1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow start-up Windows Vista

Discussion in 'Virus & Other Malware Removal' started by markarce, Dec 22, 2010.

Thread Status:
Not open for further replies.
  1. markarce

    markarce Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    1
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:32:34 AM, on 12/23/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\System Control Manager\MGSysCtrl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\Arce\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Arce\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\Arce\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 9011 bytes




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Arce at 0:36:32.48 on Thu 12/23/2010
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1916.546 [GMT 8:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\System Control Manager\MSIService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\System Control Manager\MGSysCtrl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Arce\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Arce\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [Google Update] "c:\users\arce\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [RockMelt Update] "c:\users\arce\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\arce\appdata\roaming\mozilla\firefox\profiles\86w3jwu7.default\
    FF - prefs.js: network.proxy.ftp - proxy.up.edu.ph
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - proxy.up.edu.ph
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - proxy.up.edu.ph
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - proxy.up.edu.ph
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - proxy.up.edu.ph
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\arce\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\arce\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: FacePAD: Facebook Photo Album Downloader: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - %profile%\extensions\{43c35458-c907-439b-bcfd-07d373834689}

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-13 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-13 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-13 61960]
    R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2010-5-26 159744]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-10-18 101120]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2010-10-25 105344]

    =============== Created Last 30 ================

    2010-12-20 06:47:06 -------- d-----w- c:\program files\iPod
    2010-12-20 02:27:54 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{2be3306f-486e-46ac-8e9b-e6ba5e2936a8}\mpengine.dll
    2010-12-19 15:00:01 -------- d-----w- c:\users\arce\appdata\local\RockMelt
    2010-12-16 18:57:01 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-16 08:07:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-16 07:40:36 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-16 07:40:35 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-16 07:40:33 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-16 07:40:32 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-16 07:40:32 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-16 06:22:05 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-12-16 06:11:33 81920 ----a-w- c:\windows\system32\consent.exe
    2010-12-16 06:11:26 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-16 06:11:25 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-16 06:11:24 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-12-16 05:44:35 515584 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-16 05:44:34 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2010-12-16 05:44:32 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2010-12-02 01:42:49 -------- d-----w- c:\program files\Super Meat Boy
    2010-12-02 01:30:06 -------- d--h--w- c:\windows\msdownld.tmp
    2010-12-02 01:30:03 -------- d-----w- c:\windows\system32\directx
    2010-12-01 09:07:43 1892184 ----a-w- c:\windows\system32\d3dx9_42.dll
    2010-11-29 09:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 09:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-25 06:48:45 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 0:37:55.37 ===============


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-23 01:18:16
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
    Running: q25rdtbn.exe; Driver: C:\Users\Arce\AppData\Local\Temp\uxldqpog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CC0A320, 0x3EEFB7, 0xE8000020]
    ? System32\Drivers\SCDEmu.SYS The system cannot find the path specified. !
    ? C:\Users\Arce\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 16, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtCreateFile + 6 777F43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtCreateFile + B 777F43DF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 1 Byte [28]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtMapViewOfSection + 6 777F4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtMapViewOfSection + B 777F4B2F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenFile + 6 777F4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenFile + B 777F4BBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenProcess + 6 777F4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenProcess + B 777F4C3F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenProcessToken + B 777F4C4F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenProcessTokenEx + 6 777F4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenProcessTokenEx + B 777F4C5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenThread + 6 777F4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenThread + B 777F4CAF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenThreadToken + 6 777F4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenThreadToken + B 777F4CBF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtOpenThreadTokenEx + B 777F4CCF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtQueryAttributesFile + 6 777F4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtQueryAttributesFile + B 777F4D5F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtQueryFullAttributesFile + B 777F4E0F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtSetInformationFile + 6 777F52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtSetInformationFile + B 777F52EF 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtSetInformationThread + 6 777F533A 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtSetInformationThread + B 777F533F 1 Byte [E2]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 1 Byte [68]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtUnmapViewOfSection + 6 777F55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] ntdll.dll!NtUnmapViewOfSection + B 777F55DF 1 Byte [E2]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74317817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7436A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7431BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7430F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7430E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74348395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7431DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7430FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7430FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7439CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7433C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7430D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74306853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7430687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[712] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74312AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[1488] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2000] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[2876] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4008] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4204] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4772] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[4804] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[5548] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5552] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
    IAT C:\Users\Arce\AppData\Local\RockMelt\Application\rockmelt.exe[5788] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970013

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice