Repeated outbound to 5.45.68.199 and runaway svchost.exe process

keukaharv · June 29, 2014

This just started, and seems Firefox related. I get the popup that an outbound to 5.34.68.199 has been blocked, and I also notice my machine slowing due to a high CPU/mem svchost.exe process. I am able to kill it in Task Manager. Nothing from Malwarebytes, and also (based on another post) nothing on ESET On Line Scanner. Any ideas?

keukaharv · June 29, 2014

Disregard FF. Happens with IE and even when no browser is open. Sigh.

kevinf80 · June 30, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

Let me see those logs in your next reply....

Kevin

keukaharv · June 30, 2014

Hi, Kevin, thanks so much. The RogueKiller seems to have found the bad boy (PID 1772). The combined text is too long, so I will post separate repleis for each log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Harv (administrator) on HARV-XP on 30-06-2014 09:09:49
Running from C:\Documents and Settings\Harv\My Documents\Downloads
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\00THotkey.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TouchED\TouchED.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
(TOSHIBA Corp.) C:\WINDOWS\system32\TFNF5.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSODDCtl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM\...\Run: [00THotkey] => C:\WINDOWS\system32\00THotkey.exe [286720 2010-04-28] (TOSHIBA Corporation)
HKLM\...\Run: [000StTHK] => C:\WINDOWS\system32\000StTHK.exe [24576 2001-06-24] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18782720 2009-11-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [241664 2009-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [iTSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TMERzCtl.EXE] => C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [90112 2009-12-09] (TOSHIBA)
HKLM\...\Run: [TMESRV.EXE] => C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [126976 2005-12-14] (TOSHIBA)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
HKLM\...\Run: [TouchED] => C:\Program Files\TOSHIBA\TouchED\TouchED.exe [126976 2005-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [intelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1392640 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1206544 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [TOSDCR] => C:\WINDOWS\system32\TOSDCR.EXE [57344 2005-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\WINDOWS\system32\thpsrv /logon
HKLM\...\Run: [TFncKy] => TFncKy.exe
HKLM\...\Run: [TFNF5] => C:\WINDOWS\system32\TFNF5.exe [1140032 2010-02-02] (TOSHIBA Corp.)
HKLM\...\Run: [TPSODDCtl] => C:\WINDOWS\system32\TPSODDCtl.exe [133696 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [326208 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosHKCW.exe] => C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [225280 2009-07-02] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [DDWMon] => C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] => C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [253312 2009-10-26] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CFSServ.exe] => CFSServ.exe -NoClient
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-03-31] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368 2007-04-25] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {c6fbced5-8d25-11e0-b96e-002710575b94} - E:\SISetup.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {f3e1346d-efd8-11e3-bfd2-002710575b94} - E:\LaunchU3.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {f3e37a38-55ba-11e1-bad5-002710575b94} - E:\autorun.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\Harv\Start Menu\Programs\Startup\Shortcut to taskmgr.lnk
ShortcutTarget: Shortcut to taskmgr.lnk -> C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
DPF: {0E7BF51C-B11F-49EF-90C5-33FF6ED08C54} http://vc.omicsgroup.net/autodownload/ConfAUpdate.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297578536046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://myhknetwork.hkusa.com/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12-16655/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Harv\Application Data\Mozilla\Firefox\Profiles\1gtwbykv.default-1397427405718
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Harv\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-30]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-02-13]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-31]

========================== Services (Whitelisted) =================

S3 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [408576 2009-02-09] (Microsoft Corporation) [File not signed]
S3 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-02-13] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 MySQL; C:\MySQLServer5.0\my.ini [9203 2013-04-24] () [File not signed]
S3 napagent; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [123320 2011-05-09] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [408576 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [954368 2009-09-21] (Intel® Corporation) [File not signed]
S3 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation)
R2 Tmesrv; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [126976 2005-12-14] (TOSHIBA) [File not signed]
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-05] (TOSHIBA Corporation)
S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2010-02-05] (TOSHIBA Corporation)
S2 W32Time; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S2 WebClient; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1659624 2011-08-18] (RealVNC Ltd)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-06] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [160424 2009-09-23] (Intel Corporation)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-18] (Infineon Technologies AG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-30] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 mv2; C:\WINDOWS\System32\DRIVERS\mv2.sys [10304 2008-02-10] (UVNC BVBA)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-15] (Intel Corporation)
R3 pflt; C:\WINDOWS\System32\DRIVERS\vfilter.sys [24192 2010-09-02] (Shrew Soft Inc)
R2 risdpcie; C:\WINDOWS\System32\DRIVERS\risdpe86.sys [48128 2009-11-28] (REDC)
R2 rixdpcie; C:\WINDOWS\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2009-08-10] (Intel Corporation)
R2 tdudf; C:\WINDOWS\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
R1 TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [5888 2004-06-16] (Toshiba Corporation) [File not signed]
R2 trudf; C:\WINDOWS\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
R2 TVALZFL; C:\WINDOWS\System32\DRIVERS\TVALZFL.sys [4992 2008-05-01] (TOSHIBA Corporation) [File not signed]
R3 vncmirror; C:\WINDOWS\System32\DRIVERS\vncmirror.sys [4608 2011-08-18] (RealVNC Ltd.)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [280344 2005-01-26] (Zone Labs LLC)
S2 ASPI32; No ImagePath
S3 ATSwpWDF; System32\Drivers\ATSwpWDF.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 IntelIde; No ImagePath
U2 SENS;
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-30 09:09 - 2014-06-30 09:09 - 00000000 ____D () C:\FRST
2014-06-30 08:59 - 2014-06-30 08:59 - 00000314 _____ () C:\WINDOWS\Tasks\HP WEP.job
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Real
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-06-29 18:15 - 2014-06-29 18:15 - 00001824 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000793 _____ () C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-06-29 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-29 14:23 - 2014-06-29 14:23 - 00000000 ____D () C:\Program Files\ESET
2014-06-29 13:04 - 2014-06-29 13:04 - 00321220 ____S () C:\WINDOWS\system32\ueuj.pfi
2014-06-26 18:18 - 2014-06-26 18:22 - 00010434 _____ () C:\Documents and Settings\Harv\My Documents\Pain Au Levain.xlsx
2014-06-25 11:19 - 2014-06-25 11:20 - 00004775 _____ () C:\WirelessDiagLog.csv
2014-06-18 08:18 - 2014-06-18 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 18:11 - 2014-06-23 09:18 - 00009332 _____ () C:\Documents and Settings\Harv\Desktop\New Client Sums.xlsx
2014-06-17 17:42 - 2014-06-17 18:11 - 00462848 _____ () C:\Documents and Settings\Harv\My Documents\ACCC.accdb
2014-06-16 20:26 - 2014-06-30 09:05 - 00000035 _____ () C:\WINDOWS\Ulead32.INI
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Program Files\Microtek
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Kpcms
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microtek ScanWizard 5 for Windows
2014-06-16 20:20 - 2007-04-11 09:47 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM20w.dll
2014-06-16 20:20 - 2007-01-16 14:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM24w.dll
2014-06-16 20:20 - 2006-04-25 22:14 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM23w.dll
2014-06-16 20:20 - 2005-07-22 11:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM21w.dll
2014-06-16 20:20 - 2005-07-01 14:05 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM22w.dll
2014-06-16 20:20 - 2005-03-07 13:54 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM1FW.dll
2014-06-16 20:20 - 2005-03-02 09:17 - 00030557 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD17.dll
2014-06-16 20:20 - 2005-01-26 19:30 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM0Aw.dll
2014-06-16 20:20 - 2004-12-02 18:27 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM0Bw.dll
2014-06-16 20:20 - 2004-07-19 08:44 - 00044491 _____ () C:\WINDOWS\system32\MiiIniFile13.ini
2014-06-16 20:20 - 2004-07-16 18:20 - 00126976 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM13w.dll
2014-06-16 20:20 - 2004-07-16 14:53 - 00118784 _____ (Realtek) C:\WINDOWS\system32\MiiRTS8822.dll
2014-06-16 20:20 - 2004-04-12 11:27 - 00106496 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM1CW.dll
2014-06-16 20:20 - 2004-03-25 14:38 - 00114688 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM17W.dll
2014-06-16 20:20 - 2004-02-18 09:28 - 00035589 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD12.dll
2014-06-16 20:20 - 2004-02-18 09:27 - 00030565 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD15.dll
2014-06-16 20:20 - 2004-01-08 11:39 - 00184320 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM0CW.dll
2014-06-16 20:20 - 2003-10-08 15:26 - 00208896 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM08w.dll
2014-06-16 20:20 - 2003-08-11 12:54 - 00204800 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSME6w.dll
2014-06-16 20:20 - 2003-07-18 11:42 - 00030565 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD13.dll
2014-06-16 20:20 - 2003-07-17 16:12 - 00012499 _____ (Microtek International Inc.) C:\WINDOWS\system32\Msmusd7.dll
2014-06-16 20:20 - 2003-07-08 18:06 - 00192512 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSME4W.dll
2014-06-16 20:20 - 2003-06-11 12:03 - 00015396 _____ (Microtek International Inc.) C:\WINDOWS\system32\Msmusd5.dll
2014-06-16 20:20 - 2003-05-07 12:02 - 00208896 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSME5w.dll
2014-06-16 20:20 - 2003-05-01 19:14 - 00030053 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD11.dll
2014-06-16 20:20 - 2003-04-24 19:00 - 00035589 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD10.dll
2014-06-16 20:20 - 2003-03-19 16:57 - 00030013 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD9.dll
2014-06-16 20:20 - 2003-03-07 08:56 - 00098304 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMD8w.dll
2014-06-16 20:20 - 2002-10-30 15:21 - 00062947 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMC1W.dll
2014-06-16 20:20 - 2002-10-21 11:06 - 00038215 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM8BW.dll
2014-06-16 20:20 - 2002-10-08 18:53 - 00041733 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMB1W.dll
2014-06-16 20:20 - 2002-07-16 15:29 - 00067522 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMD9W.dll
2014-06-16 20:20 - 2002-04-18 15:46 - 00073601 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMD4W.dll
2014-06-16 20:20 - 2002-03-27 16:34 - 00072584 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMCFw.dll
2014-06-16 20:20 - 2002-02-06 10:37 - 00030030 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD7.dll
2014-06-16 20:20 - 2001-12-26 08:47 - 00035563 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD.dll
2014-06-16 20:20 - 2001-12-18 14:48 - 00062462 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMCEw.dll
2014-06-16 20:20 - 2001-10-22 11:28 - 00035246 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMBDW.dll
2014-06-16 20:20 - 2001-10-22 11:28 - 00034720 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMB0W.dll
2014-06-16 20:20 - 2001-08-29 13:22 - 00035906 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMC9W.dll
2014-06-16 20:20 - 2001-08-29 13:22 - 00035906 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMA7W.dll
2014-06-16 20:20 - 2001-06-20 15:44 - 00013962 _____ ( Microtek International Inc.) C:\WINDOWS\system32\Msmusd6.dll
2014-06-16 20:20 - 1998-09-14 08:41 - 00285216 _____ () C:\WINDOWS\system32\Drivers\Onsio.sys
2014-06-16 20:20 - 1998-08-01 12:00 - 00060928 _____ (OnSpec Electronic, Inc.) C:\WINDOWS\system32\Drivers\Smplscsi.sys
2014-06-16 20:20 - 1997-02-14 13:10 - 00007680 _____ () C:\WINDOWS\system32\Drivers\Onsreged.sys
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\Harv\Start Menu\Programs\HP
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2014-06-09 10:30 - 2010-06-29 15:15 - 00286720 _____ (Software 2000 Limited) C:\WINDOWS\system32\HP1006LM.DLL
2014-06-09 10:30 - 2010-01-13 12:43 - 00080399 _____ () C:\WINDOWS\system32\WRes1200.txt
2014-06-09 10:30 - 2010-01-13 12:43 - 00001071 _____ () C:\WINDOWS\system32\W600dpi.txt
2014-06-09 10:30 - 2010-01-13 12:42 - 00080399 _____ () C:\WINDOWS\system32\HRes600.txt
2014-06-09 10:30 - 2010-01-13 12:42 - 00080399 _____ () C:\WINDOWS\system32\HRes1200.txt
2014-06-09 10:30 - 2010-01-13 12:42 - 00065536 _____ () C:\WINDOWS\system32\HPPLVS.dll
2014-06-09 10:29 - 2014-06-09 10:30 - 00000000 ___HD () C:\Program Files\Avago-HP
2014-06-09 10:27 - 2014-06-09 10:29 - 00000000 ____D () C:\hp_P1000_P1500_Full_Solution

==================== One Month Modified Files and Folders =======

2014-06-30 09:10 - 2011-02-12 13:22 - 00000000 ____D () C:\Documents and Settings\Harv\Local Settings\Temp
2014-06-30 09:09 - 2014-06-30 09:09 - 00000000 ____D () C:\FRST
2014-06-30 09:09 - 2011-07-14 20:09 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-30 09:06 - 2010-03-30 15:07 - 00000211 _____ () C:\WINDOWS\wiadebug.log
2014-06-30 09:05 - 2014-06-16 20:26 - 00000035 _____ () C:\WINDOWS\Ulead32.INI
2014-06-30 09:05 - 2010-03-30 23:49 - 00000644 _____ () C:\WINDOWS\win.ini
2014-06-30 08:59 - 2014-06-30 08:59 - 00000314 _____ () C:\WINDOWS\Tasks\HP WEP.job
2014-06-30 08:50 - 2014-04-11 09:42 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 08:50 - 2014-04-04 07:59 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-30 08:50 - 2014-04-04 07:59 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-30 08:50 - 2010-03-30 23:49 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-30 08:49 - 2010-03-30 15:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-30 08:48 - 2014-03-31 10:30 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-30 08:48 - 2013-07-05 20:48 - 03988164 _____ () C:\video0.dat
2014-06-30 08:48 - 2012-03-13 10:19 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 08:48 - 2010-03-30 23:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-29 20:43 - 2012-12-11 19:50 - 04246711 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3351214520-3263132721-647948471-1013-0.dat
2014-06-29 20:43 - 2012-12-11 19:50 - 00293046 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-06-29 20:43 - 2012-05-12 11:14 - 01788160 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-06-29 20:43 - 2011-02-12 13:22 - 00000178 ___SH () C:\Documents and Settings\Harv\ntuser.ini
2014-06-29 20:43 - 2010-03-30 23:11 - 00032450 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-29 20:43 - 2010-03-30 23:08 - 01689747 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-29 20:31 - 2012-03-13 10:19 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 19:47 - 2014-03-31 10:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-29 18:17 - 2011-12-28 21:01 - 00072912 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Real
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-06-29 18:16 - 2011-12-28 21:01 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp
2014-06-29 18:15 - 2014-06-29 18:15 - 00001824 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000793 _____ () C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-06-29 18:15 - 2011-12-28 21:01 - 00000799 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Windows Media Player.lnk
2014-06-29 15:37 - 2013-12-18 18:24 - 00000000 ____D () C:\AdwCleaner
2014-06-29 15:37 - 2011-02-12 13:22 - 00000000 ____D () C:\Documents and Settings\Harv
2014-06-29 14:23 - 2014-06-29 14:23 - 00000000 ____D () C:\Program Files\ESET
2014-06-29 13:50 - 2011-02-11 07:20 - 00000000 ____D () C:\Temp
2014-06-29 13:04 - 2014-06-29 13:04 - 00321220 ____S () C:\WINDOWS\system32\ueuj.pfi
2014-06-29 12:43 - 2010-03-30 15:06 - 00419287 _____ () C:\WINDOWS\setupapi.log
2014-06-29 12:43 - 2010-03-30 15:06 - 00211590 _____ () C:\WINDOWS\setupact.log
2014-06-26 18:22 - 2014-06-26 18:18 - 00010434 _____ () C:\Documents and Settings\Harv\My Documents\Pain Au Levain.xlsx
2014-06-25 11:20 - 2014-06-25 11:19 - 00004775 _____ () C:\WirelessDiagLog.csv
2014-06-24 11:25 - 2013-09-11 15:25 - 00000000 ____D () C:\Documents and Settings\Harv\My Documents\WineComp
2014-06-24 11:25 - 2011-12-06 18:02 - 00000000 ____D () C:\Documents and Settings\Harv\My Documents\PYFC
2014-06-24 08:25 - 2013-05-09 08:25 - 00000406 _____ () C:\WINDOWS\Tasks\At1.job
2014-06-23 21:32 - 2011-03-23 14:00 - 00000000 ____D () C:\Documents and Settings\Harv\Application Data\com.oxygenxml
2014-06-23 14:35 - 2013-10-22 12:41 - 00000000 ____D () C:\Documents and Settings\Harv\My Documents\FLCMF
2014-06-23 09:18 - 2014-06-17 18:11 - 00009332 _____ () C:\Documents and Settings\Harv\Desktop\New Client Sums.xlsx
2014-06-19 10:09 - 2014-04-24 18:35 - 00000000 ____D () C:\Documents and Settings\Harv\Local Settings\Application Data\join.me
2014-06-19 07:20 - 2012-05-04 13:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 08:18 - 2014-06-18 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 18:11 - 2014-06-17 17:42 - 00462848 _____ () C:\Documents and Settings\Harv\My Documents\ACCC.accdb
2014-06-17 08:29 - 2013-05-20 16:10 - 00149504 ___SH () C:\Documents and Settings\Harv\Desktop\Thumbs.db
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Program Files\Microtek
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Kpcms
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microtek ScanWizard 5 for Windows
2014-06-16 20:20 - 2010-03-30 23:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-16 20:20 - 2010-03-30 15:02 - 00000000 ____D () C:\WINDOWS\twain_32
2014-06-16 09:51 - 2014-03-08 11:36 - 00000000 ___RD () C:\Documents and Settings\Harv\My Documents\Dropbox
2014-06-13 07:59 - 2014-04-04 07:59 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-10 13:38 - 2013-11-15 09:02 - 00557056 _____ () C:\Documents and Settings\Harv\My Documents\DBTesting.accdb
2014-06-10 07:45 - 2011-06-02 10:39 - 00000000 ____D () C:\Program Files\HP
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\Harv\Start Menu\Programs\HP
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2014-06-09 10:30 - 2014-06-09 10:29 - 00000000 ___HD () C:\Program Files\Avago-HP
2014-06-09 10:30 - 2011-06-02 10:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-06-09 10:29 - 2014-06-09 10:27 - 00000000 ____D () C:\hp_P1000_P1500_Full_Solution

ZeroAccess:
C:\Windows\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}
C:\Windows\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}\@

ZeroAccess:
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81}
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81}\@
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81}\L\00000004.@

Files to move or delete:
====================
C:\Documents and Settings\Harv\appa.bat
C:\Documents and Settings\Harv\gotoehs.bat
C:\Documents and Settings\Harv\gotomm.bat
C:\Documents and Settings\Harv\gotomm37.bat
C:\Documents and Settings\Harv\groovy.bat
C:\Documents and Settings\Harv\iet.bat
C:\Windows\Tasks\At1.job

Some content of TEMP:
====================
C:\Documents and Settings\Guest\Local Settings\Temp\tmp7.exe
C:\Documents and Settings\Harv\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Meggy\Local Settings\Temp\tmpCC.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2010-03-30 23:49] - [2009-02-09 08:10] - 0408576 ____A (Microsoft Corporation) 6e7bc44bf0ec41e7f81cd514c9f73f8d

keukaharv · June 30, 2014

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Harv at 2014-06-30 09:10:39
Running from C:\Documents and Settings\Harv\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ADDS Flight Path Tool (HKCU\...\ADDS Flight Path Tool) (Version: - Aviation Weather Center)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.303.213 - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.07(T) - TOSHIBA CORPORATION)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Celestron's TheSky (Remove only) (HKLM\...\{AB6E84D0-AA30-11D1-A245-00A024C41DAA}) (Version: - )
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Conference (HKLM\...\Conference) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{2528825D-9FB9-4680-88B2-51D245D7B269}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{2528825D-9FB9-4680-88B2-51D245D7B269}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.7.48 - Dropbox, Inc.)
Elevated Installer (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Garmin Communicator Plugin (HKLM\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version: - )
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPCarePackCore (HKLM\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (Version: 1.0.0.1 - HP) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
ImageMagick 6.8.0-10 Q16 (2013-01-01) (HKLM\...\ImageMagick 6.8.0 Q16_is1) (Version: 6.8.0 - ImageMagick Studio LLC)
ImageMagick 6.8.8-7 Q16 (32-bit) (2014-03-01) (HKLM\...\ImageMagick 6.8.8 Q16 (32-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Intel PROSet Wireless (Version: - ) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5231 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{43507E5B-94A0-4E56-9C7B-FAAAFBDB5904}) (Version: 13.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java SE Development Kit 6 Update 18 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160180}) (Version: 1.6.0.180 - Sun Microsystems, Inc.)
join.me (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Standard 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Project 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{8A8F117F-8EDB-440D-B679-F08909D729F7}) (Version: - Microsoft)
Microsoft Project 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Project Standard 2010 (HKLM\...\Office14.PRJSTD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{4A7A3985-3D9B-4420-AC85-F9FF8DB2170C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visio 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}) (Version: - Microsoft)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MrvlUsgTracking (HKLM\...\{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}) (Version: 1.0.1 - Marvell)
MrvlUsgTracking (HKLM\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
MySQL Server 5.0 (HKLM\...\{1944C6DC-0F0C-472A-8D0F-047297EE7B0A}) (Version: 5.0.41 - MySQL AB)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.7 - )
Oxygen XML Editor 13.2 (HKLM\...\8531-1278-6363-8538) (Version: 13.2 - SyncRO Soft)
PuTTY version 0.60 (HKLM\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5972 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RICOH R5U230 Media Driver ver.2.08.03.03 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.08.03.03 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
ScorpionSaver (HKLM\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
TOSHIBA Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: - )
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.18 - )
TOSHIBA Controls (HKLM\...\InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}) (Version: v3.37.4310 - TOSHIBA Corporation)
TOSHIBA Controls (Version: v3.37.4310 - TOSHIBA Corporation) Hidden
TOSHIBA Direct Disc Writer (HKLM\...\{400830CA-F056-4BBE-80A3-9DF9CA4FB889}) (Version: 1.1.0.0b - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Display Devices Change Utility (HKLM\...\TDspBtn) (Version: - )
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 2.50.1.05-A - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.4 - TOSHIBA Corporation) Hidden
TOSHIBA Hotkey Utility for Display Devices (HKLM\...\TFNF5) (Version: - )
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Mobile Extension3 (HKLM\...\{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}) (Version: 3.91.00.XP - TOSHIBA)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA Password Utility (HKLM\...\InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}) (Version: 2.01.10 - TOSHIBA Corporation)
TOSHIBA Password Utility (Version: 2.01.10 - TOSHIBA Corporation) Hidden
TOSHIBA PC Diagnostic Tool (HKLM\...\InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}) (Version: 3.2.15 - TOSHIBA Corporation)
TOSHIBA PC Diagnostic Tool (Version: 3.2.15 - TOSHIBA Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.6.0 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}) (Version: 7.13.04 - )
TOSHIBA Power Saver (Version: 7.13.04 - ) Hidden
TOSHIBA Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 1.1.0.0 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 1.2.1 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: - Agere Systems)
TOSHIBA TouchPad On/Off Utility V2.5.1.0 (HKLM\...\{24300A63-DD78-4AA5-A914-4D582C41D33A}) (Version: 2.5.1.0 - TOSHIBA)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Utilities (HKLM\...\InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}) (Version: 4.30.24 - TOSHIBA Corporation)
TOSHIBA Utilities (Version: 4.30.24 - TOSHIBA Corporation) Hidden
TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: 2.0.0.25 - TOSHIBA)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wnyiper (Version: 012.000.1585 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (Version: 013.000.2118 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0169 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (Version: 013.000.1453 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Uninstall for TOSHIBA Mobile Extension3 (Version: - ) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJSTD_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJSTD_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJSTD_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJSTD_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6C4E1D7E-EEB2-4EDE-8B39-9844D8AD9273}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6C4E1D7E-EEB2-4EDE-8B39-9844D8AD9273}) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
VC9RunTime (HKLM\...\{5A37B181-B8D0-48C3-B4A4-5DC1ED104CED}) (Version: 1.0.0 - Default Company Name)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Personal Edition P4.6.3 (HKLM\...\RealVNC_is1) (Version: P4.6.3 - RealVNC Ltd)
VNC Printer Driver 1.7.0 (HKLM\...\VNCPrinter_is1) (Version: 1.7.0 - RealVNC Ltd.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Infineon Technologies AG (IFXTPM) System (12/14/2007 2.01.0001.00) (HKLM\...\6AA30ABF1916CC0CB3167372846F0DC7B513891A) (Version: 12/14/2007 2.01.0001.00 - Infineon Technologies AG)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Rights Management Client with Service Pack 2 (HKLM\...\{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}) (Version: 5.2.95 - Microsoft)
Wireless Hotkey (HKLM\...\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}) (Version: 3.0.0.9 - TOSHIBA)
XP Snipping Tool (HKCU\...\f2174cf653f9a7ac) (Version: 1.0.0.13 - XPSnippingTool)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2010-03-30 23:48 - 2013-08-28 08:34 - 00000732 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Harv\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP WEP.job => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exeHarv$Task for execution of hpbdfawep.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3351214520-3263132721-647948471-1013.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3351214520-3263132721-647948471-1013.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2011-06-02 10:39 - 2009-10-23 11:18 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
2011-09-19 11:14 - 2011-08-18 14:45 - 00026112 _____ () C:\WINDOWS\system32\VNCpm.dll
2011-06-02 10:39 - 2009-10-23 11:18 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2011-06-02 10:39 - 2009-10-23 11:18 - 02256896 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hp1100su.dll
2011-06-02 10:39 - 2009-10-23 11:18 - 00794624 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1100GC.dll
2012-11-29 17:59 - 2012-11-29 17:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-11-08 11:15 - 2010-11-08 11:15 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2011-05-23 09:25 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-06-18 08:18 - 2014-06-18 08:18 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-11 12:14 - 2013-12-11 12:14 - 16242056 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: CTFMON.EXE =>
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: MSMSGS =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: smoothview =>
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: swg =>

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 09:07:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application ScanWizard5.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/30/2014 08:50:08 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/30/2014 08:49:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (06/30/2014 08:49:44 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/29/2014 07:39:06 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/29/2014 07:38:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (06/29/2014 07:38:59 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/29/2014 04:33:37 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/29/2014 04:33:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (06/29/2014 04:33:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

System errors:
=============
Error: (06/30/2014 08:50:59 AM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/29/2014 07:49:53 PM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/29/2014 06:18:01 PM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/29/2014 04:35:20 PM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/29/2014 01:46:13 PM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/29/2014 01:23:00 PM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/29/2014 00:44:39 PM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/28/2014 11:47:07 AM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/28/2014 10:21:38 AM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (06/27/2014 07:39:26 PM) (Source: DCOM) (EventID: 10005) (User: HARV-XP)
Description: DCOM got error "%%1058" attempting to start the service TPCHSrv with arguments ""
in order to run the server:
{45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 2928.35 MB
Available physical RAM: 1560.45 MB
Total Pagefile: 4813.25 MB
Available Pagefile: 3602.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.61 MB

==================== Drives ================================

Drive c: (TI105938P0A) (Fixed) (Total:287.04 GB) (Free:247.54 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 275C275B)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=1C)

==================== End Of Log ============================

keukaharv · June 30, 2014

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Harv [Admin rights]
Mode : Scan -- Date : 06/30/2014 09:19:59

¤¤¤ Bad processes : 2 ¤¤¤
[Root.Zekos] svchost.exe -- C:\WINDOWS\system32\svchost.exe[x] -> [NoKill]
[svchost] svchost.exe -- C:\WINDOWS\system32\svchost.exe[x] -> [NoKill]

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3351214520-3263132721-647948471-1013\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] At1.job -- C:\DOCUME~1\Harv\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND

¤¤¤ Files : 3 ¤¤¤
[ZeroAccess][File] @ -- C:\WINDOWS\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}\@ -> FOUND
[ZeroAccess][Folder] L -- C:\WINDOWS\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}\L -> FOUND
[ZeroAccess][Folder] U -- C:\WINDOWS\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}\U -> FOUND

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 492 ¤¤¤
[EAT:Addr] (firefox.exe) xul.dll - Ebml_EndSubElement : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410601
[EAT:Addr] (firefox.exe) xul.dll - Ebml_Serialize : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410553
[EAT:Addr] (firefox.exe) xul.dll - Ebml_SerializeUnsigned : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410712
[EAT:Addr] (firefox.exe) xul.dll - Ebml_StartSubElement : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x14105c4
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_first_frame_is_hidden : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f80c9
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_blend_op : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f80b0
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_delay_den : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f807d
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_delay_num : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f8063
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_dispose_op : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f8097
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_height : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f8018
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_width : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7fff
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_x_offset : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f8031
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_get_next_frame_y_offset : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f804a
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_set_acTL : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fcae7
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_set_first_frame_is_hidden : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fcca0
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_set_num_plays : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7fe6
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_set_prog_frame_fn : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f97d9
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_write_frame_head : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fd02e
[EAT:Addr] (firefox.exe) xul.dll - MOZ_APNG_write_frame_tail : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fd0a2
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_cr_info_str : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f5ec9
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_cr_read_str : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9806
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_cr_write_str : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fcea0
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_dest_read_str : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9920
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_dest_write_str : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fcfd6
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_free_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f5f3a
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_IHDR : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7eca
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_cHRM : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7d5d
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_channels : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7d47
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_gAMA : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7dfc
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_iCCP : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7e56
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_io_ptr : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f97f9
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_progressive_ptr : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f97f9
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_sRGB : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7e2b
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_tRNS : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7f76
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_get_valid : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7d2d
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_longjmp : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7d05
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_process_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f81a7
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_process_data_pause : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f8234
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_progressive_combine_row : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9789
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_read_update_info : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9842
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_IHDR : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fc885
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_cHRM : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fc708
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_crc_action : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f99c4
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_expand : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9bdb
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_gAMA : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fc842
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_gamma : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9b59
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_gray_to_rgb : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9bf4
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_interlace_handling : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fccc4
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_longjmp_fn : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f7c18
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_progressive_read_fn : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f97a3
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_scale_16 : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f9a8e
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_set_write_fn : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fcd25
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_write_end : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fce52
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_write_info : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fcde6
[EAT:Addr] (firefox.exe) xul.dll - MOZ_PNG_write_row : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fcf0c
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XMLCheckQName : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x121b51c
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XMLIsLetter : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x121b644
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XMLIsNCNameChar : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x121b6a6
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XMLTranslateEntity : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x121b70e
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_ExternalEntityParserCreate : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120b8b3
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetBase : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bcba
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetCurrentByteIndex : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120c2f5
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetCurrentColumnNumber : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120c352
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetCurrentLineNumber : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120c30c
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetErrorCode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1210091
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetIdAttributeIndex : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bcd0
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetMismatchedTag : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120c397
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_GetSpecifiedAttributeCount : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bcc5
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_Parse : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bdce
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_ParserCreate_MM : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120b508
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_ParserFree : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bb33
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_ResumeParser : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120c225
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetBase : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bc81
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetCdataSectionHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd12
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetCharacterDataHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bcee
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetCommentHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd06
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetDefaultHandlerExpand : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd25
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetDoctypeDeclHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd38
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetElementHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bcdb
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetExternalEntityRefHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd76
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetExternalEntityRefHandlerArg : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd82
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetNamespaceDeclHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd63
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetNotationDeclHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd57
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetParamEntityParsing : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bda9
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetProcessingInstructionHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bcfa
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetReturnNSTriplet : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bc49
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetUnparsedEntityDeclHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd4b
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetUserData : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bc6c
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_SetXmlDeclHandler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd9a
[EAT:Addr] (firefox.exe) xul.dll - MOZ_XML_StopParser : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120c1bf
[EAT:Addr] (firefox.exe) xul.dll - ShCompile : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea107
[EAT:Addr] (firefox.exe) xul.dll - ShConstructCompiler : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea04e
[EAT:Addr] (firefox.exe) xul.dll - ShDestruct : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea0de
[EAT:Addr] (firefox.exe) xul.dll - ShFinalize : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea024
[EAT:Addr] (firefox.exe) xul.dll - ShGetActiveAttrib : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea24b
[EAT:Addr] (firefox.exe) xul.dll - ShGetActiveUniform : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea272
[EAT:Addr] (firefox.exe) xul.dll - ShGetInfo : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea137
[EAT:Addr] (firefox.exe) xul.dll - ShGetInfoLog : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea1e5
[EAT:Addr] (firefox.exe) xul.dll - ShGetObjectCode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12ea218
[EAT:Addr] (firefox.exe) xul.dll - ShInitialize : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12e9fcf
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_create_device : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12592ea
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_create_device_from_d3d10device : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1258fd5
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_device_get_device : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307351
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_get_dc : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260eec
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_get_image_surface_cache_usage : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260ff7
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_get_surface_vram_usage : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260ffd
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_present_backbuffer : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12597eb
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_release_dc : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260f79
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_scroll : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260d2f
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_surface_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260471
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_surface_create_for_handle : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12607a5
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_surface_create_for_hwnd : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12600e6
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_surface_create_for_texture : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260a88
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_surface_get_height : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x126103c
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_surface_get_texture : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1260cf2
[EAT:Addr] (firefox.exe) xul.dll - cairo_d2d_surface_get_width : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1261008
[EAT:Addr] (firefox.exe) xul.dll - cairo_dwrite_font_face_create_for_dwrite_fontface : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1258278
[EAT:Addr] (firefox.exe) xul.dll - cairo_dwrite_get_cleartype_rendering_mode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x125836b
[EAT:Addr] (firefox.exe) xul.dll - cairo_dwrite_scaled_font_allow_manual_show_glyphs : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12582a6
[EAT:Addr] (firefox.exe) xul.dll - cairo_dwrite_scaled_font_get_force_GDI_classic : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12582e8
[EAT:Addr] (firefox.exe) xul.dll - cairo_dwrite_scaled_font_set_force_GDI_classic : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12582b5
[EAT:Addr] (firefox.exe) xul.dll - cairo_dwrite_set_cleartype_params : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12582f9
[EAT:Addr] (firefox.exe) xul.dll - cairo_null_surface_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1234733
[EAT:Addr] (firefox.exe) xul.dll - cairo_release_device : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12593b3
[EAT:Addr] (firefox.exe) xul.dll - cairo_surface_attach_snapshot : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12507a9
[EAT:Addr] (firefox.exe) xul.dll - cairo_win32_get_dc_with_clip : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x122cc9c
[EAT:Addr] (firefox.exe) xul.dll - cairo_win32_get_system_text_quality : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1228fe7
[EAT:Addr] (firefox.exe) xul.dll - cairo_win32_surface_create_with_alpha : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x122cb6e
[EAT:Addr] (firefox.exe) xul.dll - cairo_win32_surface_get_height : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x122dcb6
[EAT:Addr] (firefox.exe) xul.dll - cairo_win32_surface_get_width : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x122dca1
[EAT:Addr] (firefox.exe) xul.dll - cairo_win32_surface_set_can_convert_to_dib : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x122dc6a
[EAT:Addr] (firefox.exe) xul.dll - cubeb_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe041
[EAT:Addr] (firefox.exe) xul.dll - cubeb_get_max_channel_count : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fdfcf
[EAT:Addr] (firefox.exe) xul.dll - cubeb_get_min_latency : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fdfef
[EAT:Addr] (firefox.exe) xul.dll - cubeb_get_preferred_sample_rate : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe021
[EAT:Addr] (firefox.exe) xul.dll - cubeb_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fdf8f
[EAT:Addr] (firefox.exe) xul.dll - cubeb_stream_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe0c6
[EAT:Addr] (firefox.exe) xul.dll - cubeb_stream_get_latency : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe126
[EAT:Addr] (firefox.exe) xul.dll - cubeb_stream_get_position : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe104
[EAT:Addr] (firefox.exe) xul.dll - cubeb_stream_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe051
[EAT:Addr] (firefox.exe) xul.dll - cubeb_stream_start : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe0d8
[EAT:Addr] (firefox.exe) xul.dll - cubeb_stream_stop : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fe0ee
[EAT:Addr] (firefox.exe) xul.dll - gr_cinfo_after : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x125074d
[EAT:Addr] (firefox.exe) xul.dll - gr_cinfo_base : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307351
[EAT:Addr] (firefox.exe) xul.dll - gr_cinfo_before : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f96cb
[EAT:Addr] (firefox.exe) xul.dll - gr_cinfo_break_weight : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306944
[EAT:Addr] (firefox.exe) xul.dll - gr_cinfo_unicode_char : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x135732e
[EAT:Addr] (firefox.exe) xul.dll - gr_count_unicode_characters : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306ea6
[EAT:Addr] (firefox.exe) xul.dll - gr_engine_version : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306cfa
[EAT:Addr] (firefox.exe) xul.dll - gr_face_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306da5
[EAT:Addr] (firefox.exe) xul.dll - gr_face_featureval_for_lang : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306ad9
[EAT:Addr] (firefox.exe) xul.dll - gr_face_find_fref : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306af3
[EAT:Addr] (firefox.exe) xul.dll - gr_face_fref : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306b13
[EAT:Addr] (firefox.exe) xul.dll - gr_face_info : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306b54
[EAT:Addr] (firefox.exe) xul.dll - gr_face_is_char_supported : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306b73
[EAT:Addr] (firefox.exe) xul.dll - gr_face_lang_by_index : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306b2c
[EAT:Addr] (firefox.exe) xul.dll - gr_face_n_fref : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306b0a
[EAT:Addr] (firefox.exe) xul.dll - gr_face_n_glyphs : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306b48
[EAT:Addr] (firefox.exe) xul.dll - gr_face_n_languages : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306b23
[EAT:Addr] (firefox.exe) xul.dll - gr_featureval_clone : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306ca8
[EAT:Addr] (firefox.exe) xul.dll - gr_featureval_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306ce0
[EAT:Addr] (firefox.exe) xul.dll - gr_font_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306da5
[EAT:Addr] (firefox.exe) xul.dll - gr_fref_feature_value : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306bb4
[EAT:Addr] (firefox.exe) xul.dll - gr_fref_id : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306bf1
[EAT:Addr] (firefox.exe) xul.dll - gr_fref_label : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306c2e
[EAT:Addr] (firefox.exe) xul.dll - gr_fref_n_values : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306bfe
[EAT:Addr] (firefox.exe) xul.dll - gr_fref_set_feature_value : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306bcc
[EAT:Addr] (firefox.exe) xul.dll - gr_fref_value : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306c0c
[EAT:Addr] (firefox.exe) xul.dll - gr_fref_value_label : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306c63
[EAT:Addr] (firefox.exe) xul.dll - gr_label_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1356b89
[EAT:Addr] (firefox.exe) xul.dll - gr_make_face : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306a35
[EAT:Addr] (firefox.exe) xul.dll - gr_make_face_with_ops : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13069e4
[EAT:Addr] (firefox.exe) xul.dll - gr_make_font : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306d25
[EAT:Addr] (firefox.exe) xul.dll - gr_make_font_with_advance_fn : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306d73
[EAT:Addr] (firefox.exe) xul.dll - gr_make_font_with_ops : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306d3e
[EAT:Addr] (firefox.exe) xul.dll - gr_make_seg : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306f2e
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_advance_X : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306fae
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_advance_Y : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306fc6
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_cinfo : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306fe6
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306f96
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_first_slot : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307005
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_justify : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307015
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_last_slot : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130700d
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_n_cinfo : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306fde
[EAT:Addr] (firefox.exe) xul.dll - gr_seg_n_slots : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306ffd
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_advance_X : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307283
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_advance_Y : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13072e5
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_after : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130731b
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_attached_to : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307224
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_attr : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130732b
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_before : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307313
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_can_insert_before : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307341
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_first_attachment : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130722c
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_gid : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130723c
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_index : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307323
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_linebreak_before : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307359
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_next_in_segment : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x135732e
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_next_sibling_attachment : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307234
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_origin_X : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307251
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_origin_Y : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130726a
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_original : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307351
[EAT:Addr] (firefox.exe) xul.dll - gr_slot_prev_in_segment : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f96cb
[EAT:Addr] (firefox.exe) xul.dll - gr_start_logging : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1379c10
[EAT:Addr] (firefox.exe) xul.dll - gr_stop_logging : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13ad9ec
[EAT:Addr] (firefox.exe) xul.dll - gr_str_to_tag : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306a60
[EAT:Addr] (firefox.exe) xul.dll - gr_tag_to_str : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1306a8e
[EAT:Addr] (firefox.exe) xul.dll - graphite_start_logging : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1379c10
[EAT:Addr] (firefox.exe) xul.dll - graphite_stop_logging : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13ad9ec
[EAT:Addr] (firefox.exe) xul.dll - hb_blob_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307433
[EAT:Addr] (firefox.exe) xul.dll - hb_blob_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13074ea
[EAT:Addr] (firefox.exe) xul.dll - hb_blob_get_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307533
[EAT:Addr] (firefox.exe) xul.dll - hb_blob_get_empty : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13074bf
[EAT:Addr] (firefox.exe) xul.dll - hb_blob_get_length : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130752b
[EAT:Addr] (firefox.exe) xul.dll - hb_blob_reference : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13074c5
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_add_utf16 : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c4a9
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c30e
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c351
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_get_glyph_infos : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c3f4
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_get_glyph_positions : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c409
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_reverse : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c42d
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_set_direction : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c3c1
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_set_language : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c3e3
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_set_script : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c3d2
[EAT:Addr] (firefox.exe) xul.dll - hb_buffer_set_unicode_funcs : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c395
[EAT:Addr] (firefox.exe) xul.dll - hb_face_create_for_tables : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c7db
[EAT:Addr] (firefox.exe) xul.dll - hb_face_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c86c
[EAT:Addr] (firefox.exe) xul.dll - hb_face_reference : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130c847
[EAT:Addr] (firefox.exe) xul.dll - hb_font_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d11f
[EAT:Addr] (firefox.exe) xul.dll - hb_font_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d192
[EAT:Addr] (firefox.exe) xul.dll - hb_font_funcs_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130ce80
[EAT:Addr] (firefox.exe) xul.dll - hb_font_funcs_set_glyph_contour_point_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d0c3
[EAT:Addr] (firefox.exe) xul.dll - hb_font_funcs_set_glyph_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130cfaf
[EAT:Addr] (firefox.exe) xul.dll - hb_font_funcs_set_glyph_h_advance_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d00b
[EAT:Addr] (firefox.exe) xul.dll - hb_font_funcs_set_glyph_h_kerning_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d067
[EAT:Addr] (firefox.exe) xul.dll - hb_font_set_funcs : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d1e7
[EAT:Addr] (firefox.exe) xul.dll - hb_font_set_ppem : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d26b
[EAT:Addr] (firefox.exe) xul.dll - hb_font_set_scale : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130d252
[EAT:Addr] (firefox.exe) xul.dll - hb_language_from_string : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x130770e
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_collect_lookups : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1313213
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_feature_get_lookups : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1312fd8
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_has_positioning : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x13134cb
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_has_substitution : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1313426
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_language_get_feature_indexes : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1312e8b
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_language_get_feature_tags : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1312ebf
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_language_get_required_feature_index : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1312e1f
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_lookup_collect_glyphs : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131330f
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_script_get_language_tags : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1312d42
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_table_choose_script : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1312ca4
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_layout_table_get_script_tags : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1312c85
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_tag_to_language : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131bbd2
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_tag_to_script : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131ba07
[EAT:Addr] (firefox.exe) xul.dll - hb_ot_tags_from_script : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131b988
[EAT:Addr] (firefox.exe) xul.dll - hb_set_add : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131be0c
[EAT:Addr] (firefox.exe) xul.dll - hb_set_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131bdce
[EAT:Addr] (firefox.exe) xul.dll - hb_set_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131bd5d
[EAT:Addr] (firefox.exe) xul.dll - hb_set_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131bda2
[EAT:Addr] (firefox.exe) xul.dll - hb_set_has : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131bdfb
[EAT:Addr] (firefox.exe) xul.dll - hb_set_is_empty : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131bdd7
[EAT:Addr] (firefox.exe) xul.dll - hb_set_next : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131be19
[EAT:Addr] (firefox.exe) xul.dll - hb_shape : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131be2c
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131bffc
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_get_empty : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c077
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_set_combining_class_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c14c
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_set_compose_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c2c6
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_set_decompose_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c317
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_set_eastasian_width_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c194
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_set_general_category_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c1dc
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_set_mirroring_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c224
[EAT:Addr] (firefox.exe) xul.dll - hb_unicode_funcs_set_script_func : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x131c275
[EAT:Addr] (firefox.exe) xul.dll - jpeg_CreateCompress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11127c0
[EAT:Addr] (firefox.exe) xul.dll - jpeg_CreateDecompress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1101078
[EAT:Addr] (firefox.exe) xul.dll - jpeg_abort : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1101000
[EAT:Addr] (firefox.exe) xul.dll - jpeg_abort_decompress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11011d0
[EAT:Addr] (firefox.exe) xul.dll - jpeg_calc_output_dimensions : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1107700
[EAT:Addr] (firefox.exe) xul.dll - jpeg_consume_input : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1101399
[EAT:Addr] (firefox.exe) xul.dll - jpeg_destroy_compress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11011c4
[EAT:Addr] (firefox.exe) xul.dll - jpeg_destroy_decompress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11011c4
[EAT:Addr] (firefox.exe) xul.dll - jpeg_finish_compress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11128b8
[EAT:Addr] (firefox.exe) xul.dll - jpeg_finish_decompress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11014a3
[EAT:Addr] (firefox.exe) xul.dll - jpeg_finish_output : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110186a
[EAT:Addr] (firefox.exe) xul.dll - jpeg_has_multiple_scans : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110146b
[EAT:Addr] (firefox.exe) xul.dll - jpeg_input_complete : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1101433
[EAT:Addr] (firefox.exe) xul.dll - jpeg_read_header : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1101337
[EAT:Addr] (firefox.exe) xul.dll - jpeg_read_raw_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110176a
[EAT:Addr] (firefox.exe) xul.dll - jpeg_read_scanlines : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11016e0
[EAT:Addr] (firefox.exe) xul.dll - jpeg_resync_to_restart : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110715a
[EAT:Addr] (firefox.exe) xul.dll - jpeg_save_markers : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110725a
[EAT:Addr] (firefox.exe) xul.dll - jpeg_set_defaults : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111b536
[EAT:Addr] (firefox.exe) xul.dll - jpeg_set_quality : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111b4dd
[EAT:Addr] (firefox.exe) xul.dll - jpeg_start_compress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11129a4
[EAT:Addr] (firefox.exe) xul.dll - jpeg_start_decompress : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110154e
[EAT:Addr] (firefox.exe) xul.dll - jpeg_start_output : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110180d
[EAT:Addr] (firefox.exe) xul.dll - jpeg_std_error : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x110aaea
[EAT:Addr] (firefox.exe) xul.dll - jpeg_stdio_dest : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11019b5
[EAT:Addr] (firefox.exe) xul.dll - jpeg_write_raw_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1112ab9
[EAT:Addr] (firefox.exe) xul.dll - jpeg_write_scanlines : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1112a0e
[EAT:Addr] (firefox.exe) xul.dll - nestegg_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11544d4
[EAT:Addr] (firefox.exe) xul.dll - nestegg_duration : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154505
[EAT:Addr] (firefox.exe) xul.dll - nestegg_free_packet : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154f3a
[EAT:Addr] (firefox.exe) xul.dll - nestegg_get_cue_point : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x115458f
[EAT:Addr] (firefox.exe) xul.dll - nestegg_has_cues : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154ffa
[EAT:Addr] (firefox.exe) xul.dll - nestegg_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154331
[EAT:Addr] (firefox.exe) xul.dll - nestegg_offset_seek : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11547b7
[EAT:Addr] (firefox.exe) xul.dll - nestegg_packet_count : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154fa8
[EAT:Addr] (firefox.exe) xul.dll - nestegg_packet_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154fc2
[EAT:Addr] (firefox.exe) xul.dll - nestegg_packet_discard_padding : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154f92
[EAT:Addr] (firefox.exe) xul.dll - nestegg_packet_track : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154f6d
[EAT:Addr] (firefox.exe) xul.dll - nestegg_packet_tstamp : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154f7c
[EAT:Addr] (firefox.exe) xul.dll - nestegg_read_packet : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154e80
[EAT:Addr] (firefox.exe) xul.dll - nestegg_sniff : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1155023
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_audio_params : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154d70
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_codec_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154a4b
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_codec_data_count : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11549db
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_codec_id : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154953
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_count : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x115457c
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_seek : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154812
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_type : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11548f8
[EAT:Addr] (firefox.exe) xul.dll - nestegg_track_video_params : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154bc1
[EAT:Addr] (firefox.exe) xul.dll - nestegg_tstamp_scale : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1154567
[EAT:Addr] (firefox.exe) xul.dll - ogg_page_bos : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fff17
[EAT:Addr] (firefox.exe) xul.dll - ogg_page_granulepos : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fff25
[EAT:Addr] (firefox.exe) xul.dll - ogg_page_serialno : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fffa9
[EAT:Addr] (firefox.exe) xul.dll - ogg_set_mem_functions : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11ffbbe
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_check : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120004a
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120005e
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_eos : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12005ab
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_flush : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1200554
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11fffcf
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_packetin : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1200318
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_packetout : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1200c0b
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_pagein : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1200801
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_pageout : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1200568
[EAT:Addr] (firefox.exe) xul.dll - ogg_stream_reset : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1200ad3
[EAT:Addr] (firefox.exe) xul.dll - ogg_sync_buffer : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120060d
[EAT:Addr] (firefox.exe) xul.dll - ogg_sync_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12005e4
[EAT:Addr] (firefox.exe) xul.dll - ogg_sync_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12005c7
[EAT:Addr] (firefox.exe) xul.dll - ogg_sync_pageseek : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12006af
[EAT:Addr] (firefox.exe) xul.dll - ogg_sync_reset : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1200ab2
[EAT:Addr] (firefox.exe) xul.dll - ogg_sync_wrote : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120068d
[EAT:Addr] (firefox.exe) xul.dll - opus_decode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1145fe8
[EAT:Addr] (firefox.exe) xul.dll - opus_decode_float : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11460b6
[EAT:Addr] (firefox.exe) xul.dll - opus_decoder_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1145403
[EAT:Addr] (firefox.exe) xul.dll - opus_decoder_ctl : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11460e4
[EAT:Addr] (firefox.exe) xul.dll - opus_decoder_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307956
[EAT:Addr] (firefox.exe) xul.dll - opus_decoder_get_nb_samples : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1146327
[EAT:Addr] (firefox.exe) xul.dll - opus_decoder_get_size : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114530e
[EAT:Addr] (firefox.exe) xul.dll - opus_decoder_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114533f
[EAT:Addr] (firefox.exe) xul.dll - opus_encode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1149206
[EAT:Addr] (firefox.exe) xul.dll - opus_encode_float : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11492cf
[EAT:Addr] (firefox.exe) xul.dll - opus_encoder_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1146aa7
[EAT:Addr] (firefox.exe) xul.dll - opus_encoder_ctl : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114933c
[EAT:Addr] (firefox.exe) xul.dll - opus_encoder_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307956
[EAT:Addr] (firefox.exe) xul.dll - opus_encoder_get_size : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114638b
[EAT:Addr] (firefox.exe) xul.dll - opus_encoder_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11463bd
[EAT:Addr] (firefox.exe) xul.dll - opus_get_version_string : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x112de3d
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_decode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1149fcb
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_decode_float : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1149ff3
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_decoder_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1149b7b
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_decoder_ctl : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114a01b
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_decoder_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307956
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_decoder_get_size : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1149a46
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_decoder_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1149a93
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_encode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114b401
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_encode_float : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114b3d9
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_encoder_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114abe3
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_encoder_ctl : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114b429
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_encoder_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307956
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_encoder_get_size : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114a828
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_encoder_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114aab0
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_packet_pad : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114bc14
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_packet_unpad : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114bcaf
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_surround_encoder_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114ac7c
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_surround_encoder_get_size : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114a875
[EAT:Addr] (firefox.exe) xul.dll - opus_multistream_surround_encoder_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114aad4
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_get_bandwidth : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11461ff
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_get_nb_channels : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11462a7
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_get_nb_frames : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11462b6
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_get_nb_samples : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11462eb
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_get_samples_per_frame : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1146246
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_pad : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114bb19
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_parse : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11452eb
[EAT:Addr] (firefox.exe) xul.dll - opus_packet_unpad : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114bba8
[EAT:Addr] (firefox.exe) xul.dll - opus_pcm_soft_clip : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1144c85
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_cat : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114b7fb
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114b748
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307956
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_get_nb_frames : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f96cb
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_get_size : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114b739
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114b73f
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_out : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114bafa
[EAT:Addr] (firefox.exe) xul.dll - opus_repacketizer_out_range : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x114bad1
[EAT:Addr] (firefox.exe) xul.dll - opus_strerror : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x112de1e
[EAT:Addr] (firefox.exe) xul.dll - qcms_data_from_path : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f985b
[EAT:Addr] (firefox.exe) xul.dll - qcms_data_from_unicode_path : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f98ca
[EAT:Addr] (firefox.exe) xul.dll - qcms_enable_iccv4 : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12fbd1e
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_create_rgb_with_gamma : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f9034
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_from_memory : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f9230
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_from_path : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f982a
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_from_unicode_path : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f9899
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_get_color_space : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f96cb
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_get_rendering_intent : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1307351
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_is_bogus : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f811b
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_precache_output_transform : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12fb730
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_release : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f96d3
[EAT:Addr] (firefox.exe) xul.dll - qcms_profile_sRGB : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12f916e
[EAT:Addr] (firefox.exe) xul.dll - qcms_transform_create : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12fb955
[EAT:Addr] (firefox.exe) xul.dll - qcms_transform_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12fbd03
[EAT:Addr] (firefox.exe) xul.dll - qcms_transform_release : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12fb630
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120923b
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_get_input_latency : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12099b0
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_get_input_stride : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209994
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_get_output_latency : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12099ba
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_get_output_stride : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12099a2
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_get_quality : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120997a
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_get_rate : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209870
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_get_ratio : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209937
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209113
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_init_frac : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209137
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_process_float : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209370
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_process_int : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12094a6
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_process_interleaved_float : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120970c
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_process_interleaved_int : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12097a5
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_reset_mem : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209a25
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_set_input_stride : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209988
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_set_output_stride : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120bd4b
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_set_quality : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x120994e
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_set_rate : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209854
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_set_rate_frac : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209886
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_set_skip_frac_num : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12099f8
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_skip_zeros : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12099d7
[EAT:Addr] (firefox.exe) xul.dll - speex_resampler_strerror : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1209a76
[EAT:Addr] (firefox.exe) xul.dll - th_comment_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1206968
[EAT:Addr] (firefox.exe) xul.dll - th_comment_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111fdbf
[EAT:Addr] (firefox.exe) xul.dll - th_decode_alloc : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1205132
[EAT:Addr] (firefox.exe) xul.dll - th_decode_free : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1205180
[EAT:Addr] (firefox.exe) xul.dll - th_decode_headerin : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12029aa
[EAT:Addr] (firefox.exe) xul.dll - th_decode_packetin : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1205359
[EAT:Addr] (firefox.exe) xul.dll - th_decode_ycbcr_out : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1205816
[EAT:Addr] (firefox.exe) xul.dll - th_granule_frame : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12082b3
[EAT:Addr] (firefox.exe) xul.dll - th_info_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1206956
[EAT:Addr] (firefox.exe) xul.dll - th_info_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1206931
[EAT:Addr] (firefox.exe) xul.dll - th_packet_isheader : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1206a29
[EAT:Addr] (firefox.exe) xul.dll - th_packet_iskeyframe : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1206a3f
[EAT:Addr] (firefox.exe) xul.dll - th_setup_free : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x12029ff
[EAT:Addr] (firefox.exe) xul.dll - vorbis_analysis : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1121e4c
[EAT:Addr] (firefox.exe) xul.dll - vorbis_analysis_blockout : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1122afa
[EAT:Addr] (firefox.exe) xul.dll - vorbis_analysis_buffer : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1122849
[EAT:Addr] (firefox.exe) xul.dll - vorbis_analysis_headerout : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1120964
[EAT:Addr] (firefox.exe) xul.dll - vorbis_analysis_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11225a8
[EAT:Addr] (firefox.exe) xul.dll - vorbis_analysis_wrote : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11229d8
[EAT:Addr] (firefox.exe) xul.dll - vorbis_block_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1122113
[EAT:Addr] (firefox.exe) xul.dll - vorbis_block_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1121fdf
[EAT:Addr] (firefox.exe) xul.dll - vorbis_comment_add_tag : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111fe4b
[EAT:Addr] (firefox.exe) xul.dll - vorbis_comment_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111feb5
[EAT:Addr] (firefox.exe) xul.dll - vorbis_comment_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111fdbf
[EAT:Addr] (firefox.exe) xul.dll - vorbis_dsp_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1122635
[EAT:Addr] (firefox.exe) xul.dll - vorbis_encode_init_vbr : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x112ba21
[EAT:Addr] (firefox.exe) xul.dll - vorbis_info_clear : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111ff41
[EAT:Addr] (firefox.exe) xul.dll - vorbis_info_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x111ff1c
[EAT:Addr] (firefox.exe) xul.dll - vorbis_packet_blocksize : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x112a642
[EAT:Addr] (firefox.exe) xul.dll - vorbis_synthesis : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x112a4bc
[EAT:Addr] (firefox.exe) xul.dll - vorbis_synthesis_blockin : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1122e23
[EAT:Addr] (firefox.exe) xul.dll - vorbis_synthesis_headerin : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x112050e
[EAT:Addr] (firefox.exe) xul.dll - vorbis_synthesis_init : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1122df6
[EAT:Addr] (firefox.exe) xul.dll - vorbis_synthesis_pcmout : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11233f4
[EAT:Addr] (firefox.exe) xul.dll - vorbis_synthesis_read : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1123444
[EAT:Addr] (firefox.exe) xul.dll - vorbis_synthesis_restart : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1122d97
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_control_ : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4137
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_dec_init_ver : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4269
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_decode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4397
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_destroy : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f40f8
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_enc_config_default : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f44dd
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_enc_config_set : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4713
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_enc_init_ver : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4412
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_encode : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4538
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_get_cx_data : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4635
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_get_frame : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f43e5
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_peek_stream_info : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f435b
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_vp8_cx : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11b1187
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_vp8_dx : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1157237
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_vp9_cx : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f37a9
[EAT:Addr] (firefox.exe) xul.dll - vpx_codec_vp9_dx : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f40f2
[EAT:Addr] (firefox.exe) xul.dll - vpx_img_alloc : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f49b1
[EAT:Addr] (firefox.exe) xul.dll - vpx_img_free : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f4afc
[EAT:Addr] (firefox.exe) xul.dll - vpx_img_set_rect : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f49f3
[EAT:Addr] (firefox.exe) xul.dll - vpx_img_wrap : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x11f49d2
[EAT:Addr] (firefox.exe) xul.dll - vpx_mem_set_functions : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x137e37c
[EAT:Addr] (firefox.exe) xul.dll - writeAudioTrack : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410a3f
[EAT:Addr] (firefox.exe) xul.dll - writeHeader : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x14107ef
[EAT:Addr] (firefox.exe) xul.dll - writeSegmentInformation : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410b07
[EAT:Addr] (firefox.exe) xul.dll - writeSimpleBlock : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410878
[EAT:Addr] (firefox.exe) xul.dll - writeVideoTrack : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410946

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 6fc9173a01de81a9f2395723904e3766
[bSP] 80d7963374746af4bf7fe887b706984c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 293931 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 601971615 | Size: 11311 MB
User = LL1 ... OK
User = LL2 ... OK

keukaharv · June 30, 2014

Please let me know when I can kill this thing. Thanks so much.

kevinf80 · June 30, 2014

Run FRST one more time:

Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Kevin...

keukaharv · June 30, 2014

Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Harv at 2014-06-30 17:35:29
Running from C:\Documents and Settings\Harv\My Documents\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2010-03-30 23:49][2009-02-09 08:10] 0408576 ____A (Microsoft Corporation) 6e7bc44bf0ec41e7f81cd514c9f73f8d

C:\WINDOWS\system32\dllcache\rpcss.dll
[2010-03-30 23:30][2009-02-09 08:10] 0408576 ___AC (Microsoft Corporation) 66f269c96cbb8c9671d9f41e38541376

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2010-03-30 23:30][2009-02-09 06:56] 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2      [File is signed]

=== End Of Search ===

kevinf80 · June 30, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes 2.0, run a Threat Scan

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Let me see those logs, also give an update on any remaining issues or concerns..

Kevin

fixlist.txt

keukaharv · June 30, 2014

Here is FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Harv (administrator) on HARV-XP on 30-06-2014 09:09:49
Running from C:\Documents and Settings\Harv\My Documents\Downloads
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\00THotkey.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TouchED\TouchED.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
(TOSHIBA Corp.) C:\WINDOWS\system32\TFNF5.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSODDCtl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM\...\Run: [00THotkey] => C:\WINDOWS\system32\00THotkey.exe [286720 2010-04-28] (TOSHIBA Corporation)
HKLM\...\Run: [000StTHK] => C:\WINDOWS\system32\000StTHK.exe [24576 2001-06-24] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18782720 2009-11-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [241664 2009-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [iTSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [TMERzCtl.EXE] => C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [90112 2009-12-09] (TOSHIBA)
HKLM\...\Run: [TMESRV.EXE] => C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [126976 2005-12-14] (TOSHIBA)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
HKLM\...\Run: [TouchED] => C:\Program Files\TOSHIBA\TouchED\TouchED.exe [126976 2005-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [intelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1392640 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1206544 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [TOSDCR] => C:\WINDOWS\system32\TOSDCR.EXE [57344 2005-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\WINDOWS\system32\thpsrv /logon
HKLM\...\Run: [TFncKy] => TFncKy.exe
HKLM\...\Run: [TFNF5] => C:\WINDOWS\system32\TFNF5.exe [1140032 2010-02-02] (TOSHIBA Corp.)
HKLM\...\Run: [TPSODDCtl] => C:\WINDOWS\system32\TPSODDCtl.exe [133696 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [326208 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosHKCW.exe] => C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [225280 2009-07-02] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [DDWMon] => C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] => C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [253312 2009-10-26] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CFSServ.exe] => CFSServ.exe -NoClient
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-03-31] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368 2007-04-25] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {c6fbced5-8d25-11e0-b96e-002710575b94} - E:\SISetup.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {f3e1346d-efd8-11e3-bfd2-002710575b94} - E:\LaunchU3.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {f3e37a38-55ba-11e1-bad5-002710575b94} - E:\autorun.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\Harv\Start Menu\Programs\Startup\Shortcut to taskmgr.lnk
ShortcutTarget: Shortcut to taskmgr.lnk -> C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
DPF: {0E7BF51C-B11F-49EF-90C5-33FF6ED08C54} http://vc.omicsgroup.net/autodownload/ConfAUpdate.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297578536046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://myhknetwork.hkusa.com/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12-16655/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Harv\Application Data\Mozilla\Firefox\Profiles\1gtwbykv.default-1397427405718
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Harv\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-30]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-02-13]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-31]

========================== Services (Whitelisted) =================

S3 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [408576 2009-02-09] (Microsoft Corporation) [File not signed]
S3 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-02-13] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 MySQL; C:\MySQLServer5.0\my.ini [9203 2013-04-24] () [File not signed]
S3 napagent; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [123320 2011-05-09] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [408576 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [954368 2009-09-21] (Intel® Corporation) [File not signed]
S3 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation)
R2 Tmesrv; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [126976 2005-12-14] (TOSHIBA) [File not signed]
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-05] (TOSHIBA Corporation)
S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2010-02-05] (TOSHIBA Corporation)
S2 W32Time; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S2 WebClient; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1659624 2011-08-18] (RealVNC Ltd)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-06] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [160424 2009-09-23] (Intel Corporation)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-18] (Infineon Technologies AG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-30] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 mv2; C:\WINDOWS\System32\DRIVERS\mv2.sys [10304 2008-02-10] (UVNC BVBA)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-15] (Intel Corporation)
R3 pflt; C:\WINDOWS\System32\DRIVERS\vfilter.sys [24192 2010-09-02] (Shrew Soft Inc)
R2 risdpcie; C:\WINDOWS\System32\DRIVERS\risdpe86.sys [48128 2009-11-28] (REDC)
R2 rixdpcie; C:\WINDOWS\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2009-08-10] (Intel Corporation)
R2 tdudf; C:\WINDOWS\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
R1 TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [5888 2004-06-16] (Toshiba Corporation) [File not signed]
R2 trudf; C:\WINDOWS\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
R2 TVALZFL; C:\WINDOWS\System32\DRIVERS\TVALZFL.sys [4992 2008-05-01] (TOSHIBA Corporation) [File not signed]
R3 vncmirror; C:\WINDOWS\System32\DRIVERS\vncmirror.sys [4608 2011-08-18] (RealVNC Ltd.)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [280344 2005-01-26] (Zone Labs LLC)
S2 ASPI32; No ImagePath
S3 ATSwpWDF; System32\Drivers\ATSwpWDF.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 IntelIde; No ImagePath
U2 SENS;
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-30 09:09 - 2014-06-30 09:09 - 00000000 ____D () C:\FRST
2014-06-30 08:59 - 2014-06-30 08:59 - 00000314 _____ () C:\WINDOWS\Tasks\HP WEP.job
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Real
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-06-29 18:15 - 2014-06-29 18:15 - 00001824 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000793 _____ () C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-06-29 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-29 14:23 - 2014-06-29 14:23 - 00000000 ____D () C:\Program Files\ESET
2014-06-29 13:04 - 2014-06-29 13:04 - 00321220 ____S () C:\WINDOWS\system32\ueuj.pfi
2014-06-26 18:18 - 2014-06-26 18:22 - 00010434 _____ () C:\Documents and Settings\Harv\My Documents\Pain Au Levain.xlsx
2014-06-25 11:19 - 2014-06-25 11:20 - 00004775 _____ () C:\WirelessDiagLog.csv
2014-06-18 08:18 - 2014-06-18 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 18:11 - 2014-06-23 09:18 - 00009332 _____ () C:\Documents and Settings\Harv\Desktop\New Client Sums.xlsx
2014-06-17 17:42 - 2014-06-17 18:11 - 00462848 _____ () C:\Documents and Settings\Harv\My Documents\ACCC.accdb
2014-06-16 20:26 - 2014-06-30 09:05 - 00000035 _____ () C:\WINDOWS\Ulead32.INI
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Program Files\Microtek
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Kpcms
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microtek ScanWizard 5 for Windows
2014-06-16 20:20 - 2007-04-11 09:47 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM20w.dll
2014-06-16 20:20 - 2007-01-16 14:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM24w.dll
2014-06-16 20:20 - 2006-04-25 22:14 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM23w.dll
2014-06-16 20:20 - 2005-07-22 11:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM21w.dll
2014-06-16 20:20 - 2005-07-01 14:05 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM22w.dll
2014-06-16 20:20 - 2005-03-07 13:54 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM1FW.dll
2014-06-16 20:20 - 2005-03-02 09:17 - 00030557 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD17.dll
2014-06-16 20:20 - 2005-01-26 19:30 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM0Aw.dll
2014-06-16 20:20 - 2004-12-02 18:27 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSM0Bw.dll
2014-06-16 20:20 - 2004-07-19 08:44 - 00044491 _____ () C:\WINDOWS\system32\MiiIniFile13.ini
2014-06-16 20:20 - 2004-07-16 18:20 - 00126976 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM13w.dll
2014-06-16 20:20 - 2004-07-16 14:53 - 00118784 _____ (Realtek) C:\WINDOWS\system32\MiiRTS8822.dll
2014-06-16 20:20 - 2004-04-12 11:27 - 00106496 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM1CW.dll
2014-06-16 20:20 - 2004-03-25 14:38 - 00114688 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM17W.dll
2014-06-16 20:20 - 2004-02-18 09:28 - 00035589 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD12.dll
2014-06-16 20:20 - 2004-02-18 09:27 - 00030565 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD15.dll
2014-06-16 20:20 - 2004-01-08 11:39 - 00184320 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM0CW.dll
2014-06-16 20:20 - 2003-10-08 15:26 - 00208896 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM08w.dll
2014-06-16 20:20 - 2003-08-11 12:54 - 00204800 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSME6w.dll
2014-06-16 20:20 - 2003-07-18 11:42 - 00030565 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD13.dll
2014-06-16 20:20 - 2003-07-17 16:12 - 00012499 _____ (Microtek International Inc.) C:\WINDOWS\system32\Msmusd7.dll
2014-06-16 20:20 - 2003-07-08 18:06 - 00192512 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSME4W.dll
2014-06-16 20:20 - 2003-06-11 12:03 - 00015396 _____ (Microtek International Inc.) C:\WINDOWS\system32\Msmusd5.dll
2014-06-16 20:20 - 2003-05-07 12:02 - 00208896 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSME5w.dll
2014-06-16 20:20 - 2003-05-01 19:14 - 00030053 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD11.dll
2014-06-16 20:20 - 2003-04-24 19:00 - 00035589 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD10.dll
2014-06-16 20:20 - 2003-03-19 16:57 - 00030013 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD9.dll
2014-06-16 20:20 - 2003-03-07 08:56 - 00098304 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMD8w.dll
2014-06-16 20:20 - 2002-10-30 15:21 - 00062947 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMC1W.dll
2014-06-16 20:20 - 2002-10-21 11:06 - 00038215 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSM8BW.dll
2014-06-16 20:20 - 2002-10-08 18:53 - 00041733 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMB1W.dll
2014-06-16 20:20 - 2002-07-16 15:29 - 00067522 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMD9W.dll
2014-06-16 20:20 - 2002-04-18 15:46 - 00073601 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMD4W.dll
2014-06-16 20:20 - 2002-03-27 16:34 - 00072584 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMCFw.dll
2014-06-16 20:20 - 2002-02-06 10:37 - 00030030 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD7.dll
2014-06-16 20:20 - 2001-12-26 08:47 - 00035563 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMWUD.dll
2014-06-16 20:20 - 2001-12-18 14:48 - 00062462 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMCEw.dll
2014-06-16 20:20 - 2001-10-22 11:28 - 00035246 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMBDW.dll
2014-06-16 20:20 - 2001-10-22 11:28 - 00034720 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMB0W.dll
2014-06-16 20:20 - 2001-08-29 13:22 - 00035906 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMC9W.dll
2014-06-16 20:20 - 2001-08-29 13:22 - 00035906 _____ (Microtek International Inc.) C:\WINDOWS\system32\MSMA7W.dll
2014-06-16 20:20 - 2001-06-20 15:44 - 00013962 _____ ( Microtek International Inc.) C:\WINDOWS\system32\Msmusd6.dll
2014-06-16 20:20 - 1998-09-14 08:41 - 00285216 _____ () C:\WINDOWS\system32\Drivers\Onsio.sys
2014-06-16 20:20 - 1998-08-01 12:00 - 00060928 _____ (OnSpec Electronic, Inc.) C:\WINDOWS\system32\Drivers\Smplscsi.sys
2014-06-16 20:20 - 1997-02-14 13:10 - 00007680 _____ () C:\WINDOWS\system32\Drivers\Onsreged.sys
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\Harv\Start Menu\Programs\HP
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2014-06-09 10:30 - 2010-06-29 15:15 - 00286720 _____ (Software 2000 Limited) C:\WINDOWS\system32\HP1006LM.DLL
2014-06-09 10:30 - 2010-01-13 12:43 - 00080399 _____ () C:\WINDOWS\system32\WRes1200.txt
2014-06-09 10:30 - 2010-01-13 12:43 - 00001071 _____ () C:\WINDOWS\system32\W600dpi.txt
2014-06-09 10:30 - 2010-01-13 12:42 - 00080399 _____ () C:\WINDOWS\system32\HRes600.txt
2014-06-09 10:30 - 2010-01-13 12:42 - 00080399 _____ () C:\WINDOWS\system32\HRes1200.txt
2014-06-09 10:30 - 2010-01-13 12:42 - 00065536 _____ () C:\WINDOWS\system32\HPPLVS.dll
2014-06-09 10:29 - 2014-06-09 10:30 - 00000000 ___HD () C:\Program Files\Avago-HP
2014-06-09 10:27 - 2014-06-09 10:29 - 00000000 ____D () C:\hp_P1000_P1500_Full_Solution

==================== One Month Modified Files and Folders =======

2014-06-30 09:10 - 2011-02-12 13:22 - 00000000 ____D () C:\Documents and Settings\Harv\Local Settings\Temp
2014-06-30 09:09 - 2014-06-30 09:09 - 00000000 ____D () C:\FRST
2014-06-30 09:09 - 2011-07-14 20:09 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-30 09:06 - 2010-03-30 15:07 - 00000211 _____ () C:\WINDOWS\wiadebug.log
2014-06-30 09:05 - 2014-06-16 20:26 - 00000035 _____ () C:\WINDOWS\Ulead32.INI
2014-06-30 09:05 - 2010-03-30 23:49 - 00000644 _____ () C:\WINDOWS\win.ini
2014-06-30 08:59 - 2014-06-30 08:59 - 00000314 _____ () C:\WINDOWS\Tasks\HP WEP.job
2014-06-30 08:50 - 2014-04-11 09:42 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 08:50 - 2014-04-04 07:59 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-30 08:50 - 2014-04-04 07:59 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-30 08:50 - 2010-03-30 23:49 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-30 08:49 - 2010-03-30 15:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-30 08:48 - 2014-03-31 10:30 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-30 08:48 - 2013-07-05 20:48 - 03988164 _____ () C:\video0.dat
2014-06-30 08:48 - 2012-03-13 10:19 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 08:48 - 2010-03-30 23:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-29 20:43 - 2012-12-11 19:50 - 04246711 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3351214520-3263132721-647948471-1013-0.dat
2014-06-29 20:43 - 2012-12-11 19:50 - 00293046 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-06-29 20:43 - 2012-05-12 11:14 - 01788160 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-06-29 20:43 - 2011-02-12 13:22 - 00000178 ___SH () C:\Documents and Settings\Harv\ntuser.ini
2014-06-29 20:43 - 2010-03-30 23:11 - 00032450 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-29 20:43 - 2010-03-30 23:08 - 01689747 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-29 20:31 - 2012-03-13 10:19 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 19:47 - 2014-03-31 10:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-29 18:17 - 2011-12-28 21:01 - 00072912 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Real
2014-06-29 18:16 - 2014-06-29 18:16 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-06-29 18:16 - 2011-12-28 21:01 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp
2014-06-29 18:15 - 2014-06-29 18:15 - 00001824 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000793 _____ () C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
2014-06-29 18:15 - 2014-06-29 18:15 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-06-29 18:15 - 2011-12-28 21:01 - 00000799 _____ () C:\Documents and Settings\Guest\Start Menu\Programs\Windows Media Player.lnk
2014-06-29 15:37 - 2013-12-18 18:24 - 00000000 ____D () C:\AdwCleaner
2014-06-29 15:37 - 2011-02-12 13:22 - 00000000 ____D () C:\Documents and Settings\Harv
2014-06-29 14:23 - 2014-06-29 14:23 - 00000000 ____D () C:\Program Files\ESET
2014-06-29 13:50 - 2011-02-11 07:20 - 00000000 ____D () C:\Temp
2014-06-29 13:04 - 2014-06-29 13:04 - 00321220 ____S () C:\WINDOWS\system32\ueuj.pfi
2014-06-29 12:43 - 2010-03-30 15:06 - 00419287 _____ () C:\WINDOWS\setupapi.log
2014-06-29 12:43 - 2010-03-30 15:06 - 00211590 _____ () C:\WINDOWS\setupact.log
2014-06-26 18:22 - 2014-06-26 18:18 - 00010434 _____ () C:\Documents and Settings\Harv\My Documents\Pain Au Levain.xlsx
2014-06-25 11:20 - 2014-06-25 11:19 - 00004775 _____ () C:\WirelessDiagLog.csv
2014-06-24 11:25 - 2013-09-11 15:25 - 00000000 ____D () C:\Documents and Settings\Harv\My Documents\WineComp
2014-06-24 11:25 - 2011-12-06 18:02 - 00000000 ____D () C:\Documents and Settings\Harv\My Documents\PYFC
2014-06-24 08:25 - 2013-05-09 08:25 - 00000406 _____ () C:\WINDOWS\Tasks\At1.job
2014-06-23 21:32 - 2011-03-23 14:00 - 00000000 ____D () C:\Documents and Settings\Harv\Application Data\com.oxygenxml
2014-06-23 14:35 - 2013-10-22 12:41 - 00000000 ____D () C:\Documents and Settings\Harv\My Documents\FLCMF
2014-06-23 09:18 - 2014-06-17 18:11 - 00009332 _____ () C:\Documents and Settings\Harv\Desktop\New Client Sums.xlsx
2014-06-19 10:09 - 2014-04-24 18:35 - 00000000 ____D () C:\Documents and Settings\Harv\Local Settings\Application Data\join.me
2014-06-19 07:20 - 2012-05-04 13:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 08:18 - 2014-06-18 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 18:11 - 2014-06-17 17:42 - 00462848 _____ () C:\Documents and Settings\Harv\My Documents\ACCC.accdb
2014-06-17 08:29 - 2013-05-20 16:10 - 00149504 ___SH () C:\Documents and Settings\Harv\Desktop\Thumbs.db
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Program Files\Microtek
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Kpcms
2014-06-16 20:20 - 2014-06-16 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microtek ScanWizard 5 for Windows
2014-06-16 20:20 - 2010-03-30 23:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-16 20:20 - 2010-03-30 15:02 - 00000000 ____D () C:\WINDOWS\twain_32
2014-06-16 09:51 - 2014-03-08 11:36 - 00000000 ___RD () C:\Documents and Settings\Harv\My Documents\Dropbox
2014-06-13 07:59 - 2014-04-04 07:59 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3351214520-3263132721-647948471-1013.job
2014-06-10 13:38 - 2013-11-15 09:02 - 00557056 _____ () C:\Documents and Settings\Harv\My Documents\DBTesting.accdb
2014-06-10 07:45 - 2011-06-02 10:39 - 00000000 ____D () C:\Program Files\HP
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\Harv\Start Menu\Programs\HP
2014-06-09 10:30 - 2014-06-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2014-06-09 10:30 - 2014-06-09 10:29 - 00000000 ___HD () C:\Program Files\Avago-HP
2014-06-09 10:30 - 2011-06-02 10:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-06-09 10:29 - 2014-06-09 10:27 - 00000000 ____D () C:\hp_P1000_P1500_Full_Solution

ZeroAccess:
C:\Windows\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}
C:\Windows\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}\@

ZeroAccess:
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81}
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81}\@
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81}\L\00000004.@

Files to move or delete:
====================
C:\Documents and Settings\Harv\appa.bat
C:\Documents and Settings\Harv\gotoehs.bat
C:\Documents and Settings\Harv\gotomm.bat
C:\Documents and Settings\Harv\gotomm37.bat
C:\Documents and Settings\Harv\groovy.bat
C:\Documents and Settings\Harv\iet.bat
C:\Windows\Tasks\At1.job

Some content of TEMP:
====================
C:\Documents and Settings\Guest\Local Settings\Temp\tmp7.exe
C:\Documents and Settings\Harv\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Meggy\Local Settings\Temp\tmpCC.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2010-03-30 23:49] - [2009-02-09 08:10] - 0408576 ____A (Microsoft Corporation) 6e7bc44bf0ec41e7f81cd514c9f73f8d

keukaharv · June 30, 2014

MBAM log (nothing found):

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/30/2014
Scan Time: 6:19:08 PM
Logfile: ScanLog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.30.10
Rootkit Database: v2014.06.30.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Harv

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375492
Time Elapsed: 15 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

keukaharv · June 30, 2014

ADW log below. JRT does not execute. It seems to look for a .bat file in some temp directly and says there is no file association.

# AdwCleaner v3.214 - Report created 30/06/2014 at 18:48:13
# Updated 29/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Harv - HARV-XP
# Running from : C:\Documents and Settings\Harv\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Malware Protector
Folder Deleted : C:\Program Files\WinZip Malware Protector

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Harv\Application Data\Mozilla\Firefox\Profiles\1gtwbykv.default-1397427405718\prefs.js ]

-\\ Google Chrome v35.0.1916.153

*************************

AdwCleaner[R0].txt - [3994 octets] - [18/12/2013 18:24:50]
AdwCleaner[R10].txt - [2126 octets] - [26/01/2014 17:08:13]
AdwCleaner[R11].txt - [2049 octets] - [14/03/2014 13:55:47]
AdwCleaner[R12].txt - [1958 octets] - [29/06/2014 15:36:09]
AdwCleaner[R13].txt - [2166 octets] - [30/06/2014 18:46:35]
AdwCleaner[R1].txt - [1206 octets] - [19/12/2013 09:33:40]
AdwCleaner[R2].txt - [3520 octets] - [26/12/2013 11:19:23]
AdwCleaner[R3].txt - [3861 octets] - [30/12/2013 16:41:01]
AdwCleaner[R4].txt - [3921 octets] - [03/01/2014 11:57:45]
AdwCleaner[R5].txt - [1504 octets] - [03/01/2014 12:08:24]
AdwCleaner[R6].txt - [1624 octets] - [03/01/2014 12:20:13]
AdwCleaner[R7].txt - [1684 octets] - [10/01/2014 14:35:02]
AdwCleaner[R8].txt - [1918 octets] - [14/01/2014 15:20:41]
AdwCleaner[R9].txt - [1864 octets] - [14/01/2014 15:31:55]
AdwCleaner[s0].txt - [4137 octets] - [18/12/2013 18:25:12]
AdwCleaner[s1].txt - [3867 octets] - [03/01/2014 11:58:56]
AdwCleaner[s2].txt - [1565 octets] - [03/01/2014 12:09:27]
AdwCleaner[s3].txt - [1896 octets] - [14/01/2014 15:23:37]
AdwCleaner[s4].txt - [2194 octets] - [26/01/2014 17:09:30]
AdwCleaner[s5].txt - [2021 octets] - [29/06/2014 15:37:22]
AdwCleaner[s6].txt - [2090 octets] - [30/06/2014 18:48:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [2150 octets] ##########

kevinf80 · June 30, 2014

Go back to reply #10 and follow the instructions for FRST, you have ran another Scan not what was instructed.....

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

keukaharv · June 30, 2014

JRT would not execute. It seems to be linked to a bat file elsewhere. Let me see how things go for a while, and I will update you tomorrow. Have a nice evening, Kevin.

kevinf80 · June 30, 2014

You have not followed the instructions that I posted for FRST in reply #10, I also reiterated that again in reply #14. Your system is infected with ZeroAccess Rootkit infection, you must follow the instructions I post or the infection will not be removed.......

keukaharv · July 1, 2014

Kevin, this appears to be resolved. Thank you so very much.

keukaharv · July 1, 2014

This was the fixlog, sorry I missed that.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Harv at 2014-06-30 18:15:04 Run:1
Running from C:\Documents and Settings\Harv\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\dllcache\rpcss.dll
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {c6fbced5-8d25-11e0-b96e-002710575b94} - E:\SISetup.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {f3e1346d-efd8-11e3-bfd2-002710575b94} - E:\LaunchU3.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...\MountPoints2: {f3e37a38-55ba-11e1-bad5-002710575b94} - E:\autorun.exe
HKU\S-1-5-21-3351214520-3263132721-647948471-1013\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S2 ASPI32; No ImagePath
S3 ATSwpWDF; System32\Drivers\ATSwpWDF.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 IntelIde; No ImagePath
U2 SENS;
U1 WS2IFSL;
2014-06-29 13:04 - 2014-06-29 13:04 - 00321220 ____S () C:\WINDOWS\system32\ueuj.pfi
2014-06-24 08:25 - 2013-05-09 08:25 - 00000406 _____ () C:\WINDOWS\Tasks\At1.job
C:\Windows\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81}
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81}
C:\Documents and Settings\Harv\appa.bat
C:\Documents and Settings\Harv\gotoehs.bat
C:\Documents and Settings\Harv\gotomm.bat
C:\Documents and Settings\Harv\gotomm37.bat
C:\Documents and Settings\Harv\groovy.bat
C:\Documents and Settings\Harv\iet.bat
C:\Documents and Settings\Guest\Local Settings\Temp\tmp7.exe
C:\Documents and Settings\Harv\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Meggy\Local Settings\Temp\tmpCC.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Harv\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
End
*****************

C:\WINDOWS\system32\rpcss.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\rpcss.dll
C:\WINDOWS\system32\dllcache\rpcss.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\dllcache\rpcss.dll
'HKU\S-1-5-21-3351214520-3263132721-647948471-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6fbced5-8d25-11e0-b96e-002710575b94}' => Key deleted successfully.
'HKCR\CLSID\{c6fbced5-8d25-11e0-b96e-002710575b94}'=> Key not found.
'HKU\S-1-5-21-3351214520-3263132721-647948471-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e1346d-efd8-11e3-bfd2-002710575b94}' => Key deleted successfully.
'HKCR\CLSID\{f3e1346d-efd8-11e3-bfd2-002710575b94}'=> Key not found.
'HKU\S-1-5-21-3351214520-3263132721-647948471-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e37a38-55ba-11e1-bad5-002710575b94}' => Key deleted successfully.
'HKCR\CLSID\{f3e37a38-55ba-11e1-bad5-002710575b94}'=> Key not found.
'HKU\S-1-5-21-3351214520-3263132721-647948471-1013\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
ASPI32 => Service deleted successfully.
ATSwpWDF => Service deleted successfully.
dgderdrv => Service deleted successfully.
IntelIde => Service deleted successfully.
SENS => Service deleted successfully.
WS2IFSL => Service deleted successfully.
Could not move "C:\WINDOWS\system32\ueuj.pfi" => Scheduled to move on reboot.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\Windows\Installer\{074547e6-779f-553d-ee26-4c2cf95c4e81} => Moved successfully.
C:\Documents and Settings\Harv\Local Settings\Application Data\{074547e6-779f-553d-ee26-4c2cf95c4e81} => Moved successfully.
C:\Documents and Settings\Harv\appa.bat => Moved successfully.
C:\Documents and Settings\Harv\gotoehs.bat => Moved successfully.
C:\Documents and Settings\Harv\gotomm.bat => Moved successfully.
C:\Documents and Settings\Harv\gotomm37.bat => Moved successfully.
C:\Documents and Settings\Harv\groovy.bat => Moved successfully.
C:\Documents and Settings\Harv\iet.bat => Moved successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\tmp7.exe => Moved successfully.
C:\Documents and Settings\Harv\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Meggy\Local Settings\Temp\tmpCC.exe => Moved successfully.
C:\WINDOWS\Tasks\At1.job not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-30 18:17:19)<=

C:\WINDOWS\system32\ueuj.pfi => Is moved successfully.

==== End of Fixlog ====

kevinf80 · July 1, 2014

Thanks for the update, ZeroAccess is a nasty infection and may leave unwanted remnants on the system after an initial removal. Continue please:

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats" is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

Copy and paste the report in next reply.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs...

Kevin

keukaharv · July 1, 2014

OK, will work on this tonight and advise.

kevinf80 · July 1, 2014

Thanks for the update, let me know how you progress....

keukaharv · July 1, 2014

Here is ESET:

C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe.vir   a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Harv\My Documents\Downloads\wzmp_8.exe   a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application   deleted - quarantined
C:\FRST\Quarantine\C\WINDOWS\system32\rpcss.dll.xBAD   Win32/Patched.IB trojan   cleaned - quarantined
C:\FRST\Quarantine\C\WINDOWS\system32\dllcache\rpcss.dll.xBAD   Win32/Patched.IB trojan   cleaned - quarantined

And checkup.txt:

C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe.vir   a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Harv\My Documents\Downloads\wzmp_8.exe   a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application   deleted - quarantined
C:\FRST\Quarantine\C\WINDOWS\system32\rpcss.dll.xBAD   Win32/Patched.IB trojan   cleaned - quarantined
C:\FRST\Quarantine\C\WINDOWS\system32\dllcache\rpcss.dll.xBAD   Win32/Patched.IB trojan   cleaned - quarantined

kevinf80 · July 1, 2014

mmm you post same log twice, can I see the log from Security Checks...

keukaharv · July 2, 2014

Security Check

Results of screen317's Security Check version 0.99.85
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java DB 10.5.3.0
Java 6 Update 18
Java SE Development Kit 6 Update 18
Java version out of Date!
Adobe Flash Player 11.9.900.170 Flash Player out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (30.0)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

ESET

C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe.vir   a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application   deleted - quarantined
C:\Documents and Settings\Harv\My Documents\Downloads\wzmp_8.exe   a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application   deleted - quarantined
C:\FRST\Quarantine\C\WINDOWS\system32\rpcss.dll.xBAD   Win32/Patched.IB trojan   cleaned - quarantined
C:\FRST\Quarantine\C\WINDOWS\system32\dllcache\rpcss.dll.xBAD   Win32/Patched.IB trojan   cleaned - quarantined

kevinf80 · July 2, 2014

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

Next,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Next,

Security Check doe not show if a Firewall or Anti-virus program is running, Also Windows Security Center service is listed as not running, is that correct...

Let me know if the updates complete, tell me if there is an Anti-virus program installed. Also run the following and post the log:

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Kevin

Repeated outbound to 5.45.68.199 and runaway svchost.exe process

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information