement":"rsinetsegs=[];DM_addEncToLoc=DM_tag=function(){};",
"ef.Blitzableiter.whitelist":"",
"surrogate.ga.sources":"*.google-analytics.com",
"showDistrust":true,
"sound.oncePerSite":true,
"filterXExceptions.lycosmail":true,
"showDomain":false,
"filterXExceptions.letitbit":true,
"noping":true,
"showUntrusted":true,
"placeholderLongTip":true,
"secureCookies":false,
"forbidData":true,
"surrogate.picbucks.replacement":"for each(let s in document.getElementsByTagName('script')) { let m = s.textContent.match(/Lbjs\\.TargetUrl = '(http[^']*)/); if (m) { location.href = m[1]; break; } }",
"removeSMILKeySniffer":true,
"logDNS":false,
"dropXssProtection":true,
"showBlockedObjects":true,
"httpsForced":"",
"visibleUIChecked":true,
"surrogate.qs.replacement":"window.quantserve=function(){}",
"forbidJava":true,
"silverlightPatch":true,
"urivalid.mailto":"[^\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]*",
"surrogate.facebook_connect.sources":"connect.facebook.net/en_US/all.js",
"allowPageLevel":0,
"surrogate.plusone.replacement":"gapi=function(){if(typeof Proxy==='undefined'){var f=arguments.callee;return f.__noSuchMethod__=f.plusone=f;}var p=Proxy.createFunction({get:function(proxy, name){return name in Object.prototype?Object.prototype[name];}},function(){return p;});return p;}();",
"showAllowPage":true,
"ABE.skipBrowserRequests":true,
"clearClick":3,
"jsredirectForceShow":false,
"hoverUI.delayEnter":250,
"surrogate.ab_mirando.sources":"^http://get\\.mirando\\.",
"requireReloadRegExp":"application/x-vnd\\.moveplayer\\b.*",
"filterXExceptions.yahoo":true,
"ABE.allowRulesetRedir":false,
"ABE.wanIpAsLocal":true,
"surrogate.interstitialBox.replacement":"__defineSetter__('interstitialBox',function(){});__defineGetter__('interstitialBox',function(){return{}})",
"surrogate.imdb.replacement":"addEventListener('DOMContentLoaded',function(ev){ad_utils.render_ad=function(w){w.location=w.location.href.replace(/.*\\bTRAILER=([^&]+).*/,'$1')}},true)",
"ef.Blitzableiter.contentType":"shockwave|futuresplash",
"forbidActiveContentParentTrustCheck":true,
"canonicalFQDN":false,
"urivalid.aim":"\\w[^\\\\\\?&\\x00-\\x1f#]*(?:\\?[^\\\\\\x00-\\x1f#]*(?:#[\\w\\-\\.\\+@]{2,32})?)?",
"forbidBookmarklets":false,
"surrogate.uniblue.replacement":"for each(let l in document.links)if(/^https:\\/\\/store\\./.test(l.href)){l.setAttribute('href',l.href.replace(/.*?:/, ''));l.parentNode.replaceChild(l,l)}",
"forbidBGRefresh.exceptions":".mozilla.org",
"sync.enabled":false,
"placeholderMinSize":32,
"hoverUI.delayStop":50,
"surrogate.skimlinks.replacement":"window.skimlinks=function(){}",
"utf7filter":true,
"ef.Blitzableiter.name":"Blitzableiter",
"alwaysShowObjectSources":false,
"forbidMedia":true,
"filterXExceptions.livejournal":true,
"ABE.migration":1,
"surrogate.ab_binlayer.sources":"^http://view\\.binlay(?:er)\\.",
"showBaseDomain":true,
"allowClipboard":false,
"xss.trustReloads":false,
"filterXExceptions.fbconnect":true,
"consoleLog":false,
"xss.checkInclusions":true,
"notify":true,
"showBlankSources":false,
"surrogate.nscookie.sources":"@*.facebook.com",
"stickyUI":true,
"autoAllow":0,
"surrogate.sandbox":true,
"allowBookmarkletImports":true,
"emulateFrameBreak":true,
"forbidMetaRefresh.notify":true,
"forbidMetaRefresh.remember":false,
"surrogate.enabled":true,
"truncateTitleLen":255,
"fixURI":true,
"placesPrefs":false,
"surrogate.ab_adsense.replacement":"gaGlobal={}",
"ABE.rulesets.SYSTEM":"# Prevent Internet sites from requesting LAN resources.\r\nSite LOCAL\r\nAccept from LOCAL\r\nDeny",
"clearClick.subexceptions":"^http://bit(?:ly\\.com|\\.ly)/a/sidebar\\?u= http://*.uservoice.com/*/popin.html?* http://w.sharethis.c...lightbox.html?* http://disqus.com/embed/* *.disqus.com/*/reply.html* http://www.feedly.com/mini abine:*",
"allowCachingObjects":true,
"surrogate.nscookie.replacement":"document.cookie='noscript=; domain=.facebook.com; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT;'",
"surrogate.adfly.sources":"!@.adf.ly",
"surrogate.ab_adscale.replacement":"adscale={}",
"policynames":"",
"allowHttpsOnly":0,
"showTempToPerm":true,
"forbidIFrames":false,
"ABE.disabledRulesetNames":"",
"surrogate.ab_bidvertiser.replacement":"report_error=function(){}",
"contentBlocker":false,
"surrogate.twitter.sources":"platform.twitter.com",
"surrogate.adriver.replacement":"if(top!==self&&top.location.href===location.href)setTimeout('try{document.close();}catch(e){}',100)",
"options.tabSelectedIndexes":"5,2,0",
"jsHack":"",
"secureCookies.recycle":false,
"filterXGetUserRx":"",
"asyncNetworking":true,
"doNotTrack.forced":"",
"surrogate.imagebunk.sources":"!http://imagebunk.com/image/*",
"ABE.siteEnabled":false,
"showTempAllowPage":true,
"xss.notify":true,
"allowURLBarImports":false,
"surrogate.popunder.replacement":"(function(){var cookie=document.__proto__.__lookupGetter__('cookie');document.__proto__.__defineGetter__('cookie',function() {var c='; popunder=yes; popundr=yes; setover18=1';return (cookie.apply(this).replace(c,'')+c).replace(/^; /, '')});var fid='_FID_'+(Date.now().toString(16));var open=window.__proto__.open;window.__proto__.open=function(url,target,features){try{if(!(/^_(?:top|parent|self)$/i.test(target)||target in frames)){var suspSrc,suspCall,ff=[],ss=new Error().stack.split('\\n').length;if(/popunde?r/i.test(target))return ko();for(var f,ev,aa=arguments;stackSize-->2&&aa.callee&&(f=aa.callee.caller)&&ff.indexOf(f)<0;ff.push(f)){aa=f.arguments;if(!aa)break;ev=aa[0];suspCall=f.name=='doPopUnder';if(!suspSrc)suspSrc=suspCall||/(?:\\bpopunde?r|\\bfocus\\b.*\\bblur|\\bblur\\b.*\\bfocus|[pP]uShown)\\b/.test(f.toSource());if(suspCall||ev&&typeof ev=='object'&&('type' in ev)&&ev.type=='click'&&ev.button===0&&(ev.currentTarget===document||('tagName' in ev.currentTarget)&&'body'==ev.currentTarget.tagName.toLowerCase())&&!(('href' in ev.target)&&ev.target.href&&(ev.target.href.indexOf(url)===0||url.indexOf(ev.target.href)===0))){if(suspSrc)return ko();}}}}catch(e){}return open.apply(null, arguments);function ko(){var fr=document.getElementById(fid)||document.body.appendChild(document.createElement('iframe'));fr.id=fid;fr.src='data:text/html,';fr.style.display='none';var w=fr.contentWindow;w.blur=function(){};return w;}}})()",
"xss.trustData":true,
"keys.toggle":"ctrl shift VK_BACK_SLASH.|",
"surrogate.revsci.sources":"js.revsci.net",
"forbidFonts":true,
"injectionCheckHTML":true,
"surrogate.interstitialBox.sources":"@*.imagevenue.com",
"surrogate.popunder.sources":"@^http:\\/\\/[\\w\\-\\.]+\\.[a-z]+ wyciwyg:",
"liveConnectInterception":true,
"global":false,
"surrogate.facebook_connect.replacement":"FB=function(){if(typeof Proxy==='undefined'){var f=arguments.callee;return f.__noSuchMethod__=f.Event=f;}var p=Proxy.createFunction({get:function(proxy, name){return name in Object.prototype?Object.prototype[name];}},function(){return p;});return p;}();",
"secureCookies.perTab":false,
"surrogate.debug":false,
"notify.bottom":true,
"forbidMetaRefresh.exceptions":"^https?://(?:www|encrypted)\\.google\\.(?:[a-z]{2,3}|[a-z]{2}\\.[a-z]{2,3})/ t.co",
"ajaxFallback.enabled":true,
"hoverUI.delayExit2":300,
"surrogate.amo.replacement":"addEventListener('click',function(e){if(e.button)return;var a=e.target.parentNode;var hash=a.getAttribute('data-hash');if(hash){var b=a.parentNode.parentNode;InstallTrigger.install({x:{URL:a.href,IconURL:b.getAttribute('data-icon'),Hash:hash,toString:function(){return a.href}}});e.preventDefault()}},false)",
"surrogate.plusone.sources":"apis.google.com/js/plusone.js",
"autoReload.useHistory.exceptCurrent":true,
"surrogate.glinks.replacement":"for each(let et in ['focus','mouseover','mousedown','click'])addEventListener(et,function(e){var a=e.target;do{if(a.href&&!a._href){a._href=a.href=a.href.replace(/.*\\/url.*[?&](?:url|q)=(http[^&]+).*/,function(a,b)decodeURIComponent(b));if(/\\brwt\\(/.test(a.getAttribute('onmousedown')))a.removeAttribute('onmousedown')}}while(a=a.parentNode)},true)",
"smartClickToPlay":true,
"surrogate.ab_mirando.replacement":"Mirando={}",
"autoReload.onMultiContent":false,
"surrogate.ab_mirago.replacement":"HLSysBannerUrl=''",
"trustEV":false,
"ef.enabled":false,
"ABE.rulesets.USER":"# User-defined rules. Feel free to experiment here.\r\n",
"forbidWebGL":false,
"surrogate.ab_bidvertiser.sources":"^http://bdv\\.bidvert",
"filterXExceptions.verizon":true,
"surrogate.imagehaven.sources":"!@*.imagehaven.net",
"surrogate.googleThumbs.replacement":"(function(){var ss=document.getElementsByTagName('script');var s,t,m,id,i;for(var j=ss.length;j-->0;)if(((s=ss[j])&&(t=s.firstChild&&s.firstChild.nodeValue)&&(id=t.match(/\\w+thumb\\d+/))&&(m=t.match(/['\"](data:[^'\"]+)/)))&&(i=document.getElementById(id)))i.src=m[1].replace(/\\\\(u[0-9a-f]{4}|x[0-9a-f]{2})/ig,function(a,b){return String.fromCharCode(parseInt(b.substring(1), 16))})})()",
"confirmUnblock":true,
"tempGlobal":false,
"keys.ui":"ctrl shift S",
"doNotTrack.exceptions":"",
"clearClick.exceptions":".mail.yahoo.com https://mail.google.com/ *.ebay.com *.photobucket.com",
"nosniff":true,
"menuAccelerators":false,
"filterXPost":true,
"ABE.wanIpCheckURL":"https://secure.infor...on.com/ipecho/",
"keys.revokeTemp":"",
"clearClick.rapidFireCheck":true,
"fixLinks":true,
"frameOptions.enabled":true,
"eraseFloatingElements":true,
"inclusionTypeChecking":true,
"recentlyBlockedCount":10,
"clearClick.threshold":18,
"statusIcon":true,
"forbidIFramesContext":3,
"hideOnUnloadRegExp":"video/.*",
"autoReload.useHistory":false,
"surrogate.digg.sources":"!@digg.com/newsbar/*",
"hoverUI":false,
"filterXExceptions":"^https?://([a-z]+)\\.google\\.(?:[a-z]{1,3}\\.)?[a-z]+/(?:search|custom|\\1)\\?\n^https?://([a-z]*)\\.?search\\.yahoo\\.com/search(?:\\?|/\\1\\b)\n^https?://[a-z]+\\.wikipedia\\.org/wiki/[^\"<>\\?%]+$\n^https?://translate\\.google\\.com/translate_t[^\"'<>\\?%]+$\n^https://secure\\.wikimedia\\.org/wikipedia/[a-z]+/wiki/[^\"<>\\?%]+$",
"recentlyBlockedLevel":0,
"clearClick.prompt":true,
"ABE.notify":true,
"surrogate.picsee.replacement":"location.replace(location.href.replace(/(\\/2\\d{3}[^\\/]*)(.*)\\.html/, '/upload$1/$2'));",
"showUntrustedPlaceholder":true,
"forbidImpliesUntrust":false,
"jsHackRegExp":"",
"allowedMimeRegExp":"",
"ctxMenu":true,
"subscription.trustedURL":"",
"filterXExceptions.blogspot":true,
"STS.enabled":true,
"filterXExceptions.medicare":true,
"stickyUI.liveReload":false,
"autoReload.allTabsOnGlobal":false,
"surrogate.ab_adtiger.sources":"^http://ads\\.adtiger\\.",
"lockPrivilegedUI":false,
"gtemp":"",
"compat.evernote":true,
"autoReload.allTabs":true,
"autoReload":true,
"inclusionTypeChecking.checkDynamic":false,
"nselForce":true,
"surrogate.picbucks.sources":"!*.picbucks.com",
"nselNoMeta":true,
"forbidMetaRefresh":false,
"surrogate.ab_adscale.sources":"js.adscale.de",
"statusLabel":false,
"excaps":true,
"surrogate.amo.sources":"!https://addons.mozilla.org/",
"surrogate.yieldman.replacement":"rmAddKey=rmAddCustomKey=rmShowAd=rmShowPop=rmShowInterstitial=rmGetQueryParameters=rmGetSize=rmGetWindowUrl=rmGetPubRedirect=rmGetClickUrl=rmReplace=rmTrim=rmUrlEncode=rmCanShowPop=rmCookieExists=rmWritePopFrequencyCookie=rmWritePopExpirationCookie=flashIntalledCookieExists=writeFlashInstalledCookie=flashDetection=rmGetCookie=function(){}",
"siteInfoProvider":"http://noscript.net/...,
"clearClick.debug":false,
"ABE.legacyPrompt":false,
"surrogate.ab_binlayer.replacement":"blLayer={}",
"surrogate.imagehaven.replacement":"['agreeCont','TransparentBlack'].forEach(function(id){var o=document.getElementById(id);if(o)o.style.display='none'})",
"surrogate.yieldman.sources":"*.yieldmanager.com",
"xss.checkInclusions.exceptions":"intensedebate.com/idc/js/",
"hoverUI.excludeToggling":true,
"surrogate.ab_mirago.sources":"^http://intext\\.mirago\\.",
"forbidBGRefresh":1,
"keys.tempAllowPage":"",
"https.showInConsole":true,
"filterXGetRx":"<+(?=[^<>=\\-\\d\\. /\\(])|[\\\\\"\\x00-\\x07\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F]",
"forbidMixedFrames":true,
"jsredirectFollow":false,
"ignorePorts":true,
"forbidXHR":1,
"xss.trustTemp":true,
"surrogate.disqus-theme.sources":">.disqus.com/*/build/themes/t_c4ca4238a0b923820dcc509a6f75849b.js*",
"injectionCheckPost":true,
"notify.hideDelay":5,
"forbidXSLT":true,
"ABE.enabled":true,
"surrogate.twitter.replacement":"twttr=function(){if(typeof Proxy==='undefined'){var f=arguments.callee;return f.__noSuchMethod__=f.events=f.anywhere=f};var p=Proxy.createFunction({get:function(proxy, name){return name in Object.prototype?Object.prototype[name];}},function(){return p;});return p;}();",
"filterXExceptions.visa":true,
"stickyUI.onKeyboard":true,
"surrogate.adagionet.replacement":"adagioWriteTag=adagioWriteBanner=function(){}",
"badInstall":false,
"whitelistRegExp":"",
"ef.Blitzableiter.exe":"",
"surrogate.imdb.sources":"@*.imdb.com/video/*",
"filterXGet":true,
"autoReload.allTabsOnPageAction":true,
"collapseObject":false,
"surrogate.disqus-theme.replacement":"DISQUS.dtpl.actions.register('comments.reply.new.onLoadingStart', function() { DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingStart'); DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingEnd');});",
"showAddress":false,
"doNotTrack.enabled":true,
"surrogate.googleThumbs.sources":"!^https?://www\\.google\\.[a-z]+/search",
"showPermanent":true,
"ABE.localExtras":"",
"audioApiInterception":true,
"surrogate.uniblue.sources":"!@.uniblue.com .liutilities.com",
"sound.block":"chrome://noscript/skin/block.wav",
"surrogate.ga.replacement":"(function(){var _0=function(){return _0;};_0.__noSuchMethod__=_0;with(window)urchinTracker=_0,_gaq={__noSuchMethod__:_0,push:_0,_link:function(h){if(h)location.href=h},_linkByPost:function(){return true},_getLinkerUrl:function(u){return u},_trackEvent:_0},_gat={__noSuchMethod__:function(){return _gaq}}})()",
"allowBookmarks":false,
"inclusionTypeChecking.exceptions":"https://scache.vzw.com/ http://cache.vzw.com .sony-europe.com .amazonaws.com lesscss.googlecode.com/files/ .hp-ww.com",
"showRevokeTemp":true,
"filterXExceptions.deviantart":true,
"toggle.temp":true,
"frameOptions.parentWhitelist":"https://mail.google.com/*",
"subscription.untrustedURL":"",
"surrogate.imagebam.replacement":"(function(){if(\"over18\" in window){var _do=doOpen;doOpen=function(){};over18();doOpen=_do}else{var e=document.getElementById(Array.slice(document.getElementsByTagName(\"script\")).filter(function(s){return !!s.innerHTML})[0].innerHTML.match(/over18[\\s\\S]*?'([^']+)/)[1]);e.style.display='none'}})()"},
"whitelist":"addons.mozilla.org addthis.com afx.ms atdmt.com bbcode.org bitdefender.com bleepingcomputer.com cbsistatic.com cloudfront.net cnet.com cnetstatic.com com.com computer-support.nl computerhope.com crowdscience.com disqus.com dll-files.com drweb.com exponential.com facebook.com facebook.net fbcdn.net feedburner.com firstdata.com firstdata.lv flashgot.net geekstogo.com gfx.ms gigya.com google-analytics.com google.com google.nl googleadservices.com googleapis.com googlesyndication.com googletagservices.com googleusercontent.com gstatic.com hotmail.com informaction.com intellitxt.com ip-adress.com ipaddress.com iperceptions.com jotti.org kaspersky-911.com kaspersky-labs.com kaspersky.com kontera.com literotica.com live.com malwarebytes.org maone.net microsoft.com mozilla.net mozilla.org msn.com netdna-cdn.com noscript.net passport.com passport.net passportimages.com paypal.com paypalobjects.com persona.org piriform.com providesupport.com quantserve.com scorecardresearch.com securecode.com skimresources.com techspot.com trialpay.com twitter.com viglink.com virustotal.com wlxrs.com wordpress.com yahoo.com yahooapis.com yimg.com youtube-nocookie.com youtube.com ytimg.com about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:credits about:home about:memory about:neterror about:plugins about:privatebrowsing about:sessionrestore about:support blob: chrome: file:// http://addthis.com http://afx.ms http://atdmt.com http://bbcode.org http://bitdefender.com http://bleepingcomputer.com http://cbsistatic.com http://cloudfront.net http://cnet.com http://cnetstatic.com http://com.com http://computer-support.nl http://computerhope.com http://crowdscience.com http://disqus.com http://dll-files.com http://drweb.com http://exponential.com http://facebook.com http://facebook.net http://fbcdn.net http://feedburner.com http://firstdata.com http://firstdata.lv http://flashgot.net http://geekstogo.com http://gfx.ms http://gigya.com http://google-analytics.com http://google.com http://google.nl http://googleadservices.com http://googleapis.com http://googlesyndication.com http://googletagservices.com http://googleusercontent.com http://gstatic.com http://hotmail.com http://informaction.com http://intellitxt.com http://ip-adress.com http://ipaddress.com http://iperceptions.com http://jotti.org http://kaspersky-911.com http://kaspersky-labs.com http://kaspersky.com http://kontera.com http://literotica.com http://live.com http://malwarebytes.org http://maone.net http://microsoft.com http://mozilla.net http://mozilla.org http://msn.com http://netdna-cdn.com http://noscript.net http://passport.com http://passport.net http://passportimages.com http://paypal.com http://paypalobjects.com http://persona.org http://piriform.com http://providesupport.com http://quantserve.com http://scorecardresearch.com http://securecode.com http://skimresources.com http://techspot.com http://trialpay.com http://twitter.com http://viglink.com http://virustotal.com http://wlxrs.com http://wordpress.com http://yahoo.com http://yahooapis.com http://yimg.com http://youtube-nocookie.com http://youtube.com http://ytimg.com https://addthis.com https://afx.ms https://atdmt.com https://bbcode.org https://bitdefender.com https://bleepingcomputer.com https://cbsistatic.com https://cloudfront.net https://cnet.com https://cnetstatic.com https://com.com https://computer-support.nl https://computerhope.com https://crowdscience.com https://disqus.com https://dll-files.com https://drweb.com https://exponential.com https://facebook.com https://facebook.net https://fbcdn.net https://feedburner.com https://firstdata.com https://firstdata.lv https://flashgot.net https://geekstogo.com https://gfx.ms https://gigya.com https://google-analytics.com https://google.com https://google.nl https://googleadservices.com https://googleapis.com https://googlesyndication.com https://googletagservices.com https://googleusercontent.com https://gstatic.com https://hotmail.com https://informaction.com https://intellitxt.com https://ip-adress.com https://ipaddress.com https://iperceptions.com https://jotti.org https://kaspersky-911.com https://kaspersky-labs.com https://kaspersky.com https://kontera.com https://literotica.com https://live.com https://malwarebytes.org https://maone.net https://microsoft.com https://mozilla.net https://mozilla.org https://msn.com https://netdna-cdn.com https://noscript.net https://passport.com https://passport.net https://passportimages.com https://paypal.com https://paypalobjects.com https://persona.org https://piriform.com https://providesupport.com https://quantserve.com https://scorecardresearch.com https://securecode.com https://skimresources.com https://techspot.com https://trialpay.com https://twitter.com https://viglink.com https://virustotal.com https://wlxrs.com https://wordpress.com https://yahoo.com https://yahooapis.com https://yimg.com https://youtube-nocookie.com https://youtube.com https://ytimg.com resource:",
"V":"2.6"
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL LOG
OTL logfile created on: 22-11-2012 21:11:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
766,33 Mb Total Physical Memory | 90,27 Mb Available Physical Memory | 11,78% Memory free
1,83 Gb Paging File | 1,21 Gb Available in Paging File | 65,85% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,78 Gb Total Space | 8,95 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
Drive D: | 11,71 Gb Total Space | 11,64 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 480,35 Mb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive F: | 996,18 Mb Total Space | 988,25 Mb Free Space | 99,20% Space Free | Partition Type: NTFS
Drive G: | 17,58 Gb Total Space | 16,79 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive I: | 5,85 Gb Total Space | 5,81 Gb Free Space | 99,34% Space Free | Partition Type: NTFS
Computer Name: CREATIEF | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012-11-22 21:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
PRC - [2012-10-27 18:40:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-09-12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-08-25 21:28:02 | 000,019,216 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
PRC - [2012-08-25 21:28:00 | 000,026,896 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieRpcSs.exe
PRC - [2012-08-25 21:27:58 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012-08-25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012-07-25 09:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012-07-25 09:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012-07-13 02:30:06 | 000,384,232 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012-05-31 17:26:34 | 003,006,840 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2012-05-31 17:26:34 | 000,374,160 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-02 19:50:58 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2003-06-02 19:22:54 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
========== Modules (No Company Name) ==========
MOD - [2012-11-09 17:47:37 | 014,586,808 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012-10-27 18:40:23 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-06-20 22:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2003-04-30 20:43:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-11-09 17:47:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-27 18:40:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-09-09 15:43:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012-08-25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012-07-25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012-07-25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012-06-11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-05-31 17:26:34 | 000,374,160 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2012-04-25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Disabled | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012-04-11 21:55:30 | 000,175,632 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\internet explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-08-25 21:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012-06-11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012-05-25 18:34:42 | 000,135,272 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2012-01-09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012-01-09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012-01-09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012-01-09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2003-11-07 18:23:58 | 000,248,752 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2003-09-26 08:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003-08-29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002-10-09 08:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-08 01:40:18&v=8.0.0.40&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DE65E20D-2A7F-435E-B9E1-ADE46B0AFDE7}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {6614d11d-d21d-b211-ae23-815234e1ebb5}:2.7.0
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "WOT Safe Search"
FF - user.js..browser.search.useDBForOrder: true
FF - user.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - user.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - user.js..extensions.enabledAddons: {6614d11d-d21d-b211-ae23-815234e1ebb5}:2.7.0
FF - user.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - user.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - user.js..network.proxy.no_proxies_on: ""
FF - user.js..network.proxy.socks_version: 4
FF - user.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-27 18:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-13 20:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: K:\Mozilla\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: K:\Mozilla\plugins
[2011-09-10 18:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2012-11-22 19:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions
[2012-10-02 21:27:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012-09-22 00:57:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2012-10-31 23:09:43 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012-09-07 20:22:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\https-everywhere@eff(2).org
[2012-11-22 19:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\trash
[2012-01-10 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\kkayrnn2.default\extensions
[2012-10-04 20:55:11 | 000,007,532 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2012-10-04 20:16:26 | 000,164,885 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
[2012-11-22 19:53:08 | 000,530,519 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012-11-21 20:13:03 | 000,804,737 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-01-24 14:17:21 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012-11-15 02:46:36 | 000,530,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\trash\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012-11-21 20:10:59 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\searchplugins\wot-safe-search.xml
[2012-10-13 20:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-13 20:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2012-10-13 20:19:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions(2)
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012-10-27 18:40:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-09-09 14:41:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-10-13 20:20:34 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012-11-10 16:40:21 | 000,444,707 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35751F28-AEA5-4E74-B19B-CA68D7DF5B51}: DhcpNameServer = 192.168.2.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-09-09 11:50:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-09-24 20:23:36 | 000,000,000 | R--D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012-11-22 21:09:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-11-22 19:34:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eigenaar\Onlangs geopend
[2012-11-21 21:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Privatefirewall
[2012-11-21 21:12:48 | 000,135,272 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2012-11-21 21:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Privatefirewall 7.0
[2012-11-21 21:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2012-11-21 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
[2012-11-11 20:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Kaspersky Security Scan
[2012-11-11 20:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012-11-11 20:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012-11-06 18:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\SECURITY TOOLS 120212
[2012-11-03 20:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\121103_INI_DOC
[2012-11-03 20:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\121103_TXT DOC
[2012-10-29 21:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-10-28 17:56:30 | 000,223,232 | ---- | C] (www.libellules.ch) -- C:\Documents and Settings\Eigenaar\Bureaublad\CanRemember.exe
[2011-12-02 12:15:40 | 000,637,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2011-12-02 12:15:40 | 000,557,368 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012-11-22 21:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-11-22 19:44:49 | 000,001,236 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012-11-22 19:33:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-11-21 21:12:40 | 000,000,514 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012-11-21 14:32:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-11-15 07:36:59 | 000,499,912 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-11-15 07:36:59 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-11-15 07:36:59 | 000,086,902 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-11-15 07:36:58 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-11-11 20:10:10 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Kaspersky Security Scan.lnk
[2012-11-11 10:09:55 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-11-11 08:49:16 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2012-11-10 16:40:21 | 000,444,707 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-11-09 17:47:47 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-11-03 20:05:29 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2012-10-28 23:37:30 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-10-28 23:37:30 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
[2012-10-27 18:46:41 | 000,444,581 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121110-164020.backup
[2012-10-24 20:03:32 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\FileASSASSIN.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012-11-11 20:10:49 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Kaspersky Security Scan.lnk
[2012-11-11 10:09:55 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012-11-03 20:05:29 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2012-10-28 23:37:30 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-10-20 21:55:56 | 000,113,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012-10-04 20:42:15 | 000,001,236 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012-02-17 14:39:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-05 01:11:43 | 000,000,757 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-01-04 18:06:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-01-04 18:06:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-12-23 18:35:22 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\prfh0413.dat
[2011-12-23 18:35:22 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\prfc0413.dat
[2011-12-15 20:09:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-11-09 12:28:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011-11-05 12:52:32 | 000,049,648 | ---- | C] () -- C:\Program Files\autoruns.chm
[2011-09-18 21:45:53 | 000,000,465 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011-09-09 15:05:50 | 058,948,168 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2011-09-09 13:41:33 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-09-09 13:34:44 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-09-09 11:57:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-09-09 11:47:33 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012-03-19 19:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2011-06-21 19:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 11:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-14 21:32:46 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011-09-11 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012-10-05 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011-09-18 21:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011-09-10 19:30:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-08-28 04:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012-08-29 21:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012-10-19 22:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011-09-19 15:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012-01-05 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012-08-28 04:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-11-21 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2012-09-26 02:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012-10-29 21:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-12-09 04:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Agics
[2011-09-11 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Auslogics
[2012-09-07 20:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Downloaded Installations
[2012-03-19 20:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\ElevatedDiagnostics
[2012-10-20 00:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\IObit
[2011-09-28 19:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Nitro PDF
[2012-08-28 04:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Nokia
[2012-10-02 16:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Opera
[2012-08-28 04:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\PC Suite
[2012-10-09 18:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Process Hacker 2
[2012-10-31 21:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\QuickScan
[2011-12-28 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Thunderbird
[2012-09-15 23:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\TweakNow PowerPack 2011
[2012-02-14 19:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\WinPatrol
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >