Lots of crashes with mozalloc.dll

Users and developers helping users with technical Pale Moon issues. Please direct questions about the Linux version to the appropriate Linux board.

Moderator: Indalecio

Forum rules
This board is for technical/usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in "technical chat"
Please keep off-topic and general discussion out of this board, thank you!

Lots of crashes with mozalloc.dll

Postby blind12 » Sun Mar 03, 2013 3:56 pm

Palemoon keeps crashing with the mozalloc.dll.

Lots of tabs, most unloaded, I usually get a crash when I have loaded a few of them, and do something in one of them, like type, scroll etc.

Win7 32-bit so only 3 GB of RAM usable, lots of tabs and addons obviously but there doesn't seem to be a systemwide memory shortage.

Appcrash data:
Version=1
EventType=APPCRASH
EventTime=130067959454429286
ReportType=2
Consent=1
UploadTime=130067960461186870
ReportIdentifier=f5898d76-8411-11e2-bfe7-001a4b80aa60
IntegratorReportIdentifier=f5898d75-8411-11e2-bfe7-001a4b80aa60
Response.BucketId=3432742823
Response.BucketTable=1
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=palemoon.exe
Sig[1].Name=Application Version
Sig[1].Value=19.0.0.4802
Sig[2].Name=Application Timestamp
Sig[2].Value=51293e68
Sig[3].Name=Fault Module Name
Sig[3].Value=mozalloc.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=19.0.0.4802
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=51292666
Sig[6].Name=Exception Code
Sig[6].Value=80000003
Sig[7].Name=Exception Offset
Sig[7].Value=0000113c
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.1
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1061
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C:\Program Files\Mozilla Pale Moon\palemoon.exe
UI[3]=Pale Moon optimized web browser has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Program Files\Mozilla Pale Moon\palemoon.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\USER32.dll
LoadedModule[5]=C:\Windows\system32\GDI32.dll
LoadedModule[6]=C:\Windows\system32\LPK.dll
LoadedModule[7]=C:\Windows\system32\USP10.dll
LoadedModule[8]=C:\Windows\system32\msvcrt.dll
LoadedModule[9]=C:\Program Files\Mozilla Pale Moon\MSVCR110.dll
LoadedModule[10]=C:\Windows\system32\IMM32.DLL
LoadedModule[11]=C:\Windows\system32\MSCTF.dll
LoadedModule[12]=C:\Program Files\Mozilla Pale Moon\mozglue.dll
LoadedModule[13]=C:\Program Files\Mozilla Pale Moon\nspr4.dll
LoadedModule[14]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[15]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[16]=C:\Windows\system32\RPCRT4.dll
LoadedModule[17]=C:\Windows\system32\WSOCK32.dll
LoadedModule[18]=C:\Windows\system32\WS2_32.dll
LoadedModule[19]=C:\Windows\system32\NSI.dll
LoadedModule[20]=C:\Windows\system32\WINMM.dll
LoadedModule[21]=C:\Program Files\Mozilla Pale Moon\mozjs.dll
LoadedModule[22]=C:\Windows\system32\PSAPI.DLL
LoadedModule[23]=C:\Program Files\Mozilla Pale Moon\plc4.dll
LoadedModule[24]=C:\Program Files\Mozilla Pale Moon\plds4.dll
LoadedModule[25]=C:\Program Files\Mozilla Pale Moon\nssutil3.dll
LoadedModule[26]=C:\Program Files\Mozilla Pale Moon\nss3.dll
LoadedModule[27]=C:\Program Files\Mozilla Pale Moon\smime3.dll
LoadedModule[28]=C:\Program Files\Mozilla Pale Moon\ssl3.dll
LoadedModule[29]=C:\Program Files\Mozilla Pale Moon\mozsqlite3.dll
LoadedModule[30]=C:\Program Files\Mozilla Pale Moon\mozalloc.dll
LoadedModule[31]=C:\Program Files\Mozilla Pale Moon\MSVCP110.dll
LoadedModule[32]=C:\Program Files\Mozilla Pale Moon\gkmedias.dll
LoadedModule[33]=C:\Windows\system32\ole32.dll
LoadedModule[34]=C:\Windows\system32\MSIMG32.dll
LoadedModule[35]=C:\Program Files\Mozilla Pale Moon\xul.dll
LoadedModule[36]=C:\Windows\system32\NETAPI32.dll
LoadedModule[37]=C:\Windows\system32\netutils.dll
LoadedModule[38]=C:\Windows\system32\srvcli.dll
LoadedModule[39]=C:\Windows\system32\wkscli.dll
LoadedModule[40]=C:\Windows\system32\SAMCLI.DLL
LoadedModule[41]=C:\Windows\system32\IPHLPAPI.DLL
LoadedModule[42]=C:\Windows\system32\WINNSI.DLL
LoadedModule[43]=C:\Windows\system32\msdmo.dll
LoadedModule[44]=C:\Windows\system32\SHELL32.dll
LoadedModule[45]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[46]=C:\Windows\system32\VERSION.dll
LoadedModule[47]=C:\Windows\system32\UxTheme.dll
LoadedModule[48]=C:\Windows\system32\SETUPAPI.dll
LoadedModule[49]=C:\Windows\system32\CFGMGR32.dll
LoadedModule[50]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[51]=C:\Windows\system32\DEVOBJ.dll
LoadedModule[52]=C:\Windows\system32\dwmapi.dll
LoadedModule[53]=C:\Program Files\Mozilla Pale Moon\xpcom.dll
LoadedModule[54]=C:\Windows\system32\CRYPTBASE.dll
LoadedModule[55]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
LoadedModule[56]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[57]=C:\Windows\system32\propsys.dll
LoadedModule[58]=C:\Windows\system32\ntmarta.dll
LoadedModule[59]=C:\Windows\system32\WLDAP32.dll
LoadedModule[60]=C:\Windows\system32\dwrite.dll
LoadedModule[61]=C:\Windows\system32\mswsock.dll
LoadedModule[62]=C:\Windows\System32\wshtcpip.dll
LoadedModule[63]=C:\Program Files\Mozilla Pale Moon\components\browsercomps.dll
LoadedModule[64]=C:\Windows\system32\feclient.dll
LoadedModule[65]=C:\Windows\system32\profapi.dll
LoadedModule[66]=C:\Windows\system32\CRYPTSP.dll
LoadedModule[67]=C:\Windows\system32\rsaenh.dll
LoadedModule[68]=C:\Windows\system32\RpcRtRemote.dll
LoadedModule[69]=C:\Windows\System32\MMDevApi.dll
LoadedModule[70]=C:\Windows\system32\AUDIOSES.DLL
LoadedModule[71]=C:\Windows\System32\wship6.dll
LoadedModule[72]=C:\Windows\system32\WINTRUST.dll
LoadedModule[73]=C:\Windows\system32\CRYPT32.dll
LoadedModule[74]=C:\Windows\system32\MSASN1.dll
LoadedModule[75]=C:\Windows\system32\t2embed.dll
LoadedModule[76]=C:\Windows\system32\mscms.dll
LoadedModule[77]=C:\Windows\system32\USERENV.dll
LoadedModule[78]=C:\Windows\system32\NLAapi.dll
LoadedModule[79]=C:\Windows\system32\napinsp.dll
LoadedModule[80]=C:\Windows\system32\pnrpnsp.dll
LoadedModule[81]=C:\Windows\system32\DNSAPI.dll
LoadedModule[82]=C:\Windows\System32\winrnr.dll
LoadedModule[83]=C:\Windows\system32\WININET.dll
LoadedModule[84]=C:\Windows\system32\Normaliz.dll
LoadedModule[85]=C:\Windows\system32\iertutil.dll
LoadedModule[86]=C:\Windows\system32\urlmon.dll
LoadedModule[87]=C:\Windows\system32\Secur32.dll
LoadedModule[88]=C:\Windows\system32\SSPICLI.DLL
LoadedModule[89]=C:\Windows\system32\RASAPI32.dll
LoadedModule[90]=C:\Windows\system32\rasman.dll
LoadedModule[91]=C:\Windows\system32\rtutils.dll
LoadedModule[92]=C:\Windows\system32\sensapi.dll
LoadedModule[93]=C:\Windows\system32\explorerframe.dll
LoadedModule[94]=C:\Windows\system32\DUser.dll
LoadedModule[95]=C:\Windows\system32\DUI70.dll
LoadedModule[96]=C:\Program Files\Mozilla Pale Moon\softokn3.dll
LoadedModule[97]=C:\Program Files\Mozilla Pale Moon\nssdbm3.dll
LoadedModule[98]=C:\Program Files\Mozilla Pale Moon\freebl3.dll
LoadedModule[99]=C:\Program Files\Mozilla Pale Moon\nssckbi.dll
LoadedModule[100]=C:\Windows\system32\d3d9.dll
LoadedModule[101]=C:\Windows\system32\d3d8thk.dll
LoadedModule[102]=C:\Windows\system32\atiumdag.dll
LoadedModule[103]=C:\Windows\system32\atiumdva.dll
LoadedModule[104]=C:\Windows\system32\rasadhlp.dll
LoadedModule[105]=C:\Windows\System32\fwpuclnt.dll
LoadedModule[106]=C:\Windows\system32\apphelp.dll
LoadedModule[107]=C:\Windows\system32\LINKINFO.dll
LoadedModule[108]=C:\Windows\system32\ntshrui.dll
LoadedModule[109]=C:\Windows\system32\cscapi.dll
LoadedModule[110]=C:\Windows\system32\slc.dll
LoadedModule[111]=C:\Windows\system32\msiltcfg.dll
LoadedModule[112]=C:\Windows\system32\msi.dll
LoadedModule[113]=C:\Windows\system32\SFC.DLL
LoadedModule[114]=C:\Windows\system32\sfc_os.DLL
LoadedModule[115]=C:\Windows\System32\shdocvw.dll
LoadedModule[116]=C:\Windows\system32\DEVRTL.dll
LoadedModule[117]=C:\Windows\system32\MPR.dll
LoadedModule[118]=C:\Windows\system32\dhcpcsvc.DLL
LoadedModule[119]=C:\Windows\system32\dhcpcsvc6.DLL
LoadedModule[120]=C:\Windows\system32\icm32.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Pale Moon optimized web browser
AppPath=C:\Program Files\Mozilla Pale Moon\palemoon.exe

I notice there are 2 Nokia phone DLLs loaded that may be useless.

Help->troubleshooting information raw
{
"application": {
"name": "Pale Moon",
"version": "19.0.1",
"userAgent": "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20130223 Firefox/19.0 PaleMoon/19.0.1",
"supportURL": "http://www.palemoon.org/support/"
},
"modifiedPreferences": {
"accessibility.typeaheadfind.flashBar": 0,
"browser.cache.disk.smart_size.first_run": false,
"browser.cache.disk.smart_size.use_old_max": false,
"browser.link.open_newwindow": 1,
"browser.link.open_newwindow.override.external": 3,
"browser.places.smartBookmarksVersion": 4,
"browser.places.importBookmarksHTML": false,
"browser.search.useDBForOrder": true,
"browser.sessionstore.max_tabs_undo": 25,
"browser.startup.homepage_override.mstone": "19.0",
"browser.startup.homepage_override.buildID": "20130223212810",
"browser.tabs.onTop": true,
"browser.tabs.tabMinWidth": 50,
"browser.tabs.selectOwnerOnClose": false,
"browser.tabs.animate": false,
"browser.zoom.full": false,
"dom.event.contextmenu.enabled": false,
"dom.mozApps.used": true,
"extensions.lastAppVersion": "19.0.1",
"media.autoplay.enabled": false,
"network.cookie.prefsMigrated": true,
"places.history.expiration.transient_current_max_pages": 52206,
"places.database.lastMaintenance": 1362245486,
"plugin.disable_full_page_plugin_for_types": "",
"privacy.sanitize.migrateFx3Prefs": true,
"security.warn_viewing_mixed": false
},
"graphics": {
"numTotalWindows": 1,
"numAcceleratedWindows": 1,
"windowLayerManagerType": "Direct3D 9",
"adapterDescription": "ATI Mobility FireGL V5600",
"adapterVendorID": "0x1002",
"adapterDeviceID": "0x9581",
"adapterRAM": "256",
"adapterDrivers": "atiumdag atidxx32 atidxx64 atiumdva atiumd64 atiumd6a atitmm64",
"driverVersion": "8.632.1.3000",
"driverDate": "9-15-2009",
"adapterDescription2": "",
"adapterVendorID2": "",
"adapterDeviceID2": "",
"adapterRAM2": "",
"adapterDrivers2": "",
"driverVersion2": "",
"driverDate2": "",
"isGPU2Active": false,
"direct2DEnabled": false,
"directWriteEnabled": false,
"directWriteVersion": "6.1.7601.17789",
"direct2DEnabledMessage": [
"tryNewerDriver",
"10.6"
],
"webglRenderer": "Google Inc. -- ANGLE (ATI Mobility FireGL V5600)",
"info": {
"AzureCanvasBackend": "cairo",
"AzureFallbackCanvasBackend": "none",
"AzureContentBackend": "none"
}
},
"javaScript": {
"incrementalGCEnabled": true
},
"accessibility": {
"isActive": false,
"forceDisabled": 1
},
"libraryVersions": {
"NSPR": {
"minVersion": "4.9.4",
"version": "4.9.4"
},
"NSS": {
"minVersion": "3.14.1.0 Basic ECC",
"version": "3.14.1.0 Basic ECC"
},
"NSSUTIL": {
"minVersion": "3.14.1.0",
"version": "3.14.1.0"
},
"NSSSSL": {
"minVersion": "3.14.1.0 Basic ECC",
"version": "3.14.1.0 Basic ECC"
},
"NSSSMIME": {
"minVersion": "3.14.1.0 Basic ECC",
"version": "3.14.1.0 Basic ECC"
}
},
"userJS": {
"exists": false
},
"extensions": [
{
"name": "Active Stop Button",
"version": "1.4.10",
"isActive": true,
"id": "{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb}"
},
{
"name": "Adblock Plus",
"version": "2.2.3",
"isActive": true,
"id": "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}"
},
{
"name": "Adblock Plus Pop-up Addon",
"version": "0.6",
"isActive": true,
"id": "adblockpopups@jessehakanen.net"
},
{
"name": "Add to Amazon Wish List Button",
"version": "1.10",
"isActive": true,
"id": "amznUWL2@amazon.com"
},
{
"name": "Add to Search Bar",
"version": "2.0",
"isActive": true,
"id": "add-to-searchbox@maltekraus.de"
},
{
"name": "All About It",
"version": "1.0.3",
"isActive": true,
"id": "a2zit@toptip.ca"
},
{
"name": "BugMeNot",
"version": "2.2",
"isActive": true,
"id": "{987311C6-B504-4aa2-90BF-60CC49808D42}"
},
{
"name": "Bulk Player Mate for YouTube",
"version": "1.5",
"isActive": true,
"id": "youtubebulkpalyermate@toptip.ca"
},
{
"name": "bypassRDTO",
"version": "2.4",
"isActive": true,
"id": "{187674BE-B90B-4603-8D40-DF3411C272C1}"
},
{
"name": "CacheViewer Continued",
"version": "0.8",
"isActive": true,
"id": "{30E08C68-889E-11E0-95EF-DA7E4824019B}"
},
{
"name": "Clear Cache Button",
"version": "0.9f",
"isActive": true,
"id": "{563e4790-7e70-11da-a72b-0800200c9a66}"
},
{
"name": "Clipboard-Save-As",
"version": "1.0.6",
"isActive": true,
"id": "{6A501F1C-46EA-4A3A-93F7-327DA4F7AD4B}"
},
{
"name": "Context Search X",
"version": "0.4.6.9",
"isActive": true,
"id": "contextsearch2@lwz.addons.mozilla.org"
},
{
"name": "Cookies Manager+",
"version": "1.5.1.1",
"isActive": true,
"id": "{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}"
},
{
"name": "DownThemAll!",
"version": "2.0.15",
"isActive": true,
"id": "{DDC359D1-844A-42a7-9AA1-88A850A938A8}"
},
{
"name": "Element Hiding Helper for Adblock Plus",
"version": "1.2.3",
"isActive": true,
"id": "elemhidehelper@adblockplus.org"
},
{
"name": "ErrorZilla Mod",
"version": "0.42",
"isActive": true,
"id": "ErrorZillaMod@jaybaldwin"
},
{
"name": "FlashGot",
"version": "1.5.4.2",
"isActive": true,
"id": "{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}"
},
{
"name": "GISS Google Image Search Size Indicator",
"version": "0.1",
"isActive": true,
"id": "jid0-TAOJCVu56SXNn01Jbqt7c5jrMB8@jetpack"
},
{
"name": "Google Search by Image",
"version": "0.1",
"isActive": true,
"id": "jid0-YUNYGJ5e1a61VB7uv6QFpSgPbuI@jetpack"
},
{
"name": "Google Translator for Firefox",
"version": "2.1.0.3",
"isActive": true,
"id": "translator@zoli.bod"
},
{
"name": "Google/Yandex search link fix",
"version": "1.4",
"isActive": true,
"id": "jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack"
},
{
"name": "HackTheWeb",
"version": "1.3.20",
"isActive": true,
"id": "hacktheweb@instantfox.com"
},
{
"name": "Menu Editor",
"version": "1.2.7",
"isActive": true,
"id": "{EDA7B1D7-F793-4e03-B074-E6F303317FB0}"
},
{
"name": "Mozilla Archive Format",
"version": "2.0.9",
"isActive": true,
"id": "{7f57cf46-4467-4c2d-adfa-0cba7c507e54}"
},
{
"name": "Password Exporter",
"version": "1.2.1",
"isActive": true,
"id": "{B17C1C5A-04B1-11DB-9804-B622A1EF5492}"
},
{
"name": "PDF Viewer",
"version": "0.7.236",
"isActive": true,
"id": "uriloader@pdf.js"
},
{
"name": "Quick Torrent Search",
"version": "20121125",
"isActive": true,
"id": "qts@moongiraffe.net"
},
{
"name": "Restartless Restart",
"version": "9",
"isActive": true,
"id": "restartless.restart@erikvold.com"
},
{
"name": "Resurrect Pages",
"version": "2.0.6",
"isActive": true,
"id": "{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}"
},
{
"name": "ScrapBook MAF Creator",
"version": "1.1.4",
"isActive": true,
"id": "{1544D611-955F-4ceb-95D3-82C720C29EAE}"
},
{
"name": "ScrapBook Plus",
"version": "1.9.23.40",
"isActive": true,
"id": "scrapbookplus@addons.mozilla.org"
},
{
"name": "Search By Image (by Google)",
"version": "1.1.2",
"isActive": true,
"id": "{ce7e73df-6a44-4028-8079-5927a588c948}"
},
{
"name": "Show my Password",
"version": "2.0",
"isActive": true,
"id": "{cd617372-6743-4ee4-bac4-fbf60f35719e}"
},
{
"name": "SmartVideo For YouTube",
"version": "0.974",
"isActive": true,
"id": "mytube@ashishmishra.in"
},
{
"name": "Tab Mix Plus",
"version": "0.4.0.5",
"isActive": true,
"id": "{dc572301-7619-498c-a57d-39143191b318}"
},
{
"name": "Text Link",
"version": "4.1.2012122901",
"isActive": true,
"id": "{54BB9F3F-07E5-486c-9B39-C7398B99391C}"
},
{
"name": "Textarea Cache",
"version": "0.8.8",
"isActive": true,
"id": "{578e7caa-210f-4967-a0d3-88fe5b59a39f}"
},
{
"name": "TinEye Reverse Image Search",
"version": "1.1",
"isActive": true,
"id": "tineye@ideeinc.com"
},
{
"name": "Wiktionary and Google Translate",
"version": "6.0",
"isActive": true,
"id": "googledictionary@toptip.ca"
},
{
"name": "Yet Another Remove It Permanently",
"version": "0.3.3",
"isActive": true,
"id": "yarip@mozdev.org"
},
{
"name": "Remove It Permanently",
"version": "1.0.6.10",
"isActive": false,
"id": "{1dbc4a33-ea62-4330-966c-7bdad3455322}"
},
{
"name": "Social Fixer",
"version": "6.603",
"isActive": false,
"id": "betterfacebook@mattkruse.com"
}
]
}

Help->troubleshooting information txt
Application Basics

Name
Pale Moon

Version
19.0.1

User Agent
Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20130223 Firefox/19.0 PaleMoon/19.0.1

Build Configuration

about:buildconfig

Extensions

Name

Version

Enabled

ID

Active Stop Button
1.4.10
true
{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb}

Adblock Plus
2.2.3
true
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

Adblock Plus Pop-up Addon
0.6
true
adblockpopups@jessehakanen.net

Add to Amazon Wish List Button
1.10
true
amznUWL2@amazon.com

Add to Search Bar
2.0
true
add-to-searchbox@maltekraus.de

All About It
1.0.3
true
a2zit@toptip.ca

BugMeNot
2.2
true
{987311C6-B504-4aa2-90BF-60CC49808D42}

Bulk Player Mate for YouTube
1.5
true
youtubebulkpalyermate@toptip.ca

bypassRDTO
2.4
true
{187674BE-B90B-4603-8D40-DF3411C272C1}

CacheViewer Continued
0.8
true
{30E08C68-889E-11E0-95EF-DA7E4824019B}

Clear Cache Button
0.9f
true
{563e4790-7e70-11da-a72b-0800200c9a66}

Clipboard-Save-As
1.0.6
true
{6A501F1C-46EA-4A3A-93F7-327DA4F7AD4B}

Context Search X
0.4.6.9
true
contextsearch2@lwz.addons.mozilla.org

Cookies Manager+
1.5.1.1
true
{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

DownThemAll!
2.0.15
true
{DDC359D1-844A-42a7-9AA1-88A850A938A8}

Element Hiding Helper for Adblock Plus
1.2.3
true
elemhidehelper@adblockplus.org

ErrorZilla Mod
0.42
true
ErrorZillaMod@jaybaldwin

FlashGot
1.5.4.2
true
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

GISS Google Image Search Size Indicator
0.1
true
jid0-TAOJCVu56SXNn01Jbqt7c5jrMB8@jetpack

Google Search by Image
0.1
true
jid0-YUNYGJ5e1a61VB7uv6QFpSgPbuI@jetpack

Google Translator for Firefox
2.1.0.3
true
translator@zoli.bod

Google/Yandex search link fix
1.4
true
jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack

HackTheWeb
1.3.20
true
hacktheweb@instantfox.com

Menu Editor
1.2.7
true
{EDA7B1D7-F793-4e03-B074-E6F303317FB0}

Mozilla Archive Format
2.0.9
true
{7f57cf46-4467-4c2d-adfa-0cba7c507e54}

Password Exporter
1.2.1
true
{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

PDF Viewer
0.7.236
true
uriloader@pdf.js

Quick Torrent Search
20121125
true
qts@moongiraffe.net

Restartless Restart
9
true
restartless.restart@erikvold.com

Resurrect Pages
2.0.6
true
{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}

ScrapBook MAF Creator
1.1.4
true
{1544D611-955F-4ceb-95D3-82C720C29EAE}

ScrapBook Plus
1.9.23.40
true
scrapbookplus@addons.mozilla.org

Search By Image (by Google)
1.1.2
true
{ce7e73df-6a44-4028-8079-5927a588c948}

Show my Password
2.0
true
{cd617372-6743-4ee4-bac4-fbf60f35719e}

SmartVideo For YouTube
0.974
true
mytube@ashishmishra.in

Tab Mix Plus
0.4.0.5
true
{dc572301-7619-498c-a57d-39143191b318}

Text Link
4.1.2012122901
true
{54BB9F3F-07E5-486c-9B39-C7398B99391C}

Textarea Cache
0.8.8
true
{578e7caa-210f-4967-a0d3-88fe5b59a39f}

TinEye Reverse Image Search
1.1
true
tineye@ideeinc.com

Wiktionary and Google Translate
6.0
true
googledictionary@toptip.ca

Yet Another Remove It Permanently
0.3.3
true
yarip@mozdev.org

Remove It Permanently
1.0.6.10
false
{1dbc4a33-ea62-4330-966c-7bdad3455322}

Social Fixer
6.603
false
betterfacebook@mattkruse.com

Important Modified Preferences

Name

Value

accessibility.typeaheadfind.flashBar
0

browser.cache.disk.smart_size.first_run
false

browser.cache.disk.smart_size.use_old_max
false

browser.link.open_newwindow
1

browser.link.open_newwindow.override.external
3

browser.places.importBookmarksHTML
false

browser.places.smartBookmarksVersion
4

browser.search.useDBForOrder
true

browser.sessionstore.max_tabs_undo
25

browser.startup.homepage_override.buildID
20130223212810

browser.startup.homepage_override.mstone
19.0

browser.zoom.full
false

browser.tabs.animate
false

browser.tabs.onTop
true

browser.tabs.selectOwnerOnClose
false

browser.tabs.tabMinWidth
50

dom.event.contextmenu.enabled
false

dom.mozApps.used
true

extensions.lastAppVersion
19.0.1

media.autoplay.enabled
false

network.cookie.prefsMigrated
true

places.database.lastMaintenance
1362245486

places.history.expiration.transient_current_max_pages
52206

plugin.disable_full_page_plugin_for_types

privacy.sanitize.migrateFx3Prefs
true

security.warn_viewing_mixed
false

Graphics

Adapter Description
ATI Mobility FireGL V5600

Adapter Drivers
atiumdag atidxx32 atidxx64 atiumdva atiumd64 atiumd6a atitmm64

Adapter RAM
256

Device ID
0x9581

Direct2D Enabled
Blocked for your graphics driver version. Try updating your graphics driver to version 10.6 or newer.

DirectWrite Enabled
false (6.1.7601.17789)

Driver Date
9-15-2009

Driver Version
8.632.1.3000

GPU #2 Active
false

GPU Accelerated Windows
1/1 Direct3D 9

WebGL Renderer
Google Inc. -- ANGLE (ATI Mobility FireGL V5600)

Vendor ID
0x1002

AzureCanvasBackend
cairo

AzureContentBackend
none

AzureFallbackCanvasBackend
none

JavaScript

Incremental GC
true

Accessibility

Activated
false

Prevent Accessibility
1

Library Versions

Expected minimum version

Version in use

NSPR
4.9.4
4.9.4

NSS
3.14.1.0 Basic ECC
3.14.1.0 Basic ECC

NSSSMIME
3.14.1.0 Basic ECC
3.14.1.0 Basic ECC

NSSSSL
3.14.1.0 Basic ECC
3.14.1.0 Basic ECC

NSSUTIL
3.14.1.0
3.14.1.0
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby Moonchild » Sun Mar 03, 2013 8:45 pm

Your exception code is 0x80000003 - which is "Breakpoint reached" and that is something that normally never occurs unless you set a breakpoint in the code yourself (mozalloc certainly doesn't contain any manual breakpoints).

A possible cause would be system security software intercepting memory allocations by trying to monitor with Pale Moon is doing. Do you have any security software or behavioral monitoring running on your system? Anti-virus? Anti-malware?

Another possible cause would be memory heap corruption - considering your graphics driver is flagged as being very old, you may get a solution by updating that.
Solutions born from paranoia are never the best solutions. -MC
Image
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
 
Posts: 12148
Joined: Sun Aug 28, 2011 5:27 pm
Location: Sweden

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Mon Mar 04, 2013 1:04 am

The laptop (HP 8510w) maker's updater always says there are no updates but HP website does offer an October 2009 release vs the September 2009 driver that I have now.
ATI/AMD does not offer generic drivers for FireGL and generics have broken things in the past anyway.

There are some newer desktop driver hacks available that work on laptop cards.

HP 8530 has a new driver that might work on 8510w.

I had AVG2013 virus scanner but removed it when I discovered that it secretly and irreversibly deleted random files and boasted that it had "protected me from nnn threats".

Win7 itself has WIndows Defender.

I have installed Malwarebytes Anti-Malware but I only use it for scanning, it is not active at other time.

I have Sysinternals Process Explorer that might use breakpoints?
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby Moonchild » Mon Mar 04, 2013 7:29 am

Hmm, well, that's annoying - and is bound to cause issues in other programs as well that use graphics acceleration...
You may first want to try completely disabling hardware acceleration in Pale Moon before you try to mess with drivers, and see if that helps with your crashes. Go to (Tools ->) Options -> Advanced -> General -> Checkbox "Use hardware acceleration when available".
You may also want to run memtest86 or similar to make sure your RAM is 100% OK, to rule that out as a possibility.
Solutions born from paranoia are never the best solutions. -MC
Image
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
 
Posts: 12148
Joined: Sun Aug 28, 2011 5:27 pm
Location: Sweden

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Mon Mar 04, 2013 11:05 am

I have run memory tests in the past. Will disabling hardware acceleration slow things down much? Browser video playback isn't always smooth as is, in the past it seemed to be related to the periodic "state saving" in Fox/Palemoon and I didn't want to disable state saving.

Is there anything else that typically might insert breakpoints? Is Process Explorer safe?

Two other apps, Word 2003 and ACDSee image viewer often crash with Exception code: C0000005 that should be ACCESS_VIOLATION, is that possibly related?
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby Moonchild » Mon Mar 04, 2013 2:11 pm

Disabling hardware acceleration doesn't necessarily slow things down much, as it is a few things are already disabled anyway so it may actually be smoother if it doesn't run into bad code. In any case slight performance losses would always be better than crashing applications.

Process explorer is safe, no worries about that. it's usually other software that tries to limit/sandbox/control other processes that are potentially dangerous and monitoring software isn't an issue.

If you also get access violation errors in other programs, there's definitely something wrong at the system level. Unfortunately that goes beyond what I can personally help you with, but maybe some other forum users can chime in with help in that respect.
Solutions born from paranoia are never the best solutions. -MC
Image
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
 
Posts: 12148
Joined: Sun Aug 28, 2011 5:27 pm
Location: Sweden

Re: Lots of crashes with mozalloc.dll

Postby dark_moon » Mon Mar 04, 2013 2:30 pm

You can easy monitor all activity with the process monitor tool from microsoft.
Happy Pale Moon x64 and Fossa Mail x64 under Win7 User
German translator for Pale Moon 15+

HowTo create a new Pale Moon Profile & use the Safe Mode
User avatar
dark_moon
Board Warrior
Board Warrior
 
Posts: 1857
Joined: Mon Jan 09, 2012 5:34 pm
Location: Germany

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Mon Mar 04, 2013 7:40 pm

Disabling hardware acceleration brought no major changes, other than that the last crash was silent, Palemoon just disappeared. Appcrash was still logged:

Version=1
EventType=APPCRASH
EventTime=130068988671262958
ReportType=2
Consent=1
ReportIdentifier=9790e3d5-8501-11e2-bfe7-001a4b80aa60
IntegratorReportIdentifier=9790e3d4-8501-11e2-bfe7-001a4b80aa60
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=palemoon.exe
Sig[1].Name=Application Version
Sig[1].Value=19.0.0.4802
Sig[2].Name=Application Timestamp
Sig[2].Value=51293e68
Sig[3].Name=Fault Module Name
Sig[3].Value=mozalloc.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=19.0.0.4802
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=51292666
Sig[6].Name=Exception Code
Sig[6].Value=80000003
Sig[7].Name=Exception Offset
Sig[7].Value=0000113c
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.1
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1061
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C:\Program Files\Mozilla Pale Moon\palemoon.exe
UI[3]=Pale Moon optimized web browser has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Program Files\Mozilla Pale Moon\palemoon.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\USER32.dll
LoadedModule[5]=C:\Windows\system32\GDI32.dll
LoadedModule[6]=C:\Windows\system32\LPK.dll
LoadedModule[7]=C:\Windows\system32\USP10.dll
LoadedModule[8]=C:\Windows\system32\msvcrt.dll
LoadedModule[9]=C:\Program Files\Mozilla Pale Moon\MSVCR110.dll
LoadedModule[10]=C:\Windows\system32\IMM32.DLL
LoadedModule[11]=C:\Windows\system32\MSCTF.dll
LoadedModule[12]=C:\Program Files\Mozilla Pale Moon\mozglue.dll
LoadedModule[13]=C:\Program Files\Mozilla Pale Moon\nspr4.dll
LoadedModule[14]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[15]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[16]=C:\Windows\system32\RPCRT4.dll
LoadedModule[17]=C:\Windows\system32\WSOCK32.dll
LoadedModule[18]=C:\Windows\system32\WS2_32.dll
LoadedModule[19]=C:\Windows\system32\NSI.dll
LoadedModule[20]=C:\Windows\system32\WINMM.dll
LoadedModule[21]=C:\Program Files\Mozilla Pale Moon\mozjs.dll
LoadedModule[22]=C:\Windows\system32\PSAPI.DLL
LoadedModule[23]=C:\Program Files\Mozilla Pale Moon\plc4.dll
LoadedModule[24]=C:\Program Files\Mozilla Pale Moon\plds4.dll
LoadedModule[25]=C:\Program Files\Mozilla Pale Moon\nssutil3.dll
LoadedModule[26]=C:\Program Files\Mozilla Pale Moon\nss3.dll
LoadedModule[27]=C:\Program Files\Mozilla Pale Moon\smime3.dll
LoadedModule[28]=C:\Program Files\Mozilla Pale Moon\ssl3.dll
LoadedModule[29]=C:\Program Files\Mozilla Pale Moon\mozsqlite3.dll
LoadedModule[30]=C:\Program Files\Mozilla Pale Moon\mozalloc.dll
LoadedModule[31]=C:\Program Files\Mozilla Pale Moon\MSVCP110.dll
LoadedModule[32]=C:\Program Files\Mozilla Pale Moon\gkmedias.dll
LoadedModule[33]=C:\Windows\system32\ole32.dll
LoadedModule[34]=C:\Windows\system32\MSIMG32.dll
LoadedModule[35]=C:\Program Files\Mozilla Pale Moon\xul.dll
LoadedModule[36]=C:\Windows\system32\NETAPI32.dll
LoadedModule[37]=C:\Windows\system32\netutils.dll
LoadedModule[38]=C:\Windows\system32\srvcli.dll
LoadedModule[39]=C:\Windows\system32\wkscli.dll
LoadedModule[40]=C:\Windows\system32\SAMCLI.DLL
LoadedModule[41]=C:\Windows\system32\IPHLPAPI.DLL
LoadedModule[42]=C:\Windows\system32\WINNSI.DLL
LoadedModule[43]=C:\Windows\system32\msdmo.dll
LoadedModule[44]=C:\Windows\system32\SHELL32.dll
LoadedModule[45]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[46]=C:\Windows\system32\VERSION.dll
LoadedModule[47]=C:\Windows\system32\UxTheme.dll
LoadedModule[48]=C:\Windows\system32\SETUPAPI.dll
LoadedModule[49]=C:\Windows\system32\CFGMGR32.dll
LoadedModule[50]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[51]=C:\Windows\system32\DEVOBJ.dll
LoadedModule[52]=C:\Windows\system32\dwmapi.dll
LoadedModule[53]=C:\Program Files\Mozilla Pale Moon\xpcom.dll
LoadedModule[54]=C:\Windows\system32\dwrite.dll
LoadedModule[55]=C:\Windows\system32\CRYPTBASE.dll
LoadedModule[56]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
LoadedModule[57]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[58]=C:\Windows\system32\propsys.dll
LoadedModule[59]=C:\Windows\system32\ntmarta.dll
LoadedModule[60]=C:\Windows\system32\WLDAP32.dll
LoadedModule[61]=C:\Windows\system32\mswsock.dll
LoadedModule[62]=C:\Windows\System32\wshtcpip.dll
LoadedModule[63]=C:\Program Files\Mozilla Pale Moon\components\browsercomps.dll
LoadedModule[64]=C:\Windows\system32\feclient.dll
LoadedModule[65]=C:\Windows\system32\profapi.dll
LoadedModule[66]=C:\Windows\system32\CRYPTSP.dll
LoadedModule[67]=C:\Windows\system32\rsaenh.dll
LoadedModule[68]=C:\Windows\system32\RpcRtRemote.dll
LoadedModule[69]=C:\Windows\System32\MMDevApi.dll
LoadedModule[70]=C:\Windows\system32\AUDIOSES.DLL
LoadedModule[71]=C:\Windows\System32\wship6.dll
LoadedModule[72]=C:\Windows\system32\WINTRUST.dll
LoadedModule[73]=C:\Windows\system32\CRYPT32.dll
LoadedModule[74]=C:\Windows\system32\MSASN1.dll
LoadedModule[75]=C:\Windows\system32\t2embed.dll
LoadedModule[76]=C:\Windows\system32\mscms.dll
LoadedModule[77]=C:\Windows\system32\USERENV.dll
LoadedModule[78]=C:\Windows\system32\NLAapi.dll
LoadedModule[79]=C:\Windows\system32\napinsp.dll
LoadedModule[80]=C:\Windows\system32\pnrpnsp.dll
LoadedModule[81]=C:\Windows\system32\DNSAPI.dll
LoadedModule[82]=C:\Windows\System32\winrnr.dll
LoadedModule[83]=C:\Windows\system32\explorerframe.dll
LoadedModule[84]=C:\Windows\system32\DUser.dll
LoadedModule[85]=C:\Windows\system32\DUI70.dll
LoadedModule[86]=C:\Program Files\Mozilla Pale Moon\softokn3.dll
LoadedModule[87]=C:\Program Files\Mozilla Pale Moon\nssdbm3.dll
LoadedModule[88]=C:\Program Files\Mozilla Pale Moon\freebl3.dll
LoadedModule[89]=C:\Program Files\Mozilla Pale Moon\nssckbi.dll
LoadedModule[90]=C:\Windows\system32\LINKINFO.dll
LoadedModule[91]=C:\Windows\system32\ntshrui.dll
LoadedModule[92]=C:\Windows\system32\cscapi.dll
LoadedModule[93]=C:\Windows\system32\slc.dll
LoadedModule[94]=C:\Windows\system32\WININET.dll
LoadedModule[95]=C:\Windows\system32\Normaliz.dll
LoadedModule[96]=C:\Windows\system32\iertutil.dll
LoadedModule[97]=C:\Windows\system32\urlmon.dll
LoadedModule[98]=C:\Windows\system32\Secur32.dll
LoadedModule[99]=C:\Windows\system32\SSPICLI.DLL
LoadedModule[100]=C:\Windows\system32\RASAPI32.dll
LoadedModule[101]=C:\Windows\system32\rasman.dll
LoadedModule[102]=C:\Windows\system32\rtutils.dll
LoadedModule[103]=C:\Windows\system32\sensapi.dll
LoadedModule[104]=C:\Windows\system32\rasadhlp.dll
LoadedModule[105]=C:\Windows\System32\fwpuclnt.dll
LoadedModule[106]=C:\Windows\system32\msiltcfg.dll
LoadedModule[107]=C:\Windows\system32\msi.dll
LoadedModule[108]=C:\Windows\system32\SFC.DLL
LoadedModule[109]=C:\Windows\system32\sfc_os.DLL
LoadedModule[110]=C:\Windows\system32\apphelp.dll
LoadedModule[111]=C:\Windows\System32\shdocvw.dll
LoadedModule[112]=C:\Windows\system32\DEVRTL.dll
LoadedModule[113]=C:\Windows\system32\MPR.dll
LoadedModule[114]=C:\Windows\system32\WindowsCodecs.dll
LoadedModule[115]=C:\Windows\system32\EhStorShell.dll
LoadedModule[116]=C:\Windows\System32\cscui.dll
LoadedModule[117]=C:\Windows\System32\CSCDLL.dll
LoadedModule[118]=C:\Windows\system32\IconCodecService.dll
LoadedModule[119]=C:\Windows\system32\icm32.dll
LoadedModule[120]=C:\Windows\system32\dhcpcsvc.DLL
LoadedModule[121]=C:\Windows\system32\dhcpcsvc6.DLL
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Pale Moon optimized web browser
AppPath=C:\Program Files\Mozilla Pale Moon\palemoon.exe


I'll try updating graphics drivers as much as I can next.
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Wed Mar 06, 2013 12:25 am

BTW I also get Palemoon hangs quite a lot but less frequently than crashes. They were more common some time and some versions ago when crashes were rarer. Hangs are more clearly correlated to activity consuming resources, like Adblock Element Hider Helper use for selecting and blocking page elements (Crashes on the other hand can also easily occur while just reading or typing plain text). Hacktheweb that uses the same codebase but removes elements only temporarily requires much less resources somehow (it's fast and doesn't lag and instabilize like Element Hider Helper).

I was actually hoping that element blocking would release resources and improve stability :eh:

Here's a Nirsoft Whatishang report:
Hang report for C:\Program Files\Mozilla Pale Moon\palemoon.exe
Generated by using WhatIsHang on 6.03.2013 2:06:08
Web site: http://www.nirsoft.net


Remarks:
* The program hangs in a single system call. You can look in the call stack and stack data to find out which API function cause this hang.


Strings found in the stack:
@-moz-document domain("sopervinhas.net"){
#topbar{-moz-binding: url(about:abp-elemhidehit?391136128330#dummy) !important;}
}
@-moz-document domain("spankwire.com"){
#sidebar{-moz-binding: url(about:abp-elemhidehit?426579165838#dummy) !important;}

etailsWideGoogleAd婤Ẕ恀ܺsentƽ灊럠灊랠灊๟灊띰灊Ƣ灊
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0


Modules found in the stack:
C:\Windows\system32\KERNELBASE.dll , Microsoft Corporation , Microsoft® Windows® Operating System, Windows NT BASE API Client DLL
C:\Program Files\Mozilla Pale Moon\xul.dll , Mozilla Foundation , Palemoon,
C:\Program Files\Mozilla Pale Moon\mozglue.dll , Mozilla Foundation , Palemoon,
C:\Program Files\Mozilla Pale Moon\MSVCR110.dll , Microsoft Corporation , Microsoft® Visual Studio® 2012, Microsoft® C Runtime Library
C:\Program Files\Mozilla Pale Moon\nspr4.dll , Mozilla Foundation , Netscape Portable Runtime, NSPR Library
C:\Program Files\Mozilla Pale Moon\mozjs.dll
C:\Program Files\Mozilla Pale Moon\mozalloc.dll , Mozilla Foundation , Palemoon,

ThreadID: 6600


Execute Address:
77347094 ntdll.dll!KiFastSystemCallRet

Call Stack:
0035BDA0 75517A47 KERNELBASE.dll!VirtualAlloc+0x18
0035BDBC 5F9E62B9 xul.dll+0xc662b9
76F3C43A 05EB5DEC


Stack Data:
0035BD7C 773452E4 ntdll.dll!NtAllocateVirtualMemory+0xc
0035BD80 75517A1B KERNELBASE.dll!VirtualAllocEx+0x33
0035BD84 FFFFFFFF
0035BD88 0035BDB0
0035BD8C 00000000
0035BD90 0035BD9C
0035BD94 00003000
0035BD98 00000004
0035BD9C 00900000
0035BDA0 0035BDBC
0035BDA4 75517A47 KERNELBASE.dll!VirtualAlloc+0x18
0035BDA8 FFFFFFFF
0035BDAC 00000000
0035BDB0 00000000
0035BDB4 00003000
0035BDB8 00000004
0035BDBC 76F3C43A kernel32.dll!VirtualAlloc
0035BDC0 5F9E62B9 xul.dll+0xc662b9
0035BDC4 00000000
0035BDC8 00900000
0035BDCC 00003000
0035BDD0 00000004
0035BDD4 00900000
0035BDD8 01144F80
0035BDDC 70E31D67 mozglue.dll!_wcsdup+0xce7
0035BDE0 00000000
0035BDE4 00900000
0035BDE8 00003000
0035BDEC 00000004
0035BDF0 01144F80
0035BDF4 0080400A
0035BDF8 773476E0 ntdll.dll!RtlLeaveCriticalSection
0035BDFC 70E31EA9 mozglue.dll!_wcsdup+0xe29
0035BE00 00900000
0035BE04 01144F80
0035BE08 70E350FE mozglue.dll+0x50fe
0035BE0C 000019C8
0035BE10 00403000
0035BE14 00C06FF6
0035BE18 0080400A
0035BE1C 7D800000
0035BE20 0080400A
0035BE24 70E35504 mozglue.dll+0x5504
0035BE28 7D800000
0035BE2C 0080400A
0035BE30 0035BE7C
0035BE34 00000005
0035BE38 00403000
0035BE3C 0035BE7C
0035BE40 70E348CE mozglue.dll+0x48ce
0035BE44 70E4D3B4 mozglue.dll!_malloc_message+0x39c
0035BE48 0080400A
0035BE4C 00000005
0035BE50 00000003
0035BE54 0035BE7C
0035BE58 6308E587 MSVCR110.dll!wcsnlen+0x1c7
0035BE5C 00000008
0035BE60 7D800000
0035BE64 00000000
0035BE68 70E35BCF mozglue.dll!realloc+0x3f
0035BE6C 00403000
0035BE70 00804002
0035BE74 05AD5070
0035BE78 5F9EAFB6 xul.dll+0xc6afb6
0035BE80 5F9EAFB6 xul.dll+0xc6afb6
0035BEA4 5F9EBC1B xul.dll+0xc6bc1b
0035BEC4 5EDC0199 xul.dll+0x40199
0035BEE4 70CD8F80 nspr4.dll!PR_RmDir+0x490
0035BEEC 5ED9DE1C xul.dll+0x1de1c
0035BF18 5EDBFF06 xul.dll+0x3ff06
0035BF20 5EDC0150 xul.dll+0x40150
0035BF38 5F192ADC xul.dll+0x412adc
0035BF90 5ED9C474 xul.dll+0x1c474
0035BF98 5F03737F xul.dll+0x2b737f
0035BFC8 70E34444 mozglue.dll+0x4444
0035BFDC 5FE2BBB4 xul.dll+0x10abbb4
0035BFF0 5F0386CE xul.dll+0x2b86ce
0035C000 70E34401 mozglue.dll+0x4401
0035C00C 5F0386F1 xul.dll+0x2b86f1
0035C030 70E34401 mozglue.dll+0x4401
0035C03C 600B7448 xul.dll+0x1337448
0035C044 5F038571 xul.dll+0x2b8571
0035C058 600B7438 xul.dll+0x1337438
0035C06C 5EFA56C9 xul.dll+0x2256c9
0035C08C 5F5A96FD xul.dll+0x8296fd
0035C098 5F5A8F9B xul.dll+0x828f9b
0035C0A0 5EFA5595 xul.dll+0x225595
0035C0B8 5FC3EC77 xul.dll!NS_InvokeByIndex_P+0x27
0035C0CC 5F5C546E xul.dll+0x84546e
0035C0D4 5F5C5911 xul.dll+0x845911
0035C120 6081F318 mozjs.dll!?ThingSizes@Arena@gc@js@@0QBIB+0xfd8
0035C130 605FD915 mozjs.dll!?JS_DefinePropertyById@@YAHPAUJSContext@@PAUJSObject@@HVValue@JS@@P6AH0V?$Handle@PAUJSObject@@@4@V?$Handle@H@4@V?$MutableHandle@VValue@JS@@@4@@ZP6AH034H5@ZI@Z+0x75
0035C174 5F5C8C70 xul.dll+0x848c70
0035C188 5F59A9B2 xul.dll+0x81a9b2
0035C194 5F5C8C7A xul.dll+0x848c7a
0035C1BC 5F59F2A5 xul.dll!DumpCompleteHeap+0x9c5
0035C1D8 5FEEE8C4 xul.dll+0x116e8c4
0035C1E8 5F5C95B4 xul.dll+0x8495b4
0035C208 5F590003 xul.dll+0x810003
0035C214 5F5C95C2 xul.dll+0x8495c2
0035C234 5F5C41D8 xul.dll+0x8441d8
0035C250 60731C91 mozjs.dll!?UnmarkGrayGCThingRecursively@js@@YAXPAXW4JSGCTraceKind@@@Z+0x671
0035C25C 605F6D20 mozjs.dll!?JS_DoubleToInt32@@YAHN@Z+0xa30
0035C264 60634C12 mozjs.dll!?IncrementalReferenceBarrier@js@@YAXPAX@Z+0x52
0035C284 5F5C6D40 xul.dll+0x846d40
0035C2AC 5F5CAD69 xul.dll+0x84ad69
0035C2B4 5F5CADCE xul.dll+0x84adce
0035C2D0 5FEEE9E8 xul.dll+0x116e9e8
0035C338 606524A4 mozjs.dll+0x624a4
0035C38C 606557DC mozjs.dll+0x657dc
0035C440 60847A9C mozjs.dll+0x257a9c
0035C448 60847A9C mozjs.dll+0x257a9c
0035C454 7589407D USER32.dll!wvsprintfW+0x3
0035C4F8 6078A320 mozjs.dll+0x19a320
0035C504 6078A2D0 mozjs.dll+0x19a2d0
0035C518 70E34444 mozglue.dll+0x4444
0035C534 70E344A8 mozglue.dll+0x44a8
0035C544 70E35A8B mozglue.dll!malloc+0x4b
0035C554 5F9EC2D0 xul.dll+0xc6c2d0
0035C560 6002AA2C xul.dll+0x12aaa2c
0035C570 5F9ECC95 xul.dll+0xc6cc95
0035C5A0 73351000 mozalloc.dll!moz_free
0035C5A8 5F9ECA13 xul.dll+0xc6ca13
0035C5B8 60786100 mozjs.dll+0x196100
0035C5C0 5F99CF67 xul.dll+0xc1cf67
0035C5D0 5FC7D6FA xul.dll+0xefd6fa
0035C5D4 5EE21E96 xul.dll+0xa1e96
0035C5D8 5FE2AE24 xul.dll+0x10aae24
0035C5E0 5EDA5AD4 xul.dll+0x25ad4
0035C5E8 5FE2AE24 xul.dll+0x10aae24
0035C604 5EDA5B1D xul.dll+0x25b1d
0035C60C 60619919 mozjs.dll+0x29919
0035C620 60619AA6 mozjs.dll+0x29aa6
0035C634 5FE2AE24 xul.dll+0x10aae24
0035C63C 5EDA5AD4 xul.dll+0x25ad4
0035C644 5FE2AE24 xul.dll+0x10aae24
0035C660 5EDA5B1D xul.dll+0x25b1d
0035C674 605FA7C3 mozjs.dll!?JS_WrapValue@@YAHPAUJSContext@@PAVValue@JS@@@Z+0x13
0035C684 5F5A8BA7 xul.dll+0x828ba7
0035C6B0 5F99F1C4 xul.dll+0xc1f1c4
0035C6D0 5EDAEFA7 xul.dll+0x2efa7
0035C6F4 60730270 mozjs.dll+0x140270
0035C708 73351000 mozalloc.dll!moz_free
0035C710 606406C9 mozjs.dll!?JS_IterateCompartments@@YAXPAUJSRuntime@@PAXP6AX01PAUJSCompartment@@@Z@Z+0x199
0035C728 605FB97F mozjs.dll!?JS_RemoveGCThingRoot@@YAXPAUJSContext@@PAPAX@Z+0x1f
0035C72C 73351000 mozalloc.dll!moz_free
0035C758 5FC3EC77 xul.dll!NS_InvokeByIndex_P+0x27
0035C774 5F5C5CFC xul.dll+0x845cfc
0035C784 5F5C4FC5 xul.dll+0x844fc5
0035C7D0 5FEEE88C xul.dll+0x116e88c
0035C7F4 5F5A8796 xul.dll+0x828796
0035C80C 5F9E9391 xul.dll+0xc69391
0035C838 70CDC9BF nspr4.dll!PR_ExitMonitor+0x8f
0035C854 73351000 mozalloc.dll!moz_free
0035C85C 5F5C5F69 xul.dll+0x845f69
0035C880 5FC3EC77 xul.dll!NS_InvokeByIndex_P+0x27
0035C89C 5F5C5CFC xul.dll+0x845cfc
0035C8AC 5F5C4FC5 xul.dll+0x844fc5
0035C8F8 5FEEE88C xul.dll+0x116e88c
0035C934 60730270 mozjs.dll+0x140270
0035C958 60731C91 mozjs.dll!?UnmarkGrayGCThingRecursively@js@@YAXPAXW4JSGCTraceKind@@@Z+0x671
0035C964 605F6D20 mozjs.dll!?JS_DoubleToInt32@@YAHN@Z+0xa30
0035C96C 60634C12 mozjs.dll!?IncrementalReferenceBarrier@js@@YAXPAX@Z+0x52
0035C99C 605F266B mozjs.dll!??4AutoMaybeTouchDeadCompartments@js@@QAEAAU01@ABU01@@Z+0x9db
0035C9B4 605F268B mozjs.dll!??4AutoMaybeTouchDeadCompartments@js@@QAEAAU01@ABU01@@Z+0x9fb
0035CA10 6064C472 mozjs.dll+0x5c472
0035CA1C 60650C3A mozjs.dll+0x60c3a
0035CA24 60745A30 mozjs.dll+0x155a30
0035CA2C 60652376 mozjs.dll+0x62376
0035CA38 606523A2 mozjs.dll+0x623a2
0035CA4C 606524F7 mozjs.dll+0x624f7
0035CA60 6065252A mozjs.dll+0x6252a
0035CA7C 5F5CADD9 xul.dll+0x84add9
0035CA84 606F78B5 mozjs.dll!?sizeOf@StackSpace@js@@QAEIXZ+0x125
0035CAAC 6063704C mozjs.dll+0x4704c
0035CB00 606524A4 mozjs.dll+0x624a4
0035CB54 606557DC mozjs.dll+0x657dc
0035CBE4 606903BE mozjs.dll!?JS_vsprintf_append@@YAPADPADPBD0@Z+0x24e
0035CC10 60847A9C mozjs.dll+0x257a9c
0035CC30 606F719E mozjs.dll+0x10719e
0035CC50 6065AAA7 mozjs.dll+0x6aaa7
0035CC54 6065AAE9 mozjs.dll+0x6aae9
0035CC90 6077404C mozjs.dll+0x18404c
0035CD08 60847A9C mozjs.dll+0x257a9c


Processor Registers:
EAX: 5FE2A050 xul.dll+0x10aa050
EBX: 00900000
ECX: 05AD50A8
EDX: 0035BF70
ESI: 01144F80
EDI: 00003000
EBP: 0035BDA0
ESP: 0035BD7C
EIP: 77347094 ntdll.dll!KiFastSystemCallRet


Memory Data:
01144F80 C0 4D 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .M.........p...p
01144F90 00 00 50 7D 00 20 20 00 00 00 00 00 00 00 00 00 ..P}. .........
01144FA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FC0 40 50 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 @P.........p...p
01144FD0 00 00 90 59 00 00 10 00 00 00 00 00 00 00 00 00 ...Y............
01144FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145000 C0 4D 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .M.........p...p
01145010 00 00 A0 4C 00 00 10 00 00 00 00 00 00 00 00 00 ...L............
01145020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145040 00 4C 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .L.........p...p
01145050 00 00 A0 62 00 00 10 00 00 00 00 00 00 00 00 00 ...b............
01145060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


01144F80 C0 4D 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .M.........p...p
01144F90 00 00 50 7D 00 20 20 00 00 00 00 00 00 00 00 00 ..P}. .........
01144FA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FC0 40 50 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 @P.........p...p
01144FD0 00 00 90 59 00 00 10 00 00 00 00 00 00 00 00 00 ...Y............
01144FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145000 C0 4D 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .M.........p...p
01145010 00 00 A0 4C 00 00 10 00 00 00 00 00 00 00 00 00 ...L............
01145020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145040 00 4C 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .L.........p...p
01145050 00 00 A0 62 00 00 10 00 00 00 00 00 00 00 00 00 ...b............
01145060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


01144F80 C0 4D 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .M.........p...p
01144F90 00 00 50 7D 00 20 20 00 00 00 00 00 00 00 00 00 ..P}. .........
01144FA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FC0 40 50 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 @P.........p...p
01144FD0 00 00 90 59 00 00 10 00 00 00 00 00 00 00 00 00 ...Y............
01144FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01144FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145000 C0 4D 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .M.........p...p
01145010 00 00 A0 4C 00 00 10 00 00 00 00 00 00 00 00 00 ...L............
01145020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145040 00 4C 14 01 00 00 00 00 D4 D3 E4 70 D5 D3 E4 70 .L.........p...p
01145050 00 00 A0 62 00 00 10 00 00 00 00 00 00 00 00 00 ...b............
01145060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01145070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD5140 00 F3 31 08 0B 00 C8 00 2C AA 02 60 00 00 00 00 ..1.....,..`....
05AD5150 01 00 00 00 2F 69 6E 74 24 00 00 00 00 00 00 00 ..../int$.......
05AD5160 C8 10 20 07 0A 00 00 00 05 00 00 00 2C AA 02 60 .. .........,..`


05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD5140 00 F3 31 08 0B 00 C8 00 2C AA 02 60 00 00 00 00 ..1.....,..`....
05AD5150 01 00 00 00 2F 69 6E 74 24 00 00 00 00 00 00 00 ..../int$.......
05AD5160 C8 10 20 07 0A 00 00 00 05 00 00 00 2C AA 02 60 .. .........,..`


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD5140 00 F3 31 08 0B 00 C8 00 2C AA 02 60 00 00 00 00 ..1.....,..`....
05AD5150 01 00 00 00 2F 69 6E 74 24 00 00 00 00 00 00 00 ..../int$.......
05AD5160 C8 10 20 07 0A 00 00 00 05 00 00 00 2C AA 02 60 .. .........,..`


00010000 29 79 BA F1 2E 6C 00 01 EE FF EE FF 01 00 00 00 )y...l..........
00010010 A8 00 01 00 A8 00 01 00 00 00 01 00 00 00 01 00 ................
00010020 10 00 00 00 88 05 01 00 00 00 02 00 0F 00 00 00 ................
00010030 01 00 00 00 00 00 00 00 F0 0F 01 00 F0 0F 01 00 ................
00010040 00 80 00 00 00 00 00 00 00 00 00 00 00 00 10 00 ................
00010050 98 79 BB 41 2E 6C 00 00 6C E9 BD 22 00 00 00 00 .y.A.l..l.."....
00010060 00 FE 00 00 FF EE FF EE 00 00 10 00 00 20 00 00 ............. ..
00010070 00 02 00 00 00 20 00 00 4B 01 00 00 FF EF FD 7F ..... ..K......
00010080 02 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 ..8.............
00010090 E8 0F 01 00 E8 0F 01 00 0F 00 00 00 F8 FF FF FF ................
000100A0 A0 00 01 00 A0 00 01 00 10 00 01 00 10 00 01 00 ................
000100B0 00 00 00 00 00 00 00 00 50 01 01 00 00 00 00 00 ........P.......
000100C0 00 00 00 00 90 05 01 00 90 05 01 00 38 01 01 00 ............8...
000100D0 2E 01 84 55 00 00 00 00 00 00 00 00 00 00 01 00 ...U............
000100E0 00 10 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
000100F0 01 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 ................


05AD50A8 50 A0 E2 5F C4 9F E2 5F F0 9E E2 5F 00 00 00 00 P.._..._..._....
05AD50B8 00 00 00 00 00 00 00 00 80 1D E7 5F 94 C3 E9 5F ..........._..._
05AD50C8 00 00 00 00 40 A6 5A 4D 00 F6 7E 08 00 00 00 03 ....@.ZM..~.....
05AD50D8 06 00 02 00 C0 8E AB 08 00 00 00 00 00 00 00 00 ................
05AD50E8 00 00 00 00 00 00 00 00 03 00 00 00 4A 05 04 60 ............J..`
05AD50F8 08 00 00 00 B0 24 E7 5F E2 AC CF 2F 00 00 00 00 .....$._.../....
05AD5108 58 E0 84 05 00 00 00 00 D2 2E EE 7C 00 00 00 00 X..........|....
05AD5118 C8 32 84 05 00 00 00 00 82 DE BB AB 00 00 00 00 .2..............
05AD5128 00 EA 84 05 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD5138 00 00 00 00 00 00 00 00 00 F3 31 08 0B 00 C8 00 ..........1.....
05AD5148 2C AA 02 60 00 00 00 00 01 00 00 00 2F 69 6E 74 ,..`......../int
05AD5158 24 00 00 00 00 00 00 00 C8 10 20 07 0A 00 00 00 $......... .....
05AD5168 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5178 01 01 01 00 00 00 00 00 00 81 3B 07 0B 00 C8 00 ..........;.....
05AD5188 88 A0 20 07 02 00 00 00 05 00 00 00 6F 6C 2D 41 .. .........ol-A
05AD5198 00 00 00 00 00 00 00 00 48 11 20 07 09 00 00 00 ........H. .....


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


00010000 29 79 BA F1 2E 6C 00 01 EE FF EE FF 01 00 00 00 )y...l..........
00010010 A8 00 01 00 A8 00 01 00 00 00 01 00 00 00 01 00 ................
00010020 10 00 00 00 88 05 01 00 00 00 02 00 0F 00 00 00 ................
00010030 01 00 00 00 00 00 00 00 F0 0F 01 00 F0 0F 01 00 ................
00010040 00 80 00 00 00 00 00 00 00 00 00 00 00 00 10 00 ................
00010050 98 79 BB 41 2E 6C 00 00 6C E9 BD 22 00 00 00 00 .y.A.l..l.."....
00010060 00 FE 00 00 FF EE FF EE 00 00 10 00 00 20 00 00 ............. ..
00010070 00 02 00 00 00 20 00 00 4B 01 00 00 FF EF FD 7F ..... ..K......
00010080 02 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 ..8.............
00010090 E8 0F 01 00 E8 0F 01 00 0F 00 00 00 F8 FF FF FF ................
000100A0 A0 00 01 00 A0 00 01 00 10 00 01 00 10 00 01 00 ................
000100B0 00 00 00 00 00 00 00 00 50 01 01 00 00 00 00 00 ........P.......
000100C0 00 00 00 00 90 05 01 00 90 05 01 00 38 01 01 00 ............8...
000100D0 2E 01 84 55 00 00 00 00 00 00 00 00 00 00 01 00 ...U............
000100E0 00 10 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
000100F0 01 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 ................


05AD50A8 50 A0 E2 5F C4 9F E2 5F F0 9E E2 5F 00 00 00 00 P.._..._..._....
05AD50B8 00 00 00 00 00 00 00 00 80 1D E7 5F 94 C3 E9 5F ..........._..._
05AD50C8 00 00 00 00 40 A6 5A 4D 00 F6 7E 08 00 00 00 03 ....@.ZM..~.....
05AD50D8 06 00 02 00 C0 8E AB 08 00 00 00 00 00 00 00 00 ................
05AD50E8 00 00 00 00 00 00 00 00 03 00 00 00 4A 05 04 60 ............J..`
05AD50F8 08 00 00 00 B0 24 E7 5F E2 AC CF 2F 00 00 00 00 .....$._.../....
05AD5108 58 E0 84 05 00 00 00 00 D2 2E EE 7C 00 00 00 00 X..........|....
05AD5118 C8 32 84 05 00 00 00 00 82 DE BB AB 00 00 00 00 .2..............
05AD5128 00 EA 84 05 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD5138 00 00 00 00 00 00 00 00 00 F3 31 08 0B 00 C8 00 ..........1.....
05AD5148 2C AA 02 60 00 00 00 00 01 00 00 00 2F 69 6E 74 ,..`......../int
05AD5158 24 00 00 00 00 00 00 00 C8 10 20 07 0A 00 00 00 $......... .....
05AD5168 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5178 01 01 01 00 00 00 00 00 00 81 3B 07 0B 00 C8 00 ..........;.....
05AD5188 88 A0 20 07 02 00 00 00 05 00 00 00 6F 6C 2D 41 .. .........ol-A
05AD5198 00 00 00 00 00 00 00 00 48 11 20 07 09 00 00 00 ........H. .....


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


0B6F0000 7D 0D 0A 40 2D 6D 6F 7A 2D 64 6F 63 75 6D 65 6E }..@-moz-documen
0B6F0010 74 20 64 6F 6D 61 69 6E 28 22 73 6F 70 65 72 76 t domain("soperv
0B6F0020 69 6E 68 61 73 2E 6E 65 74 22 29 7B 0D 0A 23 74 inhas.net"){..#t
0B6F0030 6F 70 62 61 72 7B 2D 6D 6F 7A 2D 62 69 6E 64 69 opbar{-moz-bindi
0B6F0040 6E 67 3A 20 75 72 6C 28 61 62 6F 75 74 3A 61 62 ng: url(about:ab
0B6F0050 70 2D 65 6C 65 6D 68 69 64 65 68 69 74 3F 33 39 p-elemhidehit?39
0B6F0060 31 31 33 36 31 32 38 33 33 30 23 64 75 6D 6D 79 1136128330#dummy
0B6F0070 29 20 21 69 6D 70 6F 72 74 61 6E 74 3B 7D 0D 0A ) !important;}..
0B6F0080 7D 0D 0A 40 2D 6D 6F 7A 2D 64 6F 63 75 6D 65 6E }..@-moz-documen
0B6F0090 74 20 64 6F 6D 61 69 6E 28 22 73 70 61 6E 6B 77 t domain("spankw
0B6F00A0 69 72 65 2E 63 6F 6D 22 29 7B 0D 0A 23 73 69 64 ire.com"){..#sid
0B6F00B0 65 62 61 72 7B 2D 6D 6F 7A 2D 62 69 6E 64 69 6E ebar{-moz-bindin
0B6F00C0 67 3A 20 75 72 6C 28 61 62 6F 75 74 3A 61 62 70 g: url(about:abp
0B6F00D0 2D 65 6C 65 6D 68 69 64 65 68 69 74 3F 34 32 36 -elemhidehit?426
0B6F00E0 35 37 39 31 36 35 38 33 38 23 64 75 6D 6D 79 29 579165838#dummy)
0B6F00F0 20 21 69 6D 70 6F 72 74 61 6E 74 3B 7D 0D 0A 23 !important;}..#


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


05AD50A8 50 A0 E2 5F C4 9F E2 5F F0 9E E2 5F 00 00 00 00 P.._..._..._....
05AD50B8 00 00 00 00 00 00 00 00 80 1D E7 5F 94 C3 E9 5F ..........._..._
05AD50C8 00 00 00 00 40 A6 5A 4D 00 F6 7E 08 00 00 00 03 ....@.ZM..~.....
05AD50D8 06 00 02 00 C0 8E AB 08 00 00 00 00 00 00 00 00 ................
05AD50E8 00 00 00 00 00 00 00 00 03 00 00 00 4A 05 04 60 ............J..`
05AD50F8 08 00 00 00 B0 24 E7 5F E2 AC CF 2F 00 00 00 00 .....$._.../....
05AD5108 58 E0 84 05 00 00 00 00 D2 2E EE 7C 00 00 00 00 X..........|....
05AD5118 C8 32 84 05 00 00 00 00 82 DE BB AB 00 00 00 00 .2..............
05AD5128 00 EA 84 05 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD5138 00 00 00 00 00 00 00 00 00 F3 31 08 0B 00 C8 00 ..........1.....
05AD5148 2C AA 02 60 00 00 00 00 01 00 00 00 2F 69 6E 74 ,..`......../int
05AD5158 24 00 00 00 00 00 00 00 C8 10 20 07 0A 00 00 00 $......... .....
05AD5168 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5178 01 01 01 00 00 00 00 00 00 81 3B 07 0B 00 C8 00 ..........;.....
05AD5188 88 A0 20 07 02 00 00 00 05 00 00 00 6F 6C 2D 41 .. .........ol-A
05AD5198 00 00 00 00 00 00 00 00 48 11 20 07 09 00 00 00 ........H. .....


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


09A7F940 DC AD E5 5F 10 AE E5 5F A4 AD E5 5F 02 00 00 00 ..._..._..._....
09A7F950 00 F2 60 08 2C AA 02 60 00 00 00 00 01 00 00 00 ..`.,..`........
09A7F960 58 A0 20 07 05 00 00 00 05 00 00 00 F0 BD F9 04 X. .............
09A7F970 01 00 00 00 20 44 42 06 00 00 00 00 00 00 00 00 .... DB.........
09A7F980 00 00 00 00 83 00 65 00 00 00 00 00 00 00 00 00 ......e.........
09A7F990 00 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
09A7F9A0 74 00 72 00 6F 00 6C 00 00 00 6F 00 6D 00 00 00 t.r.o.l...o.m...
09A7F9B0 03 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
09A7F9C0 00 00 00 00 00 00 00 00 65 00 74 00 61 00 69 00 ........e.t.a.i.
09A7F9D0 6C 00 73 00 57 00 69 00 64 00 65 00 47 00 6F 00 l.s.W.i.d.e.G.o.
09A7F9E0 6F 00 67 00 6C 00 65 00 41 00 64 00 64 5A 94 1E o.g.l.e.A.d.dZ..
09A7F9F0 40 60 3A 07 73 00 65 00 6E 00 74 00 BD 01 4A 70 @`:.s.e.n.t...Jp
09A7FA00 E0 B7 4A 70 A0 B7 4A 70 5F 0E 4A 70 70 B7 4A 70 ..Jp..Jp_.Jpp.Jp
09A7FA10 A2 01 4A 70 14 00 00 00 00 00 00 00 00 00 00 00 ..Jp............
09A7FA20 00 00 00 00 5E 00 00 00 63 00 74 00 6C 00 30 00 ....^...c.t.l.0.
09A7FA30 30 00 5F 00 43 00 6F 00 6E 00 74 00 65 00 6E 00 0._.C.o.n.t.e.n.


05AD50A8 50 A0 E2 5F C4 9F E2 5F F0 9E E2 5F 00 00 00 00 P.._..._..._....
05AD50B8 00 00 00 00 00 00 00 00 80 1D E7 5F 94 C3 E9 5F ..........._..._
05AD50C8 00 00 00 00 40 A6 5A 4D 00 F6 7E 08 00 00 00 03 ....@.ZM..~.....
05AD50D8 06 00 02 00 C0 8E AB 08 00 00 00 00 00 00 00 00 ................
05AD50E8 00 00 00 00 00 00 00 00 03 00 00 00 4A 05 04 60 ............J..`
05AD50F8 08 00 00 00 B0 24 E7 5F E2 AC CF 2F 00 00 00 00 .....$._.../....
05AD5108 58 E0 84 05 00 00 00 00 D2 2E EE 7C 00 00 00 00 X..........|....
05AD5118 C8 32 84 05 00 00 00 00 82 DE BB AB 00 00 00 00 .2..............
05AD5128 00 EA 84 05 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD5138 00 00 00 00 00 00 00 00 00 F3 31 08 0B 00 C8 00 ..........1.....
05AD5148 2C AA 02 60 00 00 00 00 01 00 00 00 2F 69 6E 74 ,..`......../int
05AD5158 24 00 00 00 00 00 00 00 C8 10 20 07 0A 00 00 00 $......... .....
05AD5168 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5178 01 01 01 00 00 00 00 00 00 81 3B 07 0B 00 C8 00 ..........;.....
05AD5188 88 A0 20 07 02 00 00 00 05 00 00 00 6F 6C 2D 41 .. .........ol-A
05AD5198 00 00 00 00 00 00 00 00 48 11 20 07 09 00 00 00 ........H. .....


05AD5040 E4 C0 E2 5F 01 00 00 00 44 F9 A7 09 20 10 20 07 ..._....D... . .
05AD5050 00 00 00 00 4C E1 C9 26 58 A0 20 07 05 00 00 00 ....L..&X. .....
05AD5060 05 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
05AD5070 08 00 80 7D E0 FF 1F 00 05 00 00 00 00 00 00 00 ...}............
05AD5080 9C A0 E2 5F 01 00 00 00 FF FF 00 00 00 00 6F 0B ..._..........o.
05AD5090 E0 FF 1F 00 00 00 00 00 00 00 00 00 FF FF 00 00 ................
05AD50A0 80 45 42 06 00 00 00 10 50 A0 E2 5F C4 9F E2 5F .EB.....P.._..._
05AD50B0 F0 9E E2 5F 00 00 00 00 00 00 00 00 00 00 00 00 ..._............
05AD50C0 80 1D E7 5F 94 C3 E9 5F 00 00 00 00 40 A6 5A 4D ..._..._....@.ZM
05AD50D0 00 F6 7E 08 00 00 00 03 06 00 02 00 C0 8E AB 08 ..~.............
05AD50E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
05AD50F0 03 00 00 00 4A 05 04 60 08 00 00 00 B0 24 E7 5F ....J..`.....$._
05AD5100 E2 AC CF 2F 00 00 00 00 58 E0 84 05 00 00 00 00 .../....X.......
05AD5110 D2 2E EE 7C 00 00 00 00 C8 32 84 05 00 00 00 00 ...|.....2......
05AD5120 82 DE BB AB 00 00 00 00 00 EA 84 05 00 00 00 00 ................
05AD5130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


06424420 08 E0 E5 5F 60 E0 E5 5F E8 DF E5 5F 05 00 00 00 ..._`.._..._....
06424430 2C AA 02 60 00 00 00 00 01 00 00 00 00 00 00 00 ,..`............
06424440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
06424450 00 00 00 00 00 00 00 00 00 00 00 00 C0 44 42 06 .............DB.
06424460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
06424470 70 99 F9 36 B0 A4 06 14 07 80 01 03 80 1E 31 04 p..6..........1.
06424480 00 00 01 00 30 A4 06 14 03 00 04 00 50 A4 06 14 ....0.......P...
06424490 04 00 04 00 E0 BF 43 14 05 00 01 00 80 D7 20 14 ......C....... .
064244A0 06 00 01 00 70 A4 06 14 07 00 01 00 90 A4 06 14 ....p...........
064244B0 08 00 01 00 FF 7F DE F0 FF 7F DE F0 02 02 DE F0 ..............
064244C0 C4 44 42 06 01 00 00 00 08 00 00 80 20 44 42 06 .DB......... DB.
064244D0 1C 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 ................
064244E0 02 00 00 00 14 00 00 00 1A 00 00 00 F0 BD F9 04 ................
064244F0 F0 BD F9 04 F0 BD F9 04 A0 84 9B 04 00 00 00 00 ................
06424500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
06424510 08 37 E8 5F A0 1C ED 5F 00 00 00 00 60 6C FD 30 .7._..._....`l.0


0860F200 02 00 00 00 E0 EE 01 60 00 00 00 00 1C 00 C0 40 .......`.......@
0860F210 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F220 40 9B 32 17 C0 EE 01 60 00 00 00 00 1C 00 C0 40 @.2....`.......@
0860F230 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F240 C0 CA 32 17 C0 EE 01 60 00 00 00 00 1C 00 C0 40 ..2....`.......@
0860F250 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F260 00 CC 32 17 68 F2 60 08 00 00 00 00 08 00 00 80 ..2.h.`.........
0860F270 80 F2 60 08 00 00 00 00 00 00 00 00 00 00 00 00 ..`.............
0860F280 00 00 00 00 00 00 00 00 AE 00 00 00 FF FF FF FF ................
0860F290 0C A8 02 60 00 00 00 00 9C F2 60 08 00 00 00 00 ...`......`.....
0860F2A0 00 00 00 80 00 00 00 00 00 00 00 00 01 00 00 00 ................
0860F2B0 2C AA 02 60 00 00 00 00 01 00 00 00 01 00 00 00 ,..`............
0860F2C0 00 10 03 00 11 00 00 00 47 00 00 00 01 00 00 00 ........G.......
0860F2D0 89 03 00 00 00 00 00 00 89 03 00 00 00 00 A0 40 ...............@
0860F2E0 47 00 00 00 00 00 00 00 47 00 00 00 00 00 00 00 G.......G.......
0860F2F0 89 03 00 00 00 00 00 00 47 00 00 00 00 00 00 00 ........G.......


01140040 24 3D 7D 94 A8 90 0A 00 FF FF FF FF 00 00 00 00 $=}.............
01140050 00 00 00 00 4C 02 00 00 88 13 00 00 00 00 00 00 ....L...........
01140060 00 00 D0 3E 00 00 00 00 65 33 00 00 00 00 00 00 ...>....e3......
01140070 AD 2F 0B 00 00 00 00 00 96 87 6A 00 00 00 00 00 ./........j.....
01140080 D8 38 0B 00 00 00 00 00 5C CE 13 00 00 00 00 00 .8......\.......
01140090 6B A9 73 00 00 00 00 00 49 38 03 00 94 0A 8F 1C k.s.....I8......
011400A0 E8 F9 8F 10 00 00 00 00 8C FF 4E 10 00 00 00 00 ..........N.....
011400B0 00 40 51 12 00 00 00 00 46 48 21 00 00 00 00 00 .@Q.....FH!.....
011400C0 9B ED 20 00 00 00 00 00 00 00 00 15 00 00 00 00 .. .............
011400D0 CC 00 14 01 CC 00 14 01 00 00 00 00 00 00 00 00 ................
011400E0 00 00 00 00 00 00 00 00 00 00 00 00 D4 03 00 00 ................
011400F0 68 02 80 3B F4 00 14 01 F4 00 14 01 00 00 00 00 h..;............
01140100 00 00 42 01 E4 01 90 56 08 01 14 01 08 01 14 01 ..B....V........
01140110 00 00 00 00 02 00 00 00 00 10 00 00 80 07 00 00 ................
01140120 3C 00 00 00 00 01 00 00 D4 BF 09 00 00 00 00 00 <...............
01140130 08 00 00 00 00 00 00 00 96 07 00 00 00 00 00 00 ................


04F9BDF0 90 B9 E2 5F B8 BA E2 5F 14 BB E2 5F 88 BA E2 5F ..._..._..._..._
04F9BE00 0C 97 E2 5F E0 BA E2 5F 1C 00 00 00 68 EA F0 04 ..._..._....h...
04F9BE10 83 00 00 00 05 00 00 00 FF FF FF FF FF FF FF FF ................
04F9BE20 00 00 00 00 04 00 00 00 07 00 00 00 00 00 00 00 ................
04F9BE30 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF ................
04F9BE40 00 00 00 00 FF FF FF FF 07 00 00 00 7C 00 00 00 ............|...
04F9BE50 07 00 00 00 7C 00 00 00 07 00 00 00 70 00 00 00 ....|.......p...
04F9BE60 77 00 00 00 08 00 00 00 80 00 00 00 03 00 00 00 w...............
04F9BE70 07 00 00 00 FF FF FF FF 07 00 00 00 FF FF FF FF ................
04F9BE80 2C AA 02 60 00 00 00 00 01 00 00 00 A0 25 40 01 ,..`.........%@.
04F9BE90 A0 B0 00 05 00 00 00 00 D1 78 70 69 00 00 00 00 .........xpi....
04F9BEA0 C0 BE F9 04 04 00 00 00 60 2A 31 04 40 1E 31 04 ........`*1.@.1.
04F9BEB0 80 28 31 04 80 64 CC 04 A0 64 CC 04 00 FA 31 04 .(1..d...d....1.
04F9BEC0 00 27 83 16 20 27 83 16 40 27 83 16 60 27 83 16 .'.. '..@'..`'..
04F9BED0 D4 48 31 04 34 59 30 04 3B 00 00 00 00 0C B8 00 .H1.4Y0.;.......
04F9BEE0 00 00 01 0A E4 82 00 00 00 00 E4 59 01 00 00 00 ...........Y....


01140040 24 3D 7D 94 A8 90 0A 00 FF FF FF FF 00 00 00 00 $=}.............
01140050 00 00 00 00 4C 02 00 00 88 13 00 00 00 00 00 00 ....L...........
01140060 00 00 D0 3E 00 00 00 00 65 33 00 00 00 00 00 00 ...>....e3......
01140070 AD 2F 0B 00 00 00 00 00 96 87 6A 00 00 00 00 00 ./........j.....
01140080 D8 38 0B 00 00 00 00 00 5C CE 13 00 00 00 00 00 .8......\.......
01140090 6B A9 73 00 00 00 00 00 49 38 03 00 94 0A 8F 1C k.s.....I8......
011400A0 E8 F9 8F 10 00 00 00 00 8C FF 4E 10 00 00 00 00 ..........N.....
011400B0 00 40 51 12 00 00 00 00 46 48 21 00 00 00 00 00 .@Q.....FH!.....
011400C0 9B ED 20 00 00 00 00 00 00 00 00 15 00 00 00 00 .. .............
011400D0 CC 00 14 01 CC 00 14 01 00 00 00 00 00 00 00 00 ................
011400E0 00 00 00 00 00 00 00 00 00 00 00 00 D4 03 00 00 ................
011400F0 68 02 80 3B F4 00 14 01 F4 00 14 01 00 00 00 00 h..;............
01140100 00 00 42 01 E4 01 90 56 08 01 14 01 08 01 14 01 ..B....V........
01140110 00 00 00 00 02 00 00 00 00 10 00 00 80 07 00 00 ................
01140120 3C 00 00 00 00 01 00 00 D4 BF 09 00 00 00 00 00 <...............
01140130 08 00 00 00 00 00 00 00 96 07 00 00 00 00 00 00 ................


06424580 94 A3 E2 5F 84 A3 E2 5F 1C A4 E2 5F 00 00 00 00 ..._..._..._....
06424590 20 7E 41 06 FF FF FF FF FF FF FF FF 64 34 35 7D ~A.........d45}
064245A0 00 00 00 00 00 00 00 00 F0 7A 07 09 00 00 00 00 .........z......
064245B0 01 00 00 00 48 00 00 00 70 72 69 76 61 74 65 2C ....H...private,
064245C0 20 6E 6F 2D 73 74 6F 72 65 2C 20 6E 6F 2D 63 61 no-store, no-ca
064245D0 63 68 65 2C 20 6D 75 73 74 2D 72 65 76 61 6C 69 che, must-revali
064245E0 64 61 74 65 2C 20 70 6F 73 74 2D 63 68 65 63 6B date, post-check
064245F0 3D 30 2C 20 70 72 65 2D 63 68 65 63 6B 3D 30 00 =0, pre-check=0.
06424600 00 00 00 00 46 00 00 00 58 2D 4D 53 4E 2D 4D 65 ....F...X-MSN-Me
06424610 73 73 65 6E 67 65 72 00 20 53 65 73 73 69 6F 6E ssenger. Session
06424620 49 44 3D 31 31 37 39 30 39 32 37 35 37 2E 37 38 ID=1179092757.78
06424630 30 39 31 36 39 38 3B 20 47 57 2D 49 50 3D 36 34 091698; GW-IP=64
06424640 2E 34 2E 33 34 2E 33 31 3A 34 34 33 00 00 00 00 .4.34.31:443....
06424650 00 00 00 00 3E 00 00 00 61 00 64 00 5F 00 6D 00 ....>...a.d._.m.
06424660 6F 00 73 00 74 00 5F 00 70 00 6F 00 70 00 5F 00 o.s.t._.p.o.p._.
06424670 32 00 33 00 34 00 78 00 36 00 30 00 5F 00 72 00 2.3.4.x.6.0._.r.


0860F200 02 00 00 00 E0 EE 01 60 00 00 00 00 1C 00 C0 40 .......`.......@
0860F210 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F220 40 9B 32 17 C0 EE 01 60 00 00 00 00 1C 00 C0 40 @.2....`.......@
0860F230 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F240 C0 CA 32 17 C0 EE 01 60 00 00 00 00 1C 00 C0 40 ..2....`.......@
0860F250 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F260 00 CC 32 17 68 F2 60 08 00 00 00 00 08 00 00 80 ..2.h.`.........
0860F270 80 F2 60 08 00 00 00 00 00 00 00 00 00 00 00 00 ..`.............
0860F280 00 00 00 00 00 00 00 00 AE 00 00 00 FF FF FF FF ................
0860F290 0C A8 02 60 00 00 00 00 9C F2 60 08 00 00 00 00 ...`......`.....
0860F2A0 00 00 00 80 00 00 00 00 00 00 00 00 01 00 00 00 ................
0860F2B0 2C AA 02 60 00 00 00 00 01 00 00 00 01 00 00 00 ,..`............
0860F2C0 00 10 03 00 11 00 00 00 47 00 00 00 01 00 00 00 ........G.......
0860F2D0 89 03 00 00 00 00 00 00 89 03 00 00 00 00 A0 40 ...............@
0860F2E0 47 00 00 00 00 00 00 00 47 00 00 00 00 00 00 00 G.......G.......
0860F2F0 89 03 00 00 00 00 00 00 47 00 00 00 00 00 00 00 ........G.......


09A7F940 DC AD E5 5F 10 AE E5 5F A4 AD E5 5F 02 00 00 00 ..._..._..._....
09A7F950 00 F2 60 08 2C AA 02 60 00 00 00 00 01 00 00 00 ..`.,..`........
09A7F960 58 A0 20 07 05 00 00 00 05 00 00 00 F0 BD F9 04 X. .............
09A7F970 01 00 00 00 20 44 42 06 00 00 00 00 00 00 00 00 .... DB.........
09A7F980 00 00 00 00 83 00 65 00 00 00 00 00 00 00 00 00 ......e.........
09A7F990 00 00 00 00 2C AA 02 60 00 00 00 00 01 00 00 00 ....,..`........
09A7F9A0 74 00 72 00 6F 00 6C 00 00 00 6F 00 6D 00 00 00 t.r.o.l...o.m...
09A7F9B0 03 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
09A7F9C0 00 00 00 00 00 00 00 00 65 00 74 00 61 00 69 00 ........e.t.a.i.
09A7F9D0 6C 00 73 00 57 00 69 00 64 00 65 00 47 00 6F 00 l.s.W.i.d.e.G.o.
09A7F9E0 6F 00 67 00 6C 00 65 00 41 00 64 00 64 5A 94 1E o.g.l.e.A.d.dZ..
09A7F9F0 40 60 3A 07 73 00 65 00 6E 00 74 00 BD 01 4A 70 @`:.s.e.n.t...Jp
09A7FA00 E0 B7 4A 70 A0 B7 4A 70 5F 0E 4A 70 70 B7 4A 70 ..Jp..Jp_.Jpp.Jp
09A7FA10 A2 01 4A 70 14 00 00 00 00 00 00 00 00 00 00 00 ..Jp............
09A7FA20 00 00 00 00 5E 00 00 00 63 00 74 00 6C 00 30 00 ....^...c.t.l.0.
09A7FA30 30 00 5F 00 43 00 6F 00 6E 00 74 00 65 00 6E 00 0._.C.o.n.t.e.n.


0860F200 02 00 00 00 E0 EE 01 60 00 00 00 00 1C 00 C0 40 .......`.......@
0860F210 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F220 40 9B 32 17 C0 EE 01 60 00 00 00 00 1C 00 C0 40 @.2....`.......@
0860F230 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F240 C0 CA 32 17 C0 EE 01 60 00 00 00 00 1C 00 C0 40 ..2....`.......@
0860F250 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860F260 00 CC 32 17 68 F2 60 08 00 00 00 00 08 00 00 80 ..2.h.`.........
0860F270 80 F2 60 08 00 00 00 00 00 00 00 00 00 00 00 00 ..`.............
0860F280 00 00 00 00 00 00 00 00 AE 00 00 00 FF FF FF FF ................
0860F290 0C A8 02 60 00 00 00 00 9C F2 60 08 00 00 00 00 ...`......`.....
0860F2A0 00 00 00 80 00 00 00 00 00 00 00 00 01 00 00 00 ................
0860F2B0 2C AA 02 60 00 00 00 00 01 00 00 00 01 00 00 00 ,..`............
0860F2C0 00 10 03 00 11 00 00 00 47 00 00 00 01 00 00 00 ........G.......
0860F2D0 89 03 00 00 00 00 00 00 89 03 00 00 00 00 A0 40 ...............@
0860F2E0 47 00 00 00 00 00 00 00 47 00 00 00 00 00 00 00 G.......G.......
0860F2F0 89 03 00 00 00 00 00 00 47 00 00 00 00 00 00 00 ........G.......


06424420 08 E0 E5 5F 60 E0 E5 5F E8 DF E5 5F 05 00 00 00 ..._`.._..._....
06424430 2C AA 02 60 00 00 00 00 01 00 00 00 00 00 00 00 ,..`............
06424440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
06424450 00 00 00 00 00 00 00 00 00 00 00 00 C0 44 42 06 .............DB.
06424460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
06424470 70 99 F9 36 B0 A4 06 14 07 80 01 03 80 1E 31 04 p..6..........1.
06424480 00 00 01 00 30 A4 06 14 03 00 04 00 50 A4 06 14 ....0.......P...
06424490 04 00 04 00 E0 BF 43 14 05 00 01 00 80 D7 20 14 ......C....... .
064244A0 06 00 01 00 70 A4 06 14 07 00 01 00 90 A4 06 14 ....p...........
064244B0 08 00 01 00 FF 7F DE F0 FF 7F DE F0 02 02 DE F0 ..............
064244C0 C4 44 42 06 01 00 00 00 08 00 00 80 20 44 42 06 .DB......... DB.
064244D0 1C 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 ................
064244E0 02 00 00 00 14 00 00 00 1A 00 00 00 F0 BD F9 04 ................
064244F0 F0 BD F9 04 F0 BD F9 04 A0 84 9B 04 00 00 00 00 ................
06424500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
06424510 08 37 E8 5F A0 1C ED 5F 00 00 00 00 60 6C FD 30 .7._..._....`l.0




All Threads:
6600 00221FE3 palemoon.exe+0x1fe3
7564 5F7CF350 xul.dll+0xa4f350
3124 630AF28E MSVCR110.dll!__get_flsindex+0x6
6676 630AF28E MSVCR110.dll!__get_flsindex+0x6
7392 74ED62EE mswsock.dll+0x62ee
7096 630AF28E MSVCR110.dll!__get_flsindex+0x6
7180 630AF28E MSVCR110.dll!__get_flsindex+0x6
6368 630AF28E MSVCR110.dll!__get_flsindex+0x6
7004 630AF28E MSVCR110.dll!__get_flsindex+0x6
3636 630AF28E MSVCR110.dll!__get_flsindex+0x6
3128 630AF28E MSVCR110.dll!__get_flsindex+0x6
7556 630AF28E MSVCR110.dll!__get_flsindex+0x6
3188 7732FD0D ntdll.dll!RtlFreeThreadActivationContextStack+0x517
6168 630AF28E MSVCR110.dll!__get_flsindex+0x6
7600 745C27E1 MMDevApi.dll!DllCanUnloadNow+0x1120
1784 630AF28E MSVCR110.dll!__get_flsindex+0x6
7532 630AF28E MSVCR110.dll!__get_flsindex+0x6
6224 73CB27C1 WINMM.dll!timeGetTime+0xe1
6236 630AF28E MSVCR110.dll!__get_flsindex+0x6
3908 630AF28E MSVCR110.dll!__get_flsindex+0x6
8116 630AF28E MSVCR110.dll!__get_flsindex+0x6
4780 630AF28E MSVCR110.dll!__get_flsindex+0x6
4904 630AF28E MSVCR110.dll!__get_flsindex+0x6
6948 630AF28E MSVCR110.dll!__get_flsindex+0x6
7356 630AF28E MSVCR110.dll!__get_flsindex+0x6
996 630AF28E MSVCR110.dll!__get_flsindex+0x6
7576 630AF28E MSVCR110.dll!__get_flsindex+0x6
5496 743C4038 msiltcfg.dll!RestartMsi+0x2aec
5404 630AF28E MSVCR110.dll!__get_flsindex+0x6
8072 6E5132FB rasman.dll!RasAddNotification+0x384
4216 630AF28E MSVCR110.dll!__get_flsindex+0x6
7728 630AF28E MSVCR110.dll!__get_flsindex+0x6
5308 630AF28E MSVCR110.dll!__get_flsindex+0x6
7952 630AF28E MSVCR110.dll!__get_flsindex+0x6
7128 630AF28E MSVCR110.dll!__get_flsindex+0x6
4448 773303E9 ntdll.dll!RtlRegisterThreadWithCsrss+0x197
6528 630AF28E MSVCR110.dll!__get_flsindex+0x6
7192 630AF28E MSVCR110.dll!__get_flsindex+0x6
6784 773303E9 ntdll.dll!RtlRegisterThreadWithCsrss+0x197
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby dark_moon » Wed Mar 06, 2013 7:09 am

Hmm i found some bad infos about your sites.

Malware infected sites. Scan your pc
You can aswell post a hijackthis log

Please remove the sites and tell me if you read this, cause then i remove the sites too.
Last edited by dark_moon on Wed Mar 06, 2013 6:07 pm, edited 1 time in total.
Happy Pale Moon x64 and Fossa Mail x64 under Win7 User
German translator for Pale Moon 15+

HowTo create a new Pale Moon Profile & use the Safe Mode
User avatar
dark_moon
Board Warrior
Board Warrior
 
Posts: 1857
Joined: Mon Jan 09, 2012 5:34 pm
Location: Germany

Re: Lots of crashes with mozalloc.dll

Postby Moonchild » Wed Mar 06, 2013 9:54 am

KERNELBASE.dll should not be linked into the process for Pale Moon. Two options, one being malware as dark_moon pointed out, and another possibility (according to Microsoft) is that your Windows user profile got corrupted - kernelbase.dll errors have quite a few hits in search engines.
Create a new user profile in Windows (Control panel -> user accounts) and see if the new Windows profile still gives you the errors you have now.
Solutions born from paranoia are never the best solutions. -MC
Image
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
 
Posts: 12148
Joined: Sun Aug 28, 2011 5:27 pm
Location: Sweden

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Wed Mar 06, 2013 6:03 pm

dark_moon wrote:Hmm i found some bad infos about your sites. Look here:(edited)

Malware infected sites. Scan your pc
You can aswell post a hijackthis log

Please remove the sites and tell me if you read this, cause then i remove the sites too.


Hi

These are just entries in the Fanboy Adblock list and the specific text visible in the report is from Adblock's elemhide.css.
The hang was caused by Adblock's Element hider helper.
Kernelbase.dll might be worse news.
Last edited by blind12 on Wed Mar 06, 2013 7:43 pm, edited 1 time in total.
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby dark_moon » Wed Mar 06, 2013 6:09 pm

Hmm ok. Please remove the postet sites

But a malware scan would be nice and the hijackthis log too.
Happy Pale Moon x64 and Fossa Mail x64 under Win7 User
German translator for Pale Moon 15+

HowTo create a new Pale Moon Profile & use the Safe Mode
User avatar
dark_moon
Board Warrior
Board Warrior
 
Posts: 1857
Joined: Mon Jan 09, 2012 5:34 pm
Location: Germany

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Thu Mar 07, 2013 5:31 pm

Hi, on a side note, what can cause no updating of session etc? Even if I don't crash but exit properly, the session later restored is *very* old. It should be updated very frequently right?
I notice that I've changed the browser.sessionstore.interval to 60 seconds, probably for smoother video, instead of 10 but sessions restored are truly ancient.
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby Moonchild » Thu Mar 07, 2013 9:07 pm

Sessions are stored at regular intervals (the default for Pale moon is 60 seconds, by the way, and not 10 like Firefox...) so if the sessions you get restored are really ancient then it's not saved to disk for the new session. Are you sure Pale Moon isn't being "sandboxed" or running in a "protected" environment? That could explain both the crashes and your sessions not being stored, as well as odd Windows API dlls being loaded like kernelbase.dll that normally aren't present as loaded modules for the application. You may want to check if AVG hasn't inadvertently left behind some parts of its suite causing these issues... And I do recommend trying to create a new Windows user profile to see if that helps your case any.
Solutions born from paranoia are never the best solutions. -MC
Image
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
 
Posts: 12148
Joined: Sun Aug 28, 2011 5:27 pm
Location: Sweden

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Fri Mar 08, 2013 4:24 pm

Malwarebytes never finds a thing.
Neither does Avast aswMBR.

I havent done a Hijack scan but I did OldTimerListit scans. These scans were done after I disabled tons of HP, Java and other bloatware, Google, Java and Flash updaters etc from autostarting. The laptop runs much cooler now.

OTL part 1
OTL logfile created on: 7.03.2013 22:51:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\00-soft\00-Security
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000425 | Country: Eesti | Language: ETI | Date Format: d.MM.yyyy

3,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,49% Memory free
6,00 Gb Paging File | 5,08 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,25 Gb Total Space | 3,55 Gb Free Space | 8,03% Space Free | Partition Type: NTFS
Drive G: | 30,28 Gb Total Space | 0,36 Gb Free Space | 1,18% Space Free | Partition Type: NTFS

Computer Name: HP_8510W_2 | User Name: Jörgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.22 19:58:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\00-soft\00-Security\Pchelp malware removal 01- Diagnostic scan - OTL.exe
PRC - [2013.02.10 15:29:16 | 000,534,160 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe
PRC - [2013.01.22 08:18:37 | 001,057,616 | ---- | M] (BitTorrent Inc.) -- C:\Users\Jörgen\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2012.12.24 12:19:52 | 000,117,424 | ---- | M] () -- C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
PRC - [2012.12.16 13:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.21 10:56:56 | 000,162,696 | ---- | M] () -- C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
PRC - [2012.09.17 20:05:18 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.09.17 20:05:18 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.09.17 20:04:23 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.05.19 18:27:24 | 000,110,592 | ---- | M] () -- C:\ProgramData\DatacardService\DCSHOST.exe
PRC - [2009.05.14 06:50:00 | 003,466,488 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\wincmd\TOTALCMD.EXE
PRC - [2007.01.01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.03 07:52:31 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.03.03 07:52:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 04:08:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 04:07:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 04:07:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 04:07:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 04:07:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 04:07:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.09.17 20:07:21 | 001,732,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3545.37153__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:21 | 000,339,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3545.37128__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:21 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3545.37155__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3545.37148__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3545.37139__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:20 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3545.37190__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:20 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3545.37216__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:20 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3545.37254__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:20 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3545.37221__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:20 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3545.37235__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:20 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3545.37207__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:20 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3545.37155__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:20 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3545.37253__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:20 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3545.37208__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:20 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3545.37189__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:20 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3545.37229__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3545.37139__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:20 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3545.37200__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3545.37207__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3545.37255__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3545.37253__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:20 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3545.37187__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:19 | 000,950,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3545.37292__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3545.37230__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3545.37202__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3545.37157__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3545.37188__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3545.37182__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3545.37198__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3545.37162__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2012.09.17 20:07:19 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3545.37196__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012.09.17 20:07:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3545.37187__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3545.37161__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3545.37189__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3545.37196__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012.09.17 20:07:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3545.37198__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012.09.17 20:07:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012.09.17 20:07:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012.09.17 20:07:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012.09.17 20:07:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012.09.17 20:07:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012.09.17 20:07:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012.09.17 20:07:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012.09.17 20:07:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012.09.17 20:07:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012.09.17 20:07:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012.09.17 20:07:19 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012.09.17 20:07:18 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3545.37247__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012.09.17 20:07:18 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012.09.17 20:07:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3545.37245__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012.09.17 20:07:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012.09.17 20:07:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3545.37261__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012.09.17 20:07:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012.09.17 20:07:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012.09.17 20:07:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012.09.17 20:07:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012.09.17 20:07:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012.09.17 20:07:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012.09.17 20:07:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012.09.17 20:07:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012.09.17 20:07:18 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3545.37123__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012.09.17 20:07:17 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3545.37134__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012.09.17 20:07:17 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3545.37147__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012.09.17 20:07:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3545.37125__90ba9c70f846762e\APM.Server.dll
MOD - [2012.09.17 20:07:17 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3545.37127__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012.09.17 20:07:17 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3545.37125__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012.09.17 20:07:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012.09.17 20:07:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3545.37123__90ba9c70f846762e\AEM.Server.dll
MOD - [2012.09.17 20:07:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012.09.17 20:07:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012.09.17 20:07:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012.09.17 20:07:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012.09.17 20:07:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012.09.17 20:07:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012.09.17 20:07:17 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3545.37246__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.06.10 15:30:18 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.05.14 06:50:00 | 000,123,536 | ---- | M] () -- C:\Program Files\wincmd\WCMZIP32.DLL


========== Services (SafeList) ==========

SRV - [2013.02.27 00:04:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.24 12:19:52 | 000,117,424 | ---- | M] () [Auto | Running] -- C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe -- (HiSuiteOuc.exe)
SRV - [2012.12.16 13:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.11.21 10:56:56 | 000,162,696 | ---- | M] () [Auto | Running] -- C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe -- (HuaweiHiSuiteService.exe)
SRV - [2012.10.04 22:57:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.09.24 22:04:36 | 000,203,776 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Elisa M-internet\UpdateDog\ouc.exe -- (Elisa M-internet. RunOuc)
SRV - [2012.09.17 20:05:18 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.17 20:04:23 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.06.26 23:33:24 | 000,219,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ID-kaart\SmartCardRemoval.exe -- (SmartCardRemoval)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.09.09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 18:27:24 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCSHOST.exe -- (DCSHost.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - [2013.02.06 23:27:50 | 000,208,920 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2012.12.16 13:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.09.24 22:04:36 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012.09.24 22:04:36 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.09.24 22:04:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.09.24 22:04:36 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.09.17 20:05:19 | 000,103,952 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2012.09.17 20:05:18 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.08.30 07:52:28 | 000,969,192 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.05.29 23:03:00 | 000,014,688 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atrfiltr.sys -- (atrfiltr)
DRV - [2012.01.09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.25 14:19:26 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.07.20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009.07.08 12:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2009.07.08 12:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009.06.25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = about:blank
IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\..\SearchScopes,BrowserMngrDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\..\SearchScopes,DefaultScope = {0579FB2A-A0FC-4A45-B378-AF4501D57D0B}
IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\..\SearchScopes\{0579FB2A-A0FC-4A45-B378-AF4501D57D0B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@RIA/esteid-firefox-plugin: C:\Program Files\ID-kaart\npesteid-firefox-plugin.dll (RIA)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jörgen\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jörgen\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{aa84ce40-4253-a00a-8cd6-0800200f9a66}: C:\Program Files\ID-kaart\Firefox PKCS11 Loader\ [2012.09.27 08:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 15.1.1\extensions\\Components: C:\Program Files\Mozilla Pale Moon\components [2013.03.01 13:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 15.1.1\extensions\\Plugins: C:\Program Files\Mozilla Pale Moon\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 19.0.1\extensions\\Components: C:\Program Files\Mozilla Pale Moon\components [2013.03.01 13:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 19.0.1\extensions\\Plugins: C:\Program Files\Mozilla Pale Moon\plugins

[2013.03.02 01:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörgen\AppData\Roaming\Mozilla\Extensions
[2012.09.11 21:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=109217 ... 1f3b15071d
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=109217 ... 1f3b15071d
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\J\u00F6rgen\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\J\u00F6rgen\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\J\u00F6rgen\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\J\u00F6rgen\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\J\u00F6rgen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: SingleFile Core = C:\Users\Jörgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\0.3.4_0\
CHR - Extension: SingleFile Core = C:\Users\Jörgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\0.3.6_0\
CHR - Extension: SingleFile = C:\Users\Jörgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle\0.3.4_0\
CHR - Extension: SingleFile = C:\Users\Jörgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle\0.3.6_0\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (EstEIDIEPluginBHO Class) - {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\ID-kaart\esteid-plugin-ie.dll (RIA)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000..\Run: [uTorrent] C:\Users\Jörgen\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\S-1-5-21-1192358187-4228306993-1132545701-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407F19DD-6E5E-456C-BD65-0504AD84F5AE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D34B9FC1-AD0B-444B-92A8-8C09E63B3413}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F9B650-826F-44F8-916F-1A2AD90DAB57}: NameServer = 194.204.0.1 194.204.18.244
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\notepad.exe: Debugger - C:\Program Files\Notepad2\Notepad2.exe ()
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\TOOLS\PROCEXP.EXE (Sysinternals - http://www.sysinternals.com&#41;
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\EudoraPro\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04e88441-073b-11e2-b752-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{04e88441-073b-11e2-b752-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0f50bd43-faa9-11e1-b11e-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{0f50bd43-faa9-11e1-b11e-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0fdb956e-fa97-11e1-a46a-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{0fdb956e-fa97-11e1-a46a-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0fdb957f-fa97-11e1-a46a-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{0fdb957f-fa97-11e1-a46a-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6140bbb4-0bf1-11e2-b0bb-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{6140bbb4-0bf1-11e2-b0bb-001e101f1f81}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6140bbe1-0bf1-11e2-b0bb-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{6140bbe1-0bf1-11e2-b0bb-001e101f1f81}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{693ebff8-04af-11e2-9192-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{693ebff8-04af-11e2-9192-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{693ec006-04af-11e2-9192-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{693ec006-04af-11e2-9192-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9bc59ee1-0b8a-11e2-be92-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{9bc59ee1-0b8a-11e2-be92-001e101f9843}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{a9e12c73-0eba-11e2-bfca-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{a9e12c73-0eba-11e2-bfca-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{aaf8b83a-00cf-11e2-a929-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{aaf8b83a-00cf-11e2-a929-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{aaf8b84c-00cf-11e2-a929-001a4b80aa60}\Shell - "" = AutoRun
O33 - MountPoints2\{aaf8b84c-00cf-11e2-a929-001a4b80aa60}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cd7e01f0-590f-11e2-92e5-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{cd7e01f0-590f-11e2-92e5-001e101f79c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cd7e0200-590f-11e2-92e5-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{cd7e0200-590f-11e2-92e5-001e101f79c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f5d6790b-0cdc-11e2-997e-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{f5d6790b-0cdc-11e2-997e-001e101fb681}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Users\Jörgen\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files\00-codecs\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.03.07 19:08:37 | 000,000,000 | ---D | C] -- C:\Users\Jörgen\AppData\Roaming\QFX Software
[2013.03.07 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013.03.07 15:48:35 | 000,000,000 | R--D | C] -- C:\Users\Jörgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.07 00:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013.03.07 00:19:26 | 000,208,920 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2013.03.07 00:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2013.03.05 23:47:32 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013.03.02 03:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.02 03:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.02 03:04:52 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.02 03:04:52 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.02 03:04:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.02 03:04:21 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.02 03:04:21 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.02 03:04:21 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.02 03:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.02 02:37:27 | 000,000,000 | R--D | C] -- C:\Users\Jörgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.02 01:32:53 | 000,000,000 | ---D | C] -- C:\Users\Jörgen\AppData\Roaming\Mozilla
[2013.03.01 23:35:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.01 23:35:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.01 23:35:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.01 23:35:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.01 23:35:36 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.01 23:35:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.01 23:35:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.01 23:35:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.23 04:05:02 | 000,000,000 | ---D | C] -- C:\Users\Jörgen\AppData\Roaming\Malwarebytes
[2013.02.23 04:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2013.02.23 04:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 04:04:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.23 04:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2013.02.22 19:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013.02.22 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\Jörgen\AppData\Local\Paint.NET
[2013.02.20 10:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
[2013.02.20 10:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.02.15 03:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laptop
[2013.02.15 03:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote
[2013.02.15 02:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display
[2013.02.13 01:26:19 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.13 01:26:18 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 01:26:13 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 01:26:12 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 01:26:11 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.11 02:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
Last edited by blind12 on Fri Mar 08, 2013 4:35 pm, edited 1 time in total.
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Fri Mar 08, 2013 4:27 pm

OTL part 2
========== Files - Modified Within 30 Days ==========

[2013.03.07 22:45:33 | 000,024,046 | ---- | M] () -- C:\Users\Jörgen\AppData\Roaming\Notepad2.ini
[2013.03.07 22:45:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.07 22:45:02 | 000,010,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 22:45:02 | 000,010,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 19:12:27 | 000,627,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.07 19:12:27 | 000,395,888 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013.03.07 19:12:27 | 000,111,258 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013.03.07 19:12:27 | 000,111,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.07 19:07:55 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192358187-4228306993-1132545701-1000UA.job
[2013.03.07 19:07:55 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192358187-4228306993-1132545701-1000Core.job
[2013.03.07 19:07:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.07 19:07:55 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJörgen.job
[2013.03.07 19:07:33 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.07 19:05:03 | 002,252,278 | ---- | M] () -- G:\00-userdata\000-Desktop\AutoRuns.arn
[2013.03.04 21:09:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.03 07:50:48 | 000,343,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.02 03:04:05 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.02 03:04:04 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.02 03:04:04 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.02 03:04:04 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.02 03:04:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.02 03:04:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.27 21:25:11 | 000,001,808 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.02.27 00:04:32 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 00:04:32 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.18 19:46:14 | 000,016,896 | ---- | M] () -- C:\Users\Jörgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.18 17:15:28 | 000,000,024 | ---- | M] () -- C:\Windows\EET50X.ini
[2013.02.06 23:27:50 | 000,208,920 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys

========== Files Created - No Company Name ==========

[2013.03.05 10:03:27 | 000,001,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader2.lnk
[2013.03.04 21:09:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.22 19:16:18 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013.02.18 17:14:11 | 000,000,024 | ---- | C] () -- C:\Windows\EET50X.ini
[2012.12.20 01:47:02 | 000,001,808 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.12.15 17:07:38 | 000,016,896 | ---- | C] () -- C:\Users\Jörgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.06 05:42:07 | 000,024,046 | ---- | C] () -- C:\Users\Jörgen\AppData\Roaming\Notepad2.ini
[2012.10.21 19:13:20 | 000,007,612 | ---- | C] () -- C:\Users\Jörgen\AppData\Local\Resmon.ResmonCfg
[2012.10.05 13:00:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.10.05 12:59:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.10.05 09:04:54 | 000,395,888 | ---- | C] () -- C:\Windows\System32\perfh011.dat
[2012.10.05 09:04:54 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat
[2012.10.05 09:04:54 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat
[2012.10.05 09:04:53 | 000,111,258 | ---- | C] () -- C:\Windows\System32\perfc011.dat
[2012.09.26 19:17:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.09.17 20:05:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2012.09.17 20:05:22 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.09.17 20:05:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2012.09.09 17:00:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.26 23:28:26 | 000,214,944 | ---- | C] () -- C:\Windows\System32\esteidcm.dll
[2012.06.26 23:18:46 | 001,598,976 | ---- | C] () -- C:\Windows\System32\opensc-pkcs11.dll
[2012.06.26 23:18:46 | 001,598,976 | ---- | C] () -- C:\Windows\System32\onepin-opensc-pkcs11.dll
[2012.06.26 23:18:46 | 001,598,976 | ---- | C] () -- C:\Windows\System32\esteid-pkcs11.dll
[2012.06.26 23:18:46 | 001,488,896 | ---- | C] () -- C:\Windows\System32\opensc.dll

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.11 09:33:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.01.11 09:33:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.10.08 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\ACD Systems
[2012.11.28 14:58:27 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\digidocpp
[2013.01.18 08:39:03 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\Foxit Reader
[2012.10.11 02:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\Foxit Software
[2012.12.03 06:33:32 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\Grig Software
[2012.10.14 03:42:00 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\Icons and Cursors
[2012.10.03 20:38:20 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\Moonchild Productions
[2013.02.13 06:30:51 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\Nokia
[2013.01.09 02:42:14 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\Okapi
[2012.10.13 18:13:44 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\PC Suite
[2013.03.07 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\QFX Software
[2012.12.18 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\TuneUp Software
[2013.03.07 22:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jörgen\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2003.06.18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012.10.05 09:06:23 | 000,000,221 | -HS- | M] () -- C:\Users\Jörgen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009.06.10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012.12.14 17:49:29 | 000,000,402 | -HS- | M] () -- C:\Users\Jörgen\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009.07.13 23:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\system32\ANSI.SYS
[2009.07.14 03:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\clfs.sys
[2009.07.13 23:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\system32\country.sys
[2001.09.17 08:48:52 | 000,006,688 | R--- | M] () -- C:\Windows\system32\Digita.sys
[2009.07.13 23:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\system32\HIMEM.SYS
[2009.07.13 23:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\system32\KEY01.SYS
[2009.07.13 23:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\system32\KEYBOARD.SYS
[2009.07.13 23:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\system32\NTDOS.SYS
[2009.07.13 23:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\system32\NTDOS404.SYS
[2009.07.13 23:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\system32\NTDOS411.SYS
[2009.07.13 23:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\system32\NTDOS412.SYS
[2009.07.13 23:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\system32\NTDOS804.SYS
[2009.07.13 23:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\system32\NTIO.SYS
[2009.07.13 23:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\system32\NTIO404.SYS
[2009.07.13 23:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\system32\NTIO411.SYS
[2009.07.13 23:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\system32\NTIO412.SYS
[2009.07.13 23:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\system32\NTIO804.SYS
[2013.01.04 05:00:29 | 002,347,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2012.09.17 20:05:18 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\drivers\ati2erec.dll
[2010.02.25 14:18:58 | 001,419,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wdfcoinstaller01005.dll
[2010.02.19 01:00:34 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WdfCoInstaller01007.dll
[2012.09.24 22:04:36 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WdfCoInstaller01009.dll
[2010.02.19 01:00:32 | 000,581,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WinUSBCoInstaller.dll
[2010.02.19 01:00:34 | 001,302,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFUpdate_01007.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2003.06.18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll
[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[1980.01.04 10:18:00 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2012.09.10 03:56:34 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012.09.10 03:56:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.01.29 14:14:56 | 000,000,154 | ---- | M] () -- C:\data.txt
[2009.08.02 10:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
[2013.03.07 19:07:33 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[1980.01.04 10:27:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[1980.01.04 10:27:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004.08.04 12:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2013.03.07 19:07:36 | 3220,496,384 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2013.02.11 02:31:48 | 000,000,000 | ---D | M] -- C:\Program Files\00-codecs
[2012.12.15 03:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\00-ed2k
[2013.02.11 02:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2012.10.08 23:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2012.09.17 20:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2012.09.17 20:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2012.09.17 20:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2012.10.04 23:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\AuthenTec
[2012.12.18 22:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2012.12.18 22:19:03 | 000,000,000 | ---D | M] -- C:\Program Files\AVG2012
[2013.03.02 03:09:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012.12.15 04:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\Compare It!
[2013.01.07 15:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\DC-Unlocker
[2012.10.13 16:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2012.12.14 17:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2013.01.08 00:40:48 | 000,000,000 | ---D | M] -- C:\Program Files\Elisa M-internet
[2012.09.26 15:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\EudoraPro
[2013.01.18 09:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Reader
[2013.02.20 10:54:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012.09.26 02:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2013.01.28 15:08:03 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei U8500 HiSuite
[2012.09.27 08:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\ID-kaart
[2012.09.26 15:12:55 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2013.03.03 07:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2013.03.02 03:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2013.03.06 21:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\JDownloader2
[2013.03.07 00:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\KeyScrambler
[2013.02.23 04:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes Anti-Malware
[2012.10.14 03:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microangelo On Display
[2013.02.19 02:03:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microangelo Toolset 6
[2012.10.02 23:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012.09.26 19:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009.07.14 09:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2012.10.02 23:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012.09.26 19:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2013.01.09 13:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012.10.08 02:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\Moon Software ShellTools
[2012.09.11 21:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2013.03.01 13:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Pale Moon
[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012.10.02 23:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2012.10.13 16:46:59 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2013.02.27 01:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad2
[2013.01.09 02:30:49 | 000,000,000 | ---D | M] -- C:\Program Files\Okapi
[2013.02.22 19:15:43 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2012.10.13 16:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2013.01.11 23:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\PDF24
[2012.10.23 07:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\R-Studio
[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012.12.20 01:46:25 | 000,000,000 | ---D | M] -- C:\Program Files\Sandboxie
[2012.10.16 15:04:25 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012.09.09 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Tele2 Mobile Partner.bak
[2013.01.13 15:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Types
[2009.07.14 06:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2013.01.07 15:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2013.01.28 09:57:37 | 000,000,000 | ---D | M] -- C:\Program Files\wincmd
[2012.10.02 23:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\wincmd.bak
[2012.12.14 17:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012.12.14 17:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012.10.02 23:37:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012.10.02 23:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2012.12.14 17:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012.12.14 17:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012.12.14 17:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2012.12.14 17:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012.12.14 17:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012.12.03 09:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\WinMerge
[2012.09.26 14:57:09 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< %appdata%\*.* >
[2013.03.07 22:45:33 | 000,024,046 | ---- | M] () -- C:\Users\Jörgen\AppData\Roaming\Notepad2.ini

< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USBSTOR.SYS >
[2011.03.11 05:48:12 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=6A3DB51D317307F3AC65CB127B9A2BEB -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_4ac7a4d10f6f3253\USBSTOR.SYS
[2010.11.20 12:00:04 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=BF63EBFC6979FEFB2BC03DF7989A0C1A -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_c77d41a490bdc63d\USBSTOR.SYS
[2010.11.20 12:00:04 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=BF63EBFC6979FEFB2BC03DF7989A0C1A -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_4a8db8a1f615344e\USBSTOR.SYS
[2011.03.11 06:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=F991AB9CC6B908DB552166768176896A -- C:\Windows\System32\drivers\USBSTOR.SYS
[2011.03.11 06:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=F991AB9CC6B908DB552166768176896A -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_e6d53e776821c5b8\USBSTOR.SYS
[2011.03.11 06:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=F991AB9CC6B908DB552166768176896A -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_4a4fd9f7f64327f9\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-03-01 21:39:50

< End of report >


OTL extras
OTL Extras logfile created on: 7.03.2013 22:51:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\00-soft\00-Security
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000425 | Country: Eesti | Language: ETI | Date Format: d.MM.yyyy

3,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,49% Memory free
6,00 Gb Paging File | 5,08 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,25 Gb Total Space | 3,55 Gb Free Space | 8,03% Space Free | Partition Type: NTFS
Drive G: | 30,28 Gb Total Space | 0,36 Gb Free Space | 1,18% Space Free | Partition Type: NTFS

Computer Name: HP_8510W_2 | User Name: Jörgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1192358187-4228306993-1132545701-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Pale Moon\palemoon.exe (Moonchild Productions)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\00-codecs\Videolan\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\00-codecs\Videolan\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{273AB519-6E79-401F-9CFA-9277A93736DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AAF0752-36A2-4CDF-9AED-14247EC516AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F523C34-3D79-4F7B-9F0E-746D299727C0}" = lport=137 | protocol=17 | dir=in | app=system |
"{6CD9F0B2-7DEE-4504-99AF-ECFF4865DB1F}" = rport=137 | protocol=17 | dir=out | app=system |
"{7E85001C-8B08-433D-A07E-FB349677428C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89637A0B-157F-4428-B3D5-D35472A673F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E8FD6BE-41A9-4D4F-9439-4FC964D3D4C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9892D48C-AF77-44D4-822D-919E6F4B47B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1D59F04-AD02-45CD-BA48-DFED672FEDFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BAD6CBF5-A2B1-4417-B14B-1371A33CD806}" = rport=138 | protocol=17 | dir=out | app=system |
"{CB2EC105-0BAE-4E04-BDA2-00203E4C2D12}" = lport=138 | protocol=17 | dir=in | app=system |
"{E753B2D5-DDF6-407A-80A1-D7E18E53A805}" = lport=445 | protocol=6 | dir=in | app=system |
"{F192A81F-6DB5-43FD-AAB4-8ADE60EF3C12}" = lport=139 | protocol=6 | dir=in | app=system |
"{F758644A-4E59-4497-9807-D24B92717D87}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B0B91D-B898-4E33-A045-41565D065165}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0745401A-35B0-4BF0-A5F6-A5CD8B52EFFA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{0B7D047C-0B56-4DF5-8ADB-2DFEAFA8FAF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A617850-957B-4646-854F-8EE5CA4003C6}" = dir=out | app=c:\program files\00-ed2k\emulemorph\emule.exe |
"{1E091D03-5F71-41B4-93BF-F4798FF88C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28FF1F12-D3A6-45F0-B228-10CE896745D8}" = protocol=6 | dir=in | app=c:\users\jörgen\appdata\roaming\utorrent\utorrent.exe |
"{329B7E60-B48A-48F7-A4D8-3E9925218DCB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{367B66DA-C8A3-4C2C-A49B-3690200E4E12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47074B4B-8CE9-458F-BBE2-D50AB9C54A5E}" = protocol=17 | dir=in | app=c:\program files\avg2012\avgmfapx.exe |
"{4CE5FC5C-6AE5-4B7C-8B4E-4AE4F9B173DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4DAC6303-E3B8-4F52-8F39-8D38D94F006F}" = protocol=6 | dir=in | app=c:\program files\avg2012\avgmfapx.exe |
"{6B316E46-E91F-4B27-8CAF-A47823DD7DF3}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{86B8E144-044D-446F-A7A6-F2D65200EE67}" = protocol=17 | dir=in | app=c:\program files\avg2012\avgnsx.exe |
"{941A4AAA-8B6E-40A2-9E5D-EFF5E1A4D621}" = dir=in | app=c:\program files\00-ed2k\emulemorph\emule.exe |
"{9B124562-8CDB-488A-B96B-A1F11A3177A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9E1A809F-BA83-4F4A-B327-B705F2A0A6AB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A01F02C6-BEC6-49D1-BC42-747A3194C4A3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A117A303-9E9A-480A-8442-D50A36AFB7FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A30DE9F1-2E59-4D25-BB57-25CA0F2EFFB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C1DC720C-59BE-42D5-A741-8938C186C817}" = protocol=6 | dir=in | app=c:\program files\avg2012\avgdiagex.exe |
"{D4B0D3F6-7C2C-43D6-BAFB-7143191253AB}" = protocol=17 | dir=in | app=c:\users\jörgen\appdata\roaming\utorrent\utorrent.exe |
"{DFEFE2D9-C1C2-42A3-852A-4CC353FF1054}" = protocol=6 | dir=in | app=c:\program files\avg2012\avgnsx.exe |
"{E7C116F4-A3B9-4E36-8E9A-2C0E8E7DF1C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1FC052A-6693-4DD4-9497-37F7F2A91697}" = protocol=17 | dir=in | app=c:\program files\avg2012\avgdiagex.exe |
"{F9553364-D2C9-44F4-AC9E-CCF6BB41109D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB22107C-F1F6-4564-BFDC-16249CEDE328}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"TCP Query User{96DCDE57-2278-4964-BE25-40087CC60E1F}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"TCP Query User{985F4E14-1DE1-4940-9019-0F48EFBF2E5A}C:\program files\wincmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\wincmd\totalcmd.exe |
"TCP Query User{9F2F1FE0-ED0A-406B-8704-EE1D7CC763E2}C:\program files\jdownloader2\jdownloader2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader2\jdownloader2.exe |
"TCP Query User{A52DE8AC-945F-4341-B220-A22B39E518A0}C:\program files\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe |
"TCP Query User{EE1302A6-8EAE-4FAD-BC57-0C9A48EAF4C1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F0C2B8A4-8184-49BC-A79E-C65BE3D7E398}C:\program files\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe |
"UDP Query User{0671DE2F-0043-4D45-B761-3FEA2D9D2130}C:\program files\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe |
"UDP Query User{15B36396-CC8A-4B03-9D1F-6FC949814616}C:\program files\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe |
"UDP Query User{18610EE2-81EB-4604-93EE-B63195A2B20E}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"UDP Query User{3DDCDF27-28EA-4A62-807E-C15771503A3A}C:\program files\wincmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\wincmd\totalcmd.exe |
"UDP Query User{AC721ABE-E442-4BF5-AD22-70A866B3EE5B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D0C28845-9234-4201-8DFB-1D34584736F5}C:\program files\jdownloader2\jdownloader2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader2\jdownloader2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0BCD7F45-A66D-63FD-CA8C-828416484863}" = Catalyst Control Center Localization All
"{0D750A5D-EDBA-F37A-51F6-B1E1F3833270}" = CCC Help English
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.10
"{1D30236B-2102-472B-8BDC-14DDAD726D14}" = Eudora
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE20C1A-9665-1597-3C88-FC87EA9121B0}" = CCC Help Korean
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FFEE48-A96E-9158-BD81-60919E004F9E}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2BF64380-C910-A789-9860-4E52E30377B7}" = Catalyst Control Center Graphics Previews Vista
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37227F8B-DD62-A590-0D18-3AB4BB981FFF}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C8898D3-407E-1112-46C2-C8FE4A202506}" = CCC Help Italian
"{42A0CD6A-224C-BC6F-DB88-58F37EC610ED}" = CCC Help Polish
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4649126F-45B6-47A2-B2A2-FB8FDB2FDE2E}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E59C2EE-0270-42C5-B5E8-D3642B205135}" = Eesti ID kaardi tarkvara 3.6.0.904
"{4E5FF2D7-87CF-A620-64F1-417B11FB4B9C}" = CCC Help French
"{4F549611-A40A-74AD-562C-F6BCD6EA8D93}" = CCC Help Japanese
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5BB54A4F-CD51-C962-B162-18B71AD93F1B}" = CCC Help Thai
"{62CA5EF5-AFBA-716F-471B-EF061666770B}" = CCC Help German
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{6AEFA6D3-84CC-5580-379A-27F81FC2F039}" = ccc-utility
"{6C823BB8-EAA8-CD73-B5BE-D05FCE1DA75D}" = ccc-core-static
"{6E5ED03F-DFA5-E08E-0876-7BBD532D01F8}" = CCC Help Norwegian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6FEE2F79-23DF-CA27-E5D8-66EB47A65928}" = Catalyst Control Center Graphics Light
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{7C983DEF-4168-5CAF-DD5B-17CDE2583453}" = CCC Help Greek
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84FE3046-C28A-0B88-3693-66BB0623CC26}" = CCC Help Portuguese
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{8679D366-D73F-4303-92F7-853B13C1F424}" = Microangelo On Display
"{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
"{8E54DDB4-5F0B-49D2-88E3-410CDCE4A277}" = Okapi Olifant
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{92605735-AAFB-47F7-A67D-17ED129EFF9C}" = ACDSee 4.0
"{938DAE9E-9849-7766-5019-C77B3C74EC1C}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97918F8D-74CD-8F64-6CDE-F82E9FF8FBA4}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EE18409-B1D2-4782-A7E1-4F88232DCD78}" = ShellTools
"{9FE921A8-5A85-529D-BCF0-D14547D1E6E5}" = Catalyst Control Center Graphics Full Existing
"{A4B286D5-9F14-0722-BCB0-E8EF49DFD5D6}" = CCC Help Chinese Standard
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA736C36-CCB7-5140-F1A3-8243E749C17B}" = CCC Help Finnish
"{AA94F1B4-68E6-ECC3-7181-406F728FD220}" = CCC Help Swedish
"{AAB11FE6-15FC-3B4A-1E83-B11085BD9243}" = CCC Help Turkish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9293A66-5F9A-4442-B690-922EF5A501DB}" = HP System Default Settings
"{C69B1CC0-B5B9-742A-B906-B9EC49DBE057}" = CCC Help Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC20517A-4CA8-0991-F40B-7BCB54C98305}" = Catalyst Control Center Graphics Full New
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D42CE79E-22E1-0233-179D-94CC314DA382}" = CCC Help Russian
"{D4BEDE0D-BE09-F5C9-C10B-09EF2B7A8525}" = ATI Catalyst Install Manager
"{E63E0B06-D704-7BD0-3D21-A38EE0138B4F}" = CCC Help Spanish
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F89BA07B-6F56-3CAC-5DBD-B1C854DAC911}" = CCC Help Czech
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"Elisa M-internet" = Elisa M-internet
"eMule MorphXT_is1" = eMule MorphXT 12.7
"Foxit Reader_is1" = Foxit Reader
"Hi Suite" = HiSuite
"jdownloader2" = JDownloader 2.0
"KeyScrambler" = KeyScrambler
"MadVR" = MadVR (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.70.0.1100
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nokia PC Suite" = Nokia PC Suite
"Notepad2" = Notepad2 (Notepad Replacement)
"Pale Moon 19.0.1 (x86 en-US)" = Pale Moon 19.0.1 (x86 en-US)
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"R-Studio 5.1NSIS" = R-Studio 5.1
"Sandboxie" = Sandboxie 3.76 (32-bit)
"ShellTools 2.0.0" = ShellTools 2.0.0
"ZoomPlayer" = Zoom Player (remove only)
"Tele2 Mobile Partner" = Tele2 Mobile Partner
"Totalcmd" = Total Commander (Remove or Repair)
"Types" = Types
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 2.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1192358187-4228306993-1132545701-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5.03.2013 17:21:07 | Computer Name = HP_8510w_2 | Source = Application Error | ID = 1000
Description = Faulting application name: palemoon.exe, version: 19.0.0.4802, time
stamp: 0x51293e68 Faulting module name: mozalloc.dll, version: 19.0.0.4802, time
stamp: 0x51292666 Exception code: 0x80000003 Fault offset: 0x0000113c Faulting process
id: 0x1f64 Faulting application start time: 0x01ce19b008c9929d Faulting application
path: C:\Program Files\Mozilla Pale Moon\palemoon.exe Faulting module path: C:\Program
Files\Mozilla Pale Moon\mozalloc.dll Report Id: 9763e9ac-85da-11e2-bfe7-001a4b80aa60

Error - 5.03.2013 21:17:58 | Computer Name = HP_8510w_2 | Source = Application Error | ID = 1000
Description = Faulting application name: m6studio.exe, version: 6.10.71.4, time
stamp: 0x4cf2b229 Faulting module name: m6studio.exe, version: 6.10.71.4, time stamp:
0x4cf2b229 Exception code: 0xc0000005 Fault offset: 0x0000283a Faulting process id:
0x12d8 Faulting application start time: 0x01ce1a07e43925e8 Faulting application path:
C:\Program Files\Microangelo Toolset 6\m6studio.exe Faulting module path: C:\Program
Files\Microangelo Toolset 6\m6studio.exe Report Id: adef467d-85fb-11e2-bfe7-001a4b80aa60

Error - 5.03.2013 22:34:08 | Computer Name = HP_8510w_2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: MODSys.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4a980d57 Exception code: 0xc0000005 Fault offset: 0x03968f00 Faulting
process id: 0x1e94 Faulting application start time: 0x01ce1976e356489e Faulting application
path: C:\Windows\explorer.exe Faulting module path: MODSys.dll Report Id: 5209a334-8606-11e2-bfe7-001a4b80aa60

Error - 6.03.2013 12:56:39 | Computer Name = HP_8510w_2 | Source = Application Error | ID = 1000
Description = Faulting application name: palemoon.exe, version: 19.0.0.4802, time
stamp: 0x51293e68 Faulting module name: mozalloc.dll, version: 19.0.0.4802, time
stamp: 0x51292666 Exception code: 0x80000003 Fault offset: 0x0000113c Faulting process
id: 0x1f94 Faulting application start time: 0x01ce1a6dd24bd979 Faulting application
path: C:\Program Files\Mozilla Pale Moon\palemoon.exe Faulting module path: C:\Program
Files\Mozilla Pale Moon\mozalloc.dll Report Id: cfdc6511-867e-11e2-bfe7-001a4b80aa60

Error - 7.03.2013 9:58:46 | Computer Name = HP_8510w_2 | Source = Application Error | ID = 1000
Description = Faulting application name: palemoon.exe, version: 19.0.0.4802, time
stamp: 0x51293e68 Faulting module name: mozalloc.dll, version: 19.0.0.4802, time
stamp: 0x51292666 Exception code: 0x80000003 Fault offset: 0x0000113c Faulting process
id: 0x1d08 Faulting application start time: 0x01ce1a8c09a056af Faulting application
path: C:\Program Files\Mozilla Pale Moon\palemoon.exe Faulting module path: C:\Program
Files\Mozilla Pale Moon\mozalloc.dll Report Id: 2053c293-872f-11e2-bfe7-001a4b80aa60

Error - 7.03.2013 14:27:36 | Computer Name = HP_8510w_2 | Source = Application Hang | ID = 1002
Description = The program Eudora.exe version 7.1.0.9 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1144 Start Time:
01ce1b5cd3927ad9 Termination Time: 108 Application Path: C:\Program Files\EudoraPro\Eudora.exe

Report
Id: 6a84288b-8754-11e2-bcb2-001a4b80aa60

Error - 7.03.2013 14:38:50 | Computer Name = HP_8510w_2 | Source = Application Hang | ID = 1002
Description = The program Eudora.exe version 7.1.0.9 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1510 Start Time:
01ce1b6222c62c3e Termination Time: 50 Application Path: C:\Program Files\EudoraPro\Eudora.exe

Report
Id: 3afa11fd-8756-11e2-bcb2-001a4b80aa60

Error - 7.03.2013 14:41:59 | Computer Name = HP_8510w_2 | Source = Application Hang | ID = 1002
Description = The program Eudora.exe version 7.1.0.9 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 13f0 Start Time:
01ce1b6303eef38d Termination Time: 51 Application Path: C:\Program Files\EudoraPro\Eudora.exe

Report
Id: 9e8650e3-8756-11e2-bcb2-001a4b80aa60

Error - 7.03.2013 14:44:06 | Computer Name = HP_8510w_2 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_6_602_171.exe, version:
11.6.602.171, time stamp: 0x511ee9e4 Faulting module name: FlashPlayerPlugin_11_6_602_171.exe,
version: 11.6.602.171, time stamp: 0x511ee9e4 Exception code: 0xc0000005 Fault offset:
0x0002ae47 Faulting process id: 0x27c Faulting application start time: 0x01ce1b573ad1bcd1
Faulting
application path: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
Faulting
module path: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
Report
Id: fcd67549-8756-11e2-bcb2-001a4b80aa60

Error - 7.03.2013 14:44:31 | Computer Name = HP_8510w_2 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 19.0.0.4802,
time stamp: 0x51293db3 Faulting module name: NPSWF32_11_6_602_171.dll, version:
11.6.602.171, time stamp: 0x511eeb7e Exception code: 0x80000003 Fault offset: 0x0033881d
Faulting
process id: 0xcb8 Faulting application start time: 0x01ce1b5843ddfa05 Faulting application
path: C:\Program Files\Mozilla Pale Moon\plugin-container.exe Faulting module path:
C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll Report Id: 0bbc9c52-8757-11e2-bcb2-001a4b80aa60

[ Hewlett-Packard Events ]
Error - 10.11.2012 11:09:34 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 11:25:19 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 12:03:59 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 12:05:28 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 12:05:31 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 12:05:32 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 12:05:32 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 12:05:38 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 12:18:09 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

Error - 10.11.2012 13:07:24 | Computer Name = HP_8510w_2 | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 18.02.2013 3:45:03 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 18.02.2013 3:45:04 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 18.02.2013 3:46:46 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 18.02.2013 3:47:37 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 20.02.2013 7:26:10 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 20.02.2013 7:26:13 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 20.02.2013 7:26:16 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 20.02.2013 7:26:17 | Computer Name = HP_8510w_2 | Source = SCardSvr | ID = 610
Description =

Error - 20.02.2013 14:09:05 | Computer Name = HP_8510w_2 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 20.02.2013 23:31:15 | Computer Name = HP_8510w_2 | Source = volsnap | ID = 393252
Description = The shadow copies of volume G: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Fri Mar 08, 2013 4:30 pm

There are some leftovers of Babylon toolbar visible that slipped in with Chrome some time ago.

I also had what looked like a Google redirect virus but without any typical signs other than a strange fixed IP and fixed Google DNS servers. Maybe AVG removed the rest silently. I had to delete AVG though as it deleted several necessary random files. Some were text and I don't thing AVG looks for alternate streams if there were any.
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby blind12 » Fri Mar 08, 2013 4:46 pm

Moonchild wrote:Sessions are stored at regular intervals (the default for Pale moon is 60 seconds, by the way, and not 10 like Firefox...) so if the sessions you get restored are really ancient then it's not saved to disk for the new session. Are you sure Pale Moon isn't being "sandboxed" or running in a "protected" environment? That could explain both the crashes and your sessions not being stored, as well as odd Windows API dlls being loaded like kernelbase.dll that normally aren't present as loaded modules for the application. You may want to check if AVG hasn't inadvertently left behind some parts of its suite causing these issues... And I do recommend trying to create a new Windows user profile to see if that helps your case any.


OK I thought I had changed it to 60 seconds myself in the past.
I do run a copy in Sandboxie quite often but that copy never crashes :)
It doesn't use much resources either.

I have noticed that for quite some time before a crash, addons and many functions start failing, I think that is one possible reason why session doesn't get updated?

Another one is that it seems the profile with lots of tabs has a hard time flushing files or whatever after exiting, as it stays in task list with high processor usage for ages.

It updated now after I made changes and exited immediately after startup before it might start failing, and raised the priority of the closing Palemoon so it would get its work done.
blind12
Moonbather
Moonbather
 
Posts: 30
Joined: Fri Mar 01, 2013 11:19 pm
Location: home

Re: Lots of crashes with mozalloc.dll

Postby Moonchild » Fri Mar 08, 2013 5:49 pm

A few immediate things noticed:

Sandboxie: Running Pale Moon as a "sandboxed web browser" will not save your session unless the sandbox data is kept permanent, just FYI. I personally haven't had issues with sandboxie (an older version though) and running pale Moon in it, so that's less likely to be an issue. If you run Pale Moon within Sandboxie though, make sure it's operating properly and that sandboxie has enough sandboxed disk space to work with for Pale Moon!

Keyscrambler; this piece of software has, and probably will continue to, cause issues when installed because of the way it is designed. I would suggest you try to remove it (not just disable, but completely uninstall including the kernel driver it installs).
(Personally, I think the premise behind it is flawed - assuming that you need to protect your system from snooping software; while you should prevent such software from being installed in the first place. It's also easy to circumvent if you write a keylogger properly... but that aside.)

The number of tabs doesn't matter for the session store, really. Pale Moon can successfully save hundreds of tabs without an issue, and without causing high cpu usage. If things are failing regularly and start failing arbitrarily in Pale Moon, there is definitely something interfering with system run-time operation, and possibly at the I/O level interfering with disk access (keyscrambler operates at this level as well...)

You should certainly grab a copy of memtest as well and test your RAM for defects too (as this kind of behavior is also consistent with failing memory).

There is more software running I'm not familiar with, and looking at the recent issues you have had will all sorts of programs, including access violations in explorer and Eudora, crashing Flash, and this breakpoint crash in Pale Moon, I'd say you'd almost be better off starting with a clean Windows installation, only installing necessary drivers and none of the bloatware, and go from there.
Solutions born from paranoia are never the best solutions. -MC
Image
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
 
Posts: 12148
Joined: Sun Aug 28, 2011 5:27 pm
Location: Sweden

Next

Return to Community support

Who is online

Users browsing this forum: No registered users and 11 guests