Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XSS Attack


  • Please log in to reply

#1
SpyCatsher

SpyCatsher

    Member

  • Member
  • PipPipPip
  • 141 posts
I had a Cross Scripting Attack (XSS) about 2 weeks ago while using G2G BBCode Editor. I was working on a PL; when I clicked on PREVIEW a black curtain covered most of the desktop above my text, which I could scroll up and down. At the same time a message came from NOSCRIPT: "Potential XSS Attack is filtered". That was very frustrating because all the work I did was gone. The following day I tried a short text using BlueLine, just to see how things would go. When I clicked on BROWSER VIEW I had the same problem.

I've been using G2G Editor again with no problem; I'm glad about this; but I would like to know why the attack stopped! Reason of this post is if you please can help me clearing the XSS-Script; so I can make clean HTML-Files of my Canned Speeches, without getting distorted by the XSS bug as mentioned above.

This matter is new for me, so I searched about it on the web and read this link: http://en.wikipedia....-site_scripting _ 2.2 Persistent XSS_ mentions that XSS can be stored on the server of the Hosting Website. I don't know if thats the case! I scanned with Eset online-scan, Karspensky, MBAM, SAS, Spybot, Defender, MSE; nothing was found and I couldn’t remove the malicious script. I also tried another browser but to no avail. I've kept the infected HTLM-Files. I also disabled Jafa on Firefox.

N.B. I posted this post and something went wrong; I think! If that was not the case; my excuse! Its not my intention to double my post.


Regards,

SpyCatsher
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XSS Log

{"prefs":{
"clearClick.plugins":true,
"autoReload.embedders":1,
"proxiedDNS":0,
"showExternalFilters":true,
"surrogate.adagionet.sources":".adagionet.com",
"toStaticHTML":true,
"globalwarning":true,
"forbidExtProtSubdocs":true,
"surrogate.digg.replacement":"window.location.href=document.querySelector('link[rel=canonical]').href",
"surrogate.adfly.replacement":"for each(let s in document.getElementsByTagName('script')){let m=s.textContent.match(/\\bcountdown\\b[\\s\\S]+\\bvar\\s+url\\s+=\\s+[\"'](https?:[^'\"]+)/);if(m){window.location.href=m[1];break}}",
"surrogate.ab_adtiger.replacement":"adspirit_pid={}",
"forbidSilverlight":true,
"cp.last":true,
"filterXExceptions.ggadgets":true,
"sound":false,
"compat.gnotes":true,
"surrogate.picsee.sources":"!^https?://picsee\\.net/2\\d.*\\.html",
"forbidFrames":false,
"docShellJSBlocking":1,
"untrustedGranularity":3,
"forbidFlash":true,
"filterXExceptions.readability":true,
"forbidXBL":1,
"allowLocalLinks":false,
"filterXExceptions.zendesk":true,
"showTemp":true,
"xss.trustExternal":true,
"injectionCheck":2,
"hoverUI.delayExit1":250,
"surrogate.imagebam.sources":"!@*.imagebam.com",
"subscription.lastCheck":-382408154,
"showPlaceholder":true,
"toolbarToggle":3,
"surrogate.ab_adsense.sources":"pagead2.googlesyndication.com",
"notify.hide":false,
"showGlobal":true,
"surrogate.popunder.exceptions":".meebo.com",
"surrogate.skimlinks.sources":".skimlinks.com/api/",
"safeJSRx":"(?:window\\.)?close\\s*\\(\\)",
"firstRunRedirection":true,
"secureCookiesExceptions":"",
"secureCookiesForced":"",
"ABE.notify.namedLoopback":false,
"fixURI.exclude":"",
"alwaysBlockUntrustedContent":true,
"notify.hidePermanent":true,
"nselNever":false,
"surrogate.imagebunk.replacement":"document.body.insertBefore(document.getElementById('img_obj'), document.body.firstChild)",
"forbidPlugins":true,
"jsredirectIgnore":false,
"surrogate.adriver.sources":"ad.adriver.ru/cgi-bin/erle.cgi",
"oldStylePartial":false,
"consoleDump":0,
"surrogate.glinks.sources":"!@^https?://[^/]+google\\..*/search",
"autoReload.global":true,
"xss.notify.subframes":true,
"surrogate.qs.sources":"edge.quantserve.com",
"truncateTitle":true,
"showRecentlyBlocked":true,
"subscription.checkInterval":24,
"forbidIFramesParentTrustCheck":true,
"confirmUnsafeReload":true,
"flashPatch":true,
"STS.expertErrorUI":false,
"allowURLBarJS":false,
"surrogate.revsci.replacement":"rsinetsegs=[];DM_addEncToLoc=DM_tag=function(){};",
"ef.Blitzableiter.whitelist":"",
"surrogate.ga.sources":"*.google-analytics.com",
"showDistrust":true,
"sound.oncePerSite":true,
"filterXExceptions.lycosmail":true,
"showDomain":false,
"filterXExceptions.letitbit":true,
"noping":true,
"showUntrusted":true,
"placeholderLongTip":true,
"secureCookies":false,
"forbidData":true,
"surrogate.picbucks.replacement":"for each(let s in document.getElementsByTagName('script')) { let m = s.textContent.match(/Lbjs\\.TargetUrl = '(http[^']*)/); if (m) { location.href = m[1]; break; } }",
"removeSMILKeySniffer":true,
"logDNS":false,
"dropXssProtection":true,
"showBlockedObjects":true,
"httpsForced":"",
"visibleUIChecked":true,
"surrogate.qs.replacement":"window.quantserve=function(){}",
"forbidJava":true,
"silverlightPatch":true,
"urivalid.mailto":"[^\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]*",
"surrogate.facebook_connect.sources":"connect.facebook.net/en_US/all.js",
"allowPageLevel":0,
"surrogate.plusone.replacement":"gapi=function(){if(typeof Proxy==='undefined'){var f=arguments.callee;return f.__noSuchMethod__=f.plusone=f;}var p=Proxy.createFunction({get:function(proxy, name){return name in Object.prototype?Object.prototype[name]:P;}},function(){return p;});return p;}();",
"showAllowPage":true,
"ABE.skipBrowserRequests":true,
"clearClick":3,
"jsredirectForceShow":false,
"hoverUI.delayEnter":250,
"surrogate.ab_mirando.sources":"^http://get\\.mirando\\.",
"requireReloadRegExp":"application/x-vnd\\.moveplayer\\b.*",
"filterXExceptions.yahoo":true,
"ABE.allowRulesetRedir":false,
"ABE.wanIpAsLocal":true,
"surrogate.interstitialBox.replacement":"__defineSetter__('interstitialBox',function(){});__defineGetter__('interstitialBox',function(){return{}})",
"surrogate.imdb.replacement":"addEventListener('DOMContentLoaded',function(ev){ad_utils.render_ad=function(w){w.location=w.location.href.replace(/.*\\bTRAILER=([^&]+).*/,'$1')}},true)",
"ef.Blitzableiter.contentType":"shockwave|futuresplash",
"forbidActiveContentParentTrustCheck":true,
"canonicalFQDN":false,
"urivalid.aim":"\\w[^\\\\\\?&\\x00-\\x1f#]*(?:\\?[^\\\\\\x00-\\x1f#]*(?:#[\\w\\-\\.\\+@]{2,32})?)?",
"forbidBookmarklets":false,
"surrogate.uniblue.replacement":"for each(let l in document.links)if(/^https:\\/\\/store\\./.test(l.href)){l.setAttribute('href',l.href.replace(/.*?:/, ''));l.parentNode.replaceChild(l,l)}",
"forbidBGRefresh.exceptions":".mozilla.org",
"sync.enabled":false,
"placeholderMinSize":32,
"hoverUI.delayStop":50,
"surrogate.skimlinks.replacement":"window.skimlinks=function(){}",
"utf7filter":true,
"ef.Blitzableiter.name":"Blitzableiter",
"alwaysShowObjectSources":false,
"forbidMedia":true,
"filterXExceptions.livejournal":true,
"ABE.migration":1,
"surrogate.ab_binlayer.sources":"^http://view\\.binlay(?:er)\\.",
"showBaseDomain":true,
"allowClipboard":false,
"xss.trustReloads":false,
"filterXExceptions.fbconnect":true,
"consoleLog":false,
"xss.checkInclusions":true,
"notify":true,
"showBlankSources":false,
"surrogate.nscookie.sources":"@*.facebook.com",
"stickyUI":true,
"autoAllow":0,
"surrogate.sandbox":true,
"allowBookmarkletImports":true,
"emulateFrameBreak":true,
"forbidMetaRefresh.notify":true,
"forbidMetaRefresh.remember":false,
"surrogate.enabled":true,
"truncateTitleLen":255,
"fixURI":true,
"placesPrefs":false,
"surrogate.ab_adsense.replacement":"gaGlobal={}",
"ABE.rulesets.SYSTEM":"# Prevent Internet sites from requesting LAN resources.\r\nSite LOCAL\r\nAccept from LOCAL\r\nDeny",
"clearClick.subexceptions":"^http://bit(?:ly\\.com|\\.ly)/a/sidebar\\?u= http://*.uservoice.com/*/popin.html?* http://w.sharethis.c...lightbox.html?* http://disqus.com/embed/* *.disqus.com/*/reply.html* http://www.feedly.com/mini abine:*",
"allowCachingObjects":true,
"surrogate.nscookie.replacement":"document.cookie='noscript=; domain=.facebook.com; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT;'",
"surrogate.adfly.sources":"!@.adf.ly",
"surrogate.ab_adscale.replacement":"adscale={}",
"policynames":"",
"allowHttpsOnly":0,
"showTempToPerm":true,
"forbidIFrames":false,
"ABE.disabledRulesetNames":"",
"surrogate.ab_bidvertiser.replacement":"report_error=function(){}",
"contentBlocker":false,
"surrogate.twitter.sources":"platform.twitter.com",
"surrogate.adriver.replacement":"if(top!==self&&top.location.href===location.href)setTimeout('try{document.close();}catch(e){}',100)",
"options.tabSelectedIndexes":"5,2,0",
"jsHack":"",
"secureCookies.recycle":false,
"filterXGetUserRx":"",
"asyncNetworking":true,
"doNotTrack.forced":"",
"surrogate.imagebunk.sources":"!http://imagebunk.com/image/*",
"ABE.siteEnabled":false,
"showTempAllowPage":true,
"xss.notify":true,
"allowURLBarImports":false,
"surrogate.popunder.replacement":"(function(){var cookie=document.__proto__.__lookupGetter__('cookie');document.__proto__.__defineGetter__('cookie',function() {var c='; popunder=yes; popundr=yes; setover18=1';return (cookie.apply(this).replace(c,'')+c).replace(/^; /, '')});var fid='_FID_'+(Date.now().toString(16));var open=window.__proto__.open;window.__proto__.open=function(url,target,features){try{if(!(/^_(?:top|parent|self)$/i.test(target)||target in frames)){var suspSrc,suspCall,ff=[],ss=new Error().stack.split('\\n').length;if(/popunde?r/i.test(target))return ko();for(var f,ev,aa=arguments;stackSize-->2&&aa.callee&&(f=aa.callee.caller)&&ff.indexOf(f)<0;ff.push(f)){aa=f.arguments;if(!aa)break;ev=aa[0];suspCall=f.name=='doPopUnder';if(!suspSrc)suspSrc=suspCall||/(?:\\bpopunde?r|\\bfocus\\b.*\\bblur|\\bblur\\b.*\\bfocus|[pP]uShown)\\b/.test(f.toSource());if(suspCall||ev&&typeof ev=='object'&&('type' in ev)&&ev.type=='click'&&ev.button===0&&(ev.currentTarget===document||('tagName' in ev.currentTarget)&&'body'==ev.currentTarget.tagName.toLowerCase())&&!(('href' in ev.target)&&ev.target.href&&(ev.target.href.indexOf(url)===0||url.indexOf(ev.target.href)===0))){if(suspSrc)return ko();}}}}catch(e){}return open.apply(null, arguments);function ko(){var fr=document.getElementById(fid)||document.body.appendChild(document.createElement('iframe'));fr.id=fid;fr.src='data:text/html,';fr.style.display='none';var w=fr.contentWindow;w.blur=function(){};return w;}}})()",
"xss.trustData":true,
"keys.toggle":"ctrl shift VK_BACK_SLASH.|",
"surrogate.revsci.sources":"js.revsci.net",
"forbidFonts":true,
"injectionCheckHTML":true,
"surrogate.interstitialBox.sources":"@*.imagevenue.com",
"surrogate.popunder.sources":"@^http:\\/\\/[\\w\\-\\.]+\\.[a-z]+ wyciwyg:",
"liveConnectInterception":true,
"global":false,
"surrogate.facebook_connect.replacement":"FB=function(){if(typeof Proxy==='undefined'){var f=arguments.callee;return f.__noSuchMethod__=f.Event=f;}var p=Proxy.createFunction({get:function(proxy, name){return name in Object.prototype?Object.prototype[name]:P;}},function(){return p;});return p;}();",
"secureCookies.perTab":false,
"surrogate.debug":false,
"notify.bottom":true,
"forbidMetaRefresh.exceptions":"^https?://(?:www|encrypted)\\.google\\.(?:[a-z]{2,3}|[a-z]{2}\\.[a-z]{2,3})/ t.co",
"ajaxFallback.enabled":true,
"hoverUI.delayExit2":300,
"surrogate.amo.replacement":"addEventListener('click',function(e){if(e.button)return;var a=e.target.parentNode;var hash=a.getAttribute('data-hash');if(hash){var b=a.parentNode.parentNode;InstallTrigger.install({x:{URL:a.href,IconURL:b.getAttribute('data-icon'),Hash:hash,toString:function(){return a.href}}});e.preventDefault()}},false)",
"surrogate.plusone.sources":"apis.google.com/js/plusone.js",
"autoReload.useHistory.exceptCurrent":true,
"surrogate.glinks.replacement":"for each(let et in ['focus','mouseover','mousedown','click'])addEventListener(et,function(e){var a=e.target;do{if(a.href&&!a._href){a._href=a.href=a.href.replace(/.*\\/url.*[?&](?:url|q)=(http[^&]+).*/,function(a,b)decodeURIComponent(b));if(/\\brwt\\(/.test(a.getAttribute('onmousedown')))a.removeAttribute('onmousedown')}}while(a=a.parentNode)},true)",
"smartClickToPlay":true,
"surrogate.ab_mirando.replacement":"Mirando={}",
"autoReload.onMultiContent":false,
"surrogate.ab_mirago.replacement":"HLSysBannerUrl=''",
"trustEV":false,
"ef.enabled":false,
"ABE.rulesets.USER":"# User-defined rules. Feel free to experiment here.\r\n",
"forbidWebGL":false,
"surrogate.ab_bidvertiser.sources":"^http://bdv\\.bidvert",
"filterXExceptions.verizon":true,
"surrogate.imagehaven.sources":"!@*.imagehaven.net",
"surrogate.googleThumbs.replacement":"(function(){var ss=document.getElementsByTagName('script');var s,t,m,id,i;for(var j=ss.length;j-->0;)if(((s=ss[j])&&(t=s.firstChild&&s.firstChild.nodeValue)&&(id=t.match(/\\w+thumb\\d+/))&&(m=t.match(/['\"](data:[^'\"]+)/)))&&(i=document.getElementById(id)))i.src=m[1].replace(/\\\\(u[0-9a-f]{4}|x[0-9a-f]{2})/ig,function(a,b){return String.fromCharCode(parseInt(b.substring(1), 16))})})()",
"confirmUnblock":true,
"tempGlobal":false,
"keys.ui":"ctrl shift S",
"doNotTrack.exceptions":"",
"clearClick.exceptions":".mail.yahoo.com https://mail.google.com/ *.ebay.com *.photobucket.com",
"nosniff":true,
"menuAccelerators":false,
"filterXPost":true,
"ABE.wanIpCheckURL":"https://secure.infor...on.com/ipecho/",
"keys.revokeTemp":"",
"clearClick.rapidFireCheck":true,
"fixLinks":true,
"frameOptions.enabled":true,
"eraseFloatingElements":true,
"inclusionTypeChecking":true,
"recentlyBlockedCount":10,
"clearClick.threshold":18,
"statusIcon":true,
"forbidIFramesContext":3,
"hideOnUnloadRegExp":"video/.*",
"autoReload.useHistory":false,
"surrogate.digg.sources":"!@digg.com/newsbar/*",
"hoverUI":false,
"filterXExceptions":"^https?://([a-z]+)\\.google\\.(?:[a-z]{1,3}\\.)?[a-z]+/(?:search|custom|\\1)\\?\n^https?://([a-z]*)\\.?search\\.yahoo\\.com/search(?:\\?|/\\1\\b)\n^https?://[a-z]+\\.wikipedia\\.org/wiki/[^\"<>\\?%]+$\n^https?://translate\\.google\\.com/translate_t[^\"'<>\\?%]+$\n^https://secure\\.wikimedia\\.org/wikipedia/[a-z]+/wiki/[^\"<>\\?%]+$",
"recentlyBlockedLevel":0,
"clearClick.prompt":true,
"ABE.notify":true,
"surrogate.picsee.replacement":"location.replace(location.href.replace(/(\\/2\\d{3}[^\\/]*)(.*)\\.html/, '/upload$1/$2'));",
"showUntrustedPlaceholder":true,
"forbidImpliesUntrust":false,
"jsHackRegExp":"",
"allowedMimeRegExp":"",
"ctxMenu":true,
"subscription.trustedURL":"",
"filterXExceptions.blogspot":true,
"STS.enabled":true,
"filterXExceptions.medicare":true,
"stickyUI.liveReload":false,
"autoReload.allTabsOnGlobal":false,
"surrogate.ab_adtiger.sources":"^http://ads\\.adtiger\\.",
"lockPrivilegedUI":false,
"gtemp":"",
"compat.evernote":true,
"autoReload.allTabs":true,
"autoReload":true,
"inclusionTypeChecking.checkDynamic":false,
"nselForce":true,
"surrogate.picbucks.sources":"!*.picbucks.com",
"nselNoMeta":true,
"forbidMetaRefresh":false,
"surrogate.ab_adscale.sources":"js.adscale.de",
"statusLabel":false,
"excaps":true,
"surrogate.amo.sources":"!https://addons.mozilla.org/",
"surrogate.yieldman.replacement":"rmAddKey=rmAddCustomKey=rmShowAd=rmShowPop=rmShowInterstitial=rmGetQueryParameters=rmGetSize=rmGetWindowUrl=rmGetPubRedirect=rmGetClickUrl=rmReplace=rmTrim=rmUrlEncode=rmCanShowPop=rmCookieExists=rmWritePopFrequencyCookie=rmWritePopExpirationCookie=flashIntalledCookieExists=writeFlashInstalledCookie=flashDetection=rmGetCookie=function(){}",
"siteInfoProvider":"http://noscript.net/...,
"clearClick.debug":false,
"ABE.legacyPrompt":false,
"surrogate.ab_binlayer.replacement":"blLayer={}",
"surrogate.imagehaven.replacement":"['agreeCont','TransparentBlack'].forEach(function(id){var o=document.getElementById(id);if(o)o.style.display='none'})",
"surrogate.yieldman.sources":"*.yieldmanager.com",
"xss.checkInclusions.exceptions":"intensedebate.com/idc/js/",
"hoverUI.excludeToggling":true,
"surrogate.ab_mirago.sources":"^http://intext\\.mirago\\.",
"forbidBGRefresh":1,
"keys.tempAllowPage":"",
"https.showInConsole":true,
"filterXGetRx":"<+(?=[^<>=\\-\\d\\. /\\(])|[\\\\\"\\x00-\\x07\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F]",
"forbidMixedFrames":true,
"jsredirectFollow":false,
"ignorePorts":true,
"forbidXHR":1,
"xss.trustTemp":true,
"surrogate.disqus-theme.sources":">.disqus.com/*/build/themes/t_c4ca4238a0b923820dcc509a6f75849b.js*",
"injectionCheckPost":true,
"notify.hideDelay":5,
"forbidXSLT":true,
"ABE.enabled":true,
"surrogate.twitter.replacement":"twttr=function(){if(typeof Proxy==='undefined'){var f=arguments.callee;return f.__noSuchMethod__=f.events=f.anywhere=f};var p=Proxy.createFunction({get:function(proxy, name){return name in Object.prototype?Object.prototype[name]:P;}},function(){return p;});return p;}();",
"filterXExceptions.visa":true,
"stickyUI.onKeyboard":true,
"surrogate.adagionet.replacement":"adagioWriteTag=adagioWriteBanner=function(){}",
"badInstall":false,
"whitelistRegExp":"",
"ef.Blitzableiter.exe":"",
"surrogate.imdb.sources":"@*.imdb.com/video/*",
"filterXGet":true,
"autoReload.allTabsOnPageAction":true,
"collapseObject":false,
"surrogate.disqus-theme.replacement":"DISQUS.dtpl.actions.register('comments.reply.new.onLoadingStart', function() { DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingStart'); DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingEnd');});",
"showAddress":false,
"doNotTrack.enabled":true,
"surrogate.googleThumbs.sources":"!^https?://www\\.google\\.[a-z]+/search",
"showPermanent":true,
"ABE.localExtras":"",
"audioApiInterception":true,
"surrogate.uniblue.sources":"!@.uniblue.com .liutilities.com",
"sound.block":"chrome://noscript/skin/block.wav",
"surrogate.ga.replacement":"(function(){var _0=function(){return _0;};_0.__noSuchMethod__=_0;with(window)urchinTracker=_0,_gaq={__noSuchMethod__:_0,push:_0,_link:function(h){if(h)location.href=h},_linkByPost:function(){return true},_getLinkerUrl:function(u){return u},_trackEvent:_0},_gat={__noSuchMethod__:function(){return _gaq}}})()",
"allowBookmarks":false,
"inclusionTypeChecking.exceptions":"https://scache.vzw.com/ http://cache.vzw.com .sony-europe.com .amazonaws.com lesscss.googlecode.com/files/ .hp-ww.com",
"showRevokeTemp":true,
"filterXExceptions.deviantart":true,
"toggle.temp":true,
"frameOptions.parentWhitelist":"https://mail.google.com/*",
"subscription.untrustedURL":"",
"surrogate.imagebam.replacement":"(function(){if(\"over18\" in window){var _do=doOpen;doOpen=function(){};over18();doOpen=_do}else{var e=document.getElementById(Array.slice(document.getElementsByTagName(\"script\")).filter(function(s){return !!s.innerHTML})[0].innerHTML.match(/over18[\\s\\S]*?'([^']+)/)[1]);e.style.display='none'}})()"},
"whitelist":"addons.mozilla.org addthis.com afx.ms atdmt.com bbcode.org bitdefender.com bleepingcomputer.com cbsistatic.com cloudfront.net cnet.com cnetstatic.com com.com computer-support.nl computerhope.com crowdscience.com disqus.com dll-files.com drweb.com exponential.com facebook.com facebook.net fbcdn.net feedburner.com firstdata.com firstdata.lv flashgot.net geekstogo.com gfx.ms gigya.com google-analytics.com google.com google.nl googleadservices.com googleapis.com googlesyndication.com googletagservices.com googleusercontent.com gstatic.com hotmail.com informaction.com intellitxt.com ip-adress.com ipaddress.com iperceptions.com jotti.org kaspersky-911.com kaspersky-labs.com kaspersky.com kontera.com literotica.com live.com malwarebytes.org maone.net microsoft.com mozilla.net mozilla.org msn.com netdna-cdn.com noscript.net passport.com passport.net passportimages.com paypal.com paypalobjects.com persona.org piriform.com providesupport.com quantserve.com scorecardresearch.com securecode.com skimresources.com techspot.com trialpay.com twitter.com viglink.com virustotal.com wlxrs.com wordpress.com yahoo.com yahooapis.com yimg.com youtube-nocookie.com youtube.com ytimg.com about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:credits about:home about:memory about:neterror about:plugins about:privatebrowsing about:sessionrestore about:support blob: chrome: file:// http://addthis.com http://afx.ms http://atdmt.com http://bbcode.org http://bitdefender.com http://bleepingcomputer.com http://cbsistatic.com http://cloudfront.net http://cnet.com http://cnetstatic.com http://com.com http://computer-support.nl http://computerhope.com http://crowdscience.com http://disqus.com http://dll-files.com http://drweb.com http://exponential.com http://facebook.com http://facebook.net http://fbcdn.net http://feedburner.com http://firstdata.com http://firstdata.lv http://flashgot.net http://geekstogo.com http://gfx.ms http://gigya.com http://google-analytics.com http://google.com http://google.nl http://googleadservices.com http://googleapis.com http://googlesyndication.com http://googletagservices.com http://googleusercontent.com http://gstatic.com http://hotmail.com http://informaction.com http://intellitxt.com http://ip-adress.com http://ipaddress.com http://iperceptions.com http://jotti.org http://kaspersky-911.com http://kaspersky-labs.com http://kaspersky.com http://kontera.com http://literotica.com http://live.com http://malwarebytes.org http://maone.net http://microsoft.com http://mozilla.net http://mozilla.org http://msn.com http://netdna-cdn.com http://noscript.net http://passport.com http://passport.net http://passportimages.com http://paypal.com http://paypalobjects.com http://persona.org http://piriform.com http://providesupport.com http://quantserve.com http://scorecardresearch.com http://securecode.com http://skimresources.com http://techspot.com http://trialpay.com http://twitter.com http://viglink.com http://virustotal.com http://wlxrs.com http://wordpress.com http://yahoo.com http://yahooapis.com http://yimg.com http://youtube-nocookie.com http://youtube.com http://ytimg.com https://addthis.com https://afx.ms https://atdmt.com https://bbcode.org https://bitdefender.com https://bleepingcomputer.com https://cbsistatic.com https://cloudfront.net https://cnet.com https://cnetstatic.com https://com.com https://computer-support.nl https://computerhope.com https://crowdscience.com https://disqus.com https://dll-files.com https://drweb.com https://exponential.com https://facebook.com https://facebook.net https://fbcdn.net https://feedburner.com https://firstdata.com https://firstdata.lv https://flashgot.net https://geekstogo.com https://gfx.ms https://gigya.com https://google-analytics.com https://google.com https://google.nl https://googleadservices.com https://googleapis.com https://googlesyndication.com https://googletagservices.com https://googleusercontent.com https://gstatic.com https://hotmail.com https://informaction.com https://intellitxt.com https://ip-adress.com https://ipaddress.com https://iperceptions.com https://jotti.org https://kaspersky-911.com https://kaspersky-labs.com https://kaspersky.com https://kontera.com https://literotica.com https://live.com https://malwarebytes.org https://maone.net https://microsoft.com https://mozilla.net https://mozilla.org https://msn.com https://netdna-cdn.com https://noscript.net https://passport.com https://passport.net https://passportimages.com https://paypal.com https://paypalobjects.com https://persona.org https://piriform.com https://providesupport.com https://quantserve.com https://scorecardresearch.com https://securecode.com https://skimresources.com https://techspot.com https://trialpay.com https://twitter.com https://viglink.com https://virustotal.com https://wlxrs.com https://wordpress.com https://yahoo.com https://yahooapis.com https://yimg.com https://youtube-nocookie.com https://youtube.com https://ytimg.com resource:",
"V":"2.6"
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL LOG

OTL logfile created on: 22-11-2012 21:11:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

766,33 Mb Total Physical Memory | 90,27 Mb Available Physical Memory | 11,78% Memory free
1,83 Gb Paging File | 1,21 Gb Available in Paging File | 65,85% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,78 Gb Total Space | 8,95 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
Drive D: | 11,71 Gb Total Space | 11,64 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 480,35 Mb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive F: | 996,18 Mb Total Space | 988,25 Mb Free Space | 99,20% Space Free | Partition Type: NTFS
Drive G: | 17,58 Gb Total Space | 16,79 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive I: | 5,85 Gb Total Space | 5,81 Gb Free Space | 99,34% Space Free | Partition Type: NTFS

Computer Name: CREATIEF | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-22 21:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
PRC - [2012-10-27 18:40:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-09-12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-08-25 21:28:02 | 000,019,216 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
PRC - [2012-08-25 21:28:00 | 000,026,896 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieRpcSs.exe
PRC - [2012-08-25 21:27:58 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012-08-25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012-07-25 09:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012-07-25 09:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012-07-13 02:30:06 | 000,384,232 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012-05-31 17:26:34 | 003,006,840 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2012-05-31 17:26:34 | 000,374,160 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-02 19:50:58 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2003-06-02 19:22:54 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012-11-09 17:47:37 | 014,586,808 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012-10-27 18:40:23 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-06-20 22:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2003-04-30 20:43:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-11-09 17:47:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-27 18:40:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-09-09 15:43:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012-08-25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012-07-25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012-07-25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012-06-11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-05-31 17:26:34 | 000,374,160 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2012-04-25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Disabled | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012-04-11 21:55:30 | 000,175,632 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\internet explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-08-25 21:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012-06-11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012-05-25 18:34:42 | 000,135,272 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2012-01-09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012-01-09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012-01-09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012-01-09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2003-11-07 18:23:58 | 000,248,752 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2003-09-26 08:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003-08-29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002-10-09 08:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-08 01:40:18&v=8.0.0.40&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DE65E20D-2A7F-435E-B9E1-ADE46B0AFDE7}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {6614d11d-d21d-b211-ae23-815234e1ebb5}:2.7.0
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "WOT Safe Search"
FF - user.js..browser.search.useDBForOrder: true
FF - user.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - user.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - user.js..extensions.enabledAddons: {6614d11d-d21d-b211-ae23-815234e1ebb5}:2.7.0
FF - user.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - user.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - user.js..network.proxy.no_proxies_on: ""
FF - user.js..network.proxy.socks_version: 4
FF - user.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-27 18:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-13 20:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: K:\Mozilla\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: K:\Mozilla\plugins

[2011-09-10 18:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2012-11-22 19:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions
[2012-10-02 21:27:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012-09-22 00:57:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2012-10-31 23:09:43 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012-09-07 20:22:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\https-everywhere@eff(2).org
[2012-11-22 19:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\trash
[2012-01-10 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\kkayrnn2.default\extensions
[2012-10-04 20:55:11 | 000,007,532 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2012-10-04 20:16:26 | 000,164,885 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
[2012-11-22 19:53:08 | 000,530,519 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012-11-21 20:13:03 | 000,804,737 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-01-24 14:17:21 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012-11-15 02:46:36 | 000,530,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\trash\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012-11-21 20:10:59 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\searchplugins\wot-safe-search.xml
[2012-10-13 20:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-13 20:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2012-10-13 20:19:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions(2)
[2012-10-27 17:03:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012-10-27 18:40:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-09-09 14:41:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-10-13 20:20:34 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012-11-10 16:40:21 | 000,444,707 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35751F28-AEA5-4E74-B19B-CA68D7DF5B51}: DhcpNameServer = 192.168.2.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-09-09 11:50:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-09-24 20:23:36 | 000,000,000 | R--D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-22 21:09:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-11-22 19:34:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eigenaar\Onlangs geopend
[2012-11-21 21:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Privatefirewall
[2012-11-21 21:12:48 | 000,135,272 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2012-11-21 21:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Privatefirewall 7.0
[2012-11-21 21:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2012-11-21 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
[2012-11-11 20:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Kaspersky Security Scan
[2012-11-11 20:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012-11-11 20:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012-11-06 18:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\SECURITY TOOLS 120212
[2012-11-03 20:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\121103_INI_DOC
[2012-11-03 20:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\121103_TXT DOC
[2012-10-29 21:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-10-28 17:56:30 | 000,223,232 | ---- | C] (www.libellules.ch) -- C:\Documents and Settings\Eigenaar\Bureaublad\CanRemember.exe
[2011-12-02 12:15:40 | 000,637,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2011-12-02 12:15:40 | 000,557,368 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-22 21:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-11-22 19:44:49 | 000,001,236 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012-11-22 19:33:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-11-21 21:12:40 | 000,000,514 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012-11-21 14:32:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-11-15 07:36:59 | 000,499,912 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-11-15 07:36:59 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-11-15 07:36:59 | 000,086,902 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-11-15 07:36:58 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-11-11 20:10:10 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Kaspersky Security Scan.lnk
[2012-11-11 10:09:55 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-11-11 08:49:16 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2012-11-10 16:40:21 | 000,444,707 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-11-09 17:47:47 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-11-03 20:05:29 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2012-10-28 23:37:30 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-10-28 23:37:30 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
[2012-10-27 18:46:41 | 000,444,581 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121110-164020.backup
[2012-10-24 20:03:32 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\FileASSASSIN.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-11-11 20:10:49 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Kaspersky Security Scan.lnk
[2012-11-11 10:09:55 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012-11-03 20:05:29 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2012-10-28 23:37:30 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-10-20 21:55:56 | 000,113,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012-10-04 20:42:15 | 000,001,236 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012-02-17 14:39:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-05 01:11:43 | 000,000,757 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-01-04 18:06:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-01-04 18:06:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-12-23 18:35:22 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\prfh0413.dat
[2011-12-23 18:35:22 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\prfc0413.dat
[2011-12-15 20:09:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-11-09 12:28:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011-11-05 12:52:32 | 000,049,648 | ---- | C] () -- C:\Program Files\autoruns.chm
[2011-09-18 21:45:53 | 000,000,465 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011-09-09 15:05:50 | 058,948,168 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2011-09-09 13:41:33 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-09-09 13:34:44 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-09-09 11:57:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-09-09 11:47:33 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012-03-19 19:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2011-06-21 19:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 11:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-14 21:32:46 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011-09-11 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012-10-05 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011-09-18 21:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011-09-10 19:30:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-08-28 04:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012-08-29 21:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012-10-19 22:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011-09-19 15:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012-01-05 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012-08-28 04:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-11-21 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2012-09-26 02:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012-10-29 21:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-12-09 04:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Agics
[2011-09-11 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Auslogics
[2012-09-07 20:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Downloaded Installations
[2012-03-19 20:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\ElevatedDiagnostics
[2012-10-20 00:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\IObit
[2011-09-28 19:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Nitro PDF
[2012-08-28 04:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Nokia
[2012-10-02 16:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Opera
[2012-08-28 04:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\PC Suite
[2012-10-09 18:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Process Hacker 2
[2012-10-31 21:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\QuickScan
[2011-12-28 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Thunderbird
[2012-09-15 23:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\TweakNow PowerPack 2011
[2012-02-14 19:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
SpyCatsher

SpyCatsher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
Hi

For the time being I'm closing my thread, if I may; because of new malware on my system which I will be posting about!

Thanks,

SpyCatsher
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP