1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Something is constantly being uploaded from my PC

Discussion in 'Virus & Other Malware Removal' started by Fix97, Jan 16, 2013.

Thread Status:
Not open for further replies.
  1. Fix97

    Fix97 Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    1
    I have the same problem as this guy http://forums.techguy.org/virus-oth...471-pc-constantly-uploading-high-amounts.html but it said not to use that script but to create new post.

    HIJACKTHIS LOG

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:06:26, on 16/01/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\WINDOWS.0\system32\RUNDLL32.EXE
    C:\WINDOWS.0\SOUNDMAN.EXE
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\WINDOWS.0\system32\PnkBstrA.exe
    C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\avgidsagent.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fm...BtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fm...BtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
    R3 - URLSearchHook: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\similarsites.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (file missing)
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll (file missing)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\similarsites.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [GB_UPDATE] C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe/AUTORUN
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [RockMelt Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe" /c
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - C:\Program Files\SimilarSites\similarsites.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0A0B9EC9-3B75-493C-BFA1-34B4CECA4C5D}: NameServer = 194.106.162.10 194.106.162.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0A0B9EC9-3B75-493C-BFA1-34B4CECA4C5D}: NameServer = 194.106.162.10 194.106.162.3
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

    --
    End of file - 11483 bytes


    DDS



    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Administrator at 23:13:18 on 2013-01-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1235 [GMT 1:00]
    .
    .
    ============== Running Processes ================
    .
    \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\WINDOWS.0\system32\RUNDLL32.EXE
    C:\WINDOWS.0\SOUNDMAN.EXE
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\WINDOWS.0\system32\PnkBstrA.exe
    C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\avgidsagent.exe
    C:\WINDOWS.0\System32\alg.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    C:\WINDOWS.0\system32\NOTEPAD.EXE
    C:\WINDOWS.0\system32\wbem\wmiprvse.exe
    C:\WINDOWS.0\System32\svchost.exe -k netsvcs
    C:\WINDOWS.0\system32\svchost.exe -k NetworkService
    C:\WINDOWS.0\system32\svchost.exe -k LocalService
    C:\WINDOWS.0\system32\svchost.exe -k LocalService
    C:\WINDOWS.0\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1QzutDtDtCyC0EyCyDzyyC0FzyyB0FzyyEtCtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
    uSearch Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/
    mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1QzutDtDtCyC0EyCyDzyyC0FzyyB0FzyyEtCtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
    uURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    mURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
    mWinlogon: SFCDisable = dword:-99
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
    EB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
    uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [RockMelt Update] "c:\documents and settings\administrator\local settings\application data\rockmelt\update\RockMeltUpdate.exe" /c
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [KernelFaultCheck] c:\windows.0\system32\dumprep 0 -k
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [GB_UPDATE] c:\program files\razer\razer game booster\AutoUpdate.exe/AUTORUN
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    dRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
    dRun: [IDMan] c:\program files\internet download manager\IDMan.exe /s
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\alluse~1.0\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem [email protected] 800-840\dslmon.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: ForceClassicControlPanel = dword:1
    uPolicies-Explorer: NoResolveTrack = dword:1
    uPolicies-Explorer: NoRecentDocsNetHood = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: ForceClassicControlPanel = dword:1
    mPolicies-Explorer: NoResolveTrack = dword:1
    mPolicies-Explorer: NoRecentDocsNetHood = dword:1
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{0A0B9EC9-3B75-493C-BFA1-34B4CECA4C5D} : NameServer = 194.106.162.10 194.106.162.3
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
    SecurityProviders: SecurityProviders = schannel.dll, credssp.dll, digest.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jknrdk4m.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
    FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\windows.0\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows.0\system32\npDeployJava1.dll
    FF - plugin: c:\windows.0\system32\npptools.dll
    FF - ExtSQL: 2012-12-30 14:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jknrdk4m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows.0\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows.0\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R0 NBVol;Nero Backup Volume Filter Driver;c:\windows.0\system32\drivers\NBVol.sys [2012-8-14 56496]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows.0\system32\drivers\NBVolUp.sys [2012-8-14 12464]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows.0\system32\drivers\avgldx86.sys [2012-7-26 237408]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows.0\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows.0\system32\drivers\avgtdix.sys [2012-8-24 301920]
    R1 avgtp;avgtp;c:\windows.0\system32\drivers\avgtpx86.sys [2012-10-11 26984]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows.0\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R3 Avgfwdx;Avgfwdx;c:\windows.0\system32\drivers\avgfwdx.sys [2012-1-12 30944]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows.0\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows.0\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows.0\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 DroidCam;DroidCam Virtual Audio;c:\windows.0\system32\drivers\droidcam.sys [2012-8-24 21376]
    R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows.0\system32\drivers\e4usbaw.sys [2012-8-10 104344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows.0\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows.0\system32\drivers\e4ldr.sys [2012-8-10 69656]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 ALSysIO;ALSysIO;\??\c:\docume~1\admini~1\locals~1\temp\alsysio.sys --> c:\docume~1\admini~1\locals~1\temp\ALSysIO.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows.0\system32\drivers\avgfwdx.sys [2012-1-12 30944]
    S3 cpuz135;cpuz135;\??\c:\docume~1\admini~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows.0\system32\drivers\ssudbus.sys [2012-8-11 80824]
    S3 speccy;speccy;c:\docume~1\admini~1\locals~1\temp\33e66e20-237a-483e-82b1-bccfec2f39d2 [2012-8-15 6656]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows.0\system32\drivers\ssudmdm.sys [2012-8-11 181432]
    S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows.0\system32\drivers\ssudobex.sys [2012-8-11 181432]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows.0\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 XDva401;XDva401;\??\c:\windows.0\system32\xdva401.sys --> c:\windows.0\system32\XDva401.sys [?]
    .
    =============== Created Last 30 ================
    .
    2013-01-16 19:25:41 -------- d-----w- c:\program files\JDownloader
    2013-01-16 19:19:29 -------- d-----w- c:\documents and settings\all users.windows.0\application data\SimilarSites
    2013-01-16 19:19:17 -------- d-----w- c:\program files\SimilarSites
    2013-01-16 19:19:16 -------- d-----w- c:\documents and settings\administrator\application data\SimilarSites
    2013-01-16 16:50:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Transcripted
    2013-01-13 09:43:16 -------- d-----w- c:\program files\common files\Steam
    2013-01-13 09:43:15 -------- d-----w- c:\program files\Steam
    2013-01-10 21:04:47 16369160 ----a-w- c:\windows.0\system32\FlashPlayerInstaller.exe
    2013-01-04 16:31:47 -------- d-----w- c:\documents and settings\administrator\application data\AVG Secure Search
    2013-01-04 16:29:04 -------- d-----w- C:\BrickForce
    2013-01-04 16:19:32 -------- d-----w- c:\documents and settings\administrator\application data\Unity
    2013-01-04 15:23:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Unity
    2012-12-26 09:05:06 -------- d-----w- c:\documents and settings\all users.windows.0\application data\MumboJumbo
    2012-12-26 09:05:06 -------- d-----w- c:\documents and settings\administrator\application data\MumboJumbo
    2012-12-25 19:42:44 -------- d-----w- c:\windows.0\Zuma's Revenge
    2012-12-25 19:42:44 -------- d-----w- c:\program files\Zuma's Revenge
    2012-12-24 11:27:10 -------- d-----w- c:\program files\SystemRequirementsLab
    2012-12-23 11:53:57 26176 ---ha-w- c:\windows.0\system32\hamachi.sys
    2012-12-23 11:48:45 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-12-23 09:25:48 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Razer
    2012-12-20 20:15:24 -------- d-----w- c:\documents and settings\administrator\application data\LolClient
    2012-12-20 20:00:48 -------- d-----w- C:\test
    2012-12-20 19:27:43 -------- d-----w- c:\documents and settings\administrator\apktool
    2012-12-20 17:43:22 -------- d-----w- C:\Riot Games
    2012-12-20 14:09:28 5632 ----a-w- c:\windows.0\system32\ptpusb.dll
    2012-12-20 14:09:27 15104 ----a-w- c:\windows.0\system32\drivers\usbscan.sys
    2012-12-20 14:09:26 159232 ----a-w- c:\windows.0\system32\ptpusd.dll
    2012-12-19 19:51:52 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PMB Files
    2012-12-19 19:51:46 -------- d-----w- c:\documents and settings\all users.windows.0\application data\PMB Files
    2012-12-19 19:50:49 -------- d-----w- c:\program files\Pando Networks
    2012-12-18 20:09:33 -------- d-----w- c:\documents and settings\administrator\.thumbnails
    2012-12-18 16:51:25 -------- d-----w- c:\documents and settings\administrator\hsperfdata_Administrator
    2012-12-18 16:38:22 -------- d-----w- C:\cygwin
    2012-12-18 16:36:09 680467 ----a-w- C:\setup.exe
    2012-12-18 16:35:49 -------- d-----w- C:\cygwin_packages
    2012-12-18 16:19:48 -------- d-----w- c:\program files\Sun
    2012-12-18 15:03:27 -------- d-----w- c:\program files\Advanced Tactical Center
    2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2013-01-10 21:05:04 697864 ----a-w- c:\windows.0\system32\FlashPlayerApp.exe
    2013-01-10 21:05:03 74248 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
    2012-11-15 09:46:18 278728 ----a-w- c:\windows.0\system32\drivers\atksgt.sys
    2012-11-15 09:46:17 25416 ----a-w- c:\windows.0\system32\drivers\lirsgt.sys
    2012-11-08 10:49:52 26984 ----a-w- c:\windows.0\system32\drivers\avgtpx86.sys
    .
    ============= FINISH: 23:13:44.78 ===============



    DDS attach



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/08/2012 15:01:42
    System Uptime: 16/01/2013 22:34:33 (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-K8NF-9-RH
    Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 939 | 1809/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 30.721 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&13699180&0&3848
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&13699180&0&3848
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS4
    Adobe Reader X (10.1.5)
    Advanced Tactical Center™ 1.12
    Alien Swarm
    Android SDK Tools
    Athlon 64 Processor Driver
    AVG 2012
    AVG Security Toolbar
    Borland Delphi 7
    Brick-Force
    CCleaner
    Cheat Engine 6.1
    CINEMA 4D 11.514
    Component Set For Windows 2000 (NT)
    Contrast PlanPlus MMI
    Counter Strike 1.6 FULL v44
    Counter Strike 1.6 Map Pack
    Counter Strike 1.6 v5.5 Steam Release
    EASEUS Data Recovery Wizard Professional 5.5.1 Retail
    GetDataBack for NTFS
    GIMP 2.6.11
    Google Chrome
    HashTab
    Helldorado
    Java 7 Update 9
    Java Auto Updater
    Java DB 10.5.3.0
    Java(TM) 6 Update 22
    Java(TM) SE Development Kit 6 Update 20
    JavaFX 2.1.1
    JDownloader 0.9
    League of Legends
    LogMeIn Hamachi
    m0d_s0beit_3.4
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable - SP1 x86 8.0.59193
    Microsoft Visual C++ 2008 Redistributable - SP1 x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WinUsb 1.0
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 11 Mini Repack
    Nero Backup Drivers
    Notepad++
    NVIDIA Drivers
    NVIDIA PhysX v8.09.04
    Pando Media Booster
    Razer Game Booster
    Realtek AC'97 Audio
    Registry Mechanic 10.0.0.132
    RockMelt
    SAGEM [email protected] 800-840
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    SimilarSites
    Skype Click to Call
    Skype™ 6.0
    Steam
    System Requirements Lab CYRI
    TeamSpeak 3 Client
    Tom Clancy's Splinter Cell Chaos Theory
    Transcripted Alienware Demo
    Unity Web Player
    Unlocker 1.9.0
    Vuze
    Warsow 1.0
    WebFldrs XP
    WinRAR archiver
    World of Tanks
    Xvid 1.1.2 final uninstall
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    16/01/2013 13:41:38, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    16/01/2013 13:11:38, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    16/01/2013 12:56:37, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    .
    ==== End Of File ===========================


    GMER



    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-16 23:18:32
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000078 Maxtor_6L160M0 rev.BACE1G10 149.05GB
    Running: ydlqi9yp.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdapod.sys


    ---- System - GMER 2.0 ----

    SSDT sptd.sys ZwCreateKey [0xB7ECFA50]
    SSDT sptd.sys ZwEnumerateKey [0xB7F03FFE]
    SSDT sptd.sys ZwEnumerateValueKey [0xB7F0438C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA0E3C004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA0E3C0D4]
    SSDT sptd.sys ZwOpenKey [0xB7ECFA30]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0E3BD76]
    SSDT sptd.sys ZwQueryKey [0xB7F04464]
    SSDT \??\C:\WINDOWS.0\system32\drivers\avgtpx86.sys (AVG Technologies) ZwQueryValueKey [0xB81B91EA]
    SSDT sptd.sys ZwSetValueKey [0xB7F044F6]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0E3BE1E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0E3BEBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA0E3BF56]

    INT 0x63 ? 89D94CC8
    INT 0x73 ? 89D94CC8
    INT 0x82 ? 89DC4CC8
    INT 0xA4 ? 89C5ACC8
    INT 0xB4 ? 89C5ACC8

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2648 80501E80 4 Bytes JMP FCB81B91
    .text sptd.sys B7E95000 32 Bytes [5A, 77, 6D, 80, 20, 27, 6D, ...]
    .text sptd.sys B7E95024 4 Bytes [74, 7F, E8, B7]
    .text sptd.sys B7E9502D 119 Bytes JMP 8F33D08F
    .text sptd.sys B7E950A5 255 Bytes [5C, 53, 80, 05, 7A, 53, 80, ...]
    .text sptd.sys B7E951A5 47 Bytes [4F, 54, 80, 04, 1A, 53, 80, ...]
    .text ...
    .sptd2 C:\WINDOWS.0\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F8CD38]
    ? C:\WINDOWS.0\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text USBPORT.SYS!DllUnload B6920934 5 Bytes JMP 89C5A1D8
    .text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB49B3360, 0x3D46A5, 0xE8000020]
    .text C:\WINDOWS.0\system32\DRIVERS\atksgt.sys section is writeable [0xA0BFB300, 0x3ACC8, 0xE8000020]
    .text C:\WINDOWS.0\system32\DRIVERS\lirsgt.sys section is writeable [0xB1793300, 0x1B7E, 0xE8000020]
    ? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Kernel IAT/EAT - GMER 2.0 ----

    IAT \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E96574] sptd.sys
    IAT \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E960C0] sptd.sys
    IAT \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E96FE0] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E960C0] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E96362] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E962A4] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E971BC] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E96FE0] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EAB312] sptd.sys

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792

    ---- EOF - GMER 2.0 ----

    i hope i gave you enough info about problem :/
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Something constantly being
  1. aimee
    Replies:
    32
    Views:
    1,469
  2. Wiktor1
    Replies:
    0
    Views:
    463
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085571

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice