Something is constantly being uploaded from my PC

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Fix97

Thread Starter
Joined
Jan 16, 2013
Messages
1
I have the same problem as this guy http://forums.techguy.org/virus-oth...471-pc-constantly-uploading-high-amounts.html but it said not to use that script but to create new post.

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:06:26, on 16/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fm...BtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fm...BtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\similarsites.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (file missing)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\similarsites.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GB_UPDATE] C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe/AUTORUN
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RockMelt Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - C:\Program Files\SimilarSites\similarsites.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A0B9EC9-3B75-493C-BFA1-34B4CECA4C5D}: NameServer = 194.106.162.10 194.106.162.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A0B9EC9-3B75-493C-BFA1-34B4CECA4C5D}: NameServer = 194.106.162.10 194.106.162.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

--
End of file - 11483 bytes


DDS



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Administrator at 23:13:18 on 2013-01-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1235 [GMT 1:00]
.
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS.0\System32\alg.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINDOWS.0\system32\NOTEPAD.EXE
C:\WINDOWS.0\system32\wbem\wmiprvse.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
C:\WINDOWS.0\system32\svchost.exe -k NetworkService
C:\WINDOWS.0\system32\svchost.exe -k LocalService
C:\WINDOWS.0\system32\svchost.exe -k LocalService
C:\WINDOWS.0\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1QzutDtDtCyC0EyCyDzyyC0FzyyB0FzyyEtCtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
uSearch Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1QzutDtDtCyC0EyCyDzyyC0FzyyB0FzyyEtCtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1880556847
uURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
EB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RockMelt Update] "c:\documents and settings\administrator\local settings\application data\rockmelt\update\RockMeltUpdate.exe" /c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [KernelFaultCheck] c:\windows.0\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GB_UPDATE] c:\program files\razer\razer game booster\AutoUpdate.exe/AUTORUN
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
dRun: [IDMan] c:\program files\internet download manager\IDMan.exe /s
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1.0\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem [email protected] 800-840\dslmon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: ForceClassicControlPanel = dword:1
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\similarsites\similarsites.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{0A0B9EC9-3B75-493C-BFA1-34B4CECA4C5D} : NameServer = 194.106.162.10 194.106.162.3
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
SecurityProviders: SecurityProviders = schannel.dll, credssp.dll, digest.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jknrdk4m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows.0\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows.0\system32\npDeployJava1.dll
FF - plugin: c:\windows.0\system32\npptools.dll
FF - ExtSQL: 2012-12-30 14:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jknrdk4m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows.0\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows.0\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows.0\system32\drivers\NBVol.sys [2012-8-14 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows.0\system32\drivers\NBVolUp.sys [2012-8-14 12464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows.0\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows.0\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows.0\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows.0\system32\drivers\avgtpx86.sys [2012-10-11 26984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows.0\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 Avgfwdx;Avgfwdx;c:\windows.0\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows.0\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows.0\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows.0\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 DroidCam;DroidCam Virtual Audio;c:\windows.0\system32\drivers\droidcam.sys [2012-8-24 21376]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows.0\system32\drivers\e4usbaw.sys [2012-8-10 104344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows.0\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows.0\system32\drivers\e4ldr.sys [2012-8-10 69656]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\admini~1\locals~1\temp\alsysio.sys --> c:\docume~1\admini~1\locals~1\temp\ALSysIO.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows.0\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 cpuz135;cpuz135;\??\c:\docume~1\admini~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows.0\system32\drivers\ssudbus.sys [2012-8-11 80824]
S3 speccy;speccy;c:\docume~1\admini~1\locals~1\temp\33e66e20-237a-483e-82b1-bccfec2f39d2 [2012-8-15 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows.0\system32\drivers\ssudmdm.sys [2012-8-11 181432]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows.0\system32\drivers\ssudobex.sys [2012-8-11 181432]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows.0\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva401;XDva401;\??\c:\windows.0\system32\xdva401.sys --> c:\windows.0\system32\XDva401.sys [?]
.
=============== Created Last 30 ================
.
2013-01-16 19:25:41 -------- d-----w- c:\program files\JDownloader
2013-01-16 19:19:29 -------- d-----w- c:\documents and settings\all users.windows.0\application data\SimilarSites
2013-01-16 19:19:17 -------- d-----w- c:\program files\SimilarSites
2013-01-16 19:19:16 -------- d-----w- c:\documents and settings\administrator\application data\SimilarSites
2013-01-16 16:50:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Transcripted
2013-01-13 09:43:16 -------- d-----w- c:\program files\common files\Steam
2013-01-13 09:43:15 -------- d-----w- c:\program files\Steam
2013-01-10 21:04:47 16369160 ----a-w- c:\windows.0\system32\FlashPlayerInstaller.exe
2013-01-04 16:31:47 -------- d-----w- c:\documents and settings\administrator\application data\AVG Secure Search
2013-01-04 16:29:04 -------- d-----w- C:\BrickForce
2013-01-04 16:19:32 -------- d-----w- c:\documents and settings\administrator\application data\Unity
2013-01-04 15:23:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Unity
2012-12-26 09:05:06 -------- d-----w- c:\documents and settings\all users.windows.0\application data\MumboJumbo
2012-12-26 09:05:06 -------- d-----w- c:\documents and settings\administrator\application data\MumboJumbo
2012-12-25 19:42:44 -------- d-----w- c:\windows.0\Zuma's Revenge
2012-12-25 19:42:44 -------- d-----w- c:\program files\Zuma's Revenge
2012-12-24 11:27:10 -------- d-----w- c:\program files\SystemRequirementsLab
2012-12-23 11:53:57 26176 ---ha-w- c:\windows.0\system32\hamachi.sys
2012-12-23 11:48:45 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-23 09:25:48 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Razer
2012-12-20 20:15:24 -------- d-----w- c:\documents and settings\administrator\application data\LolClient
2012-12-20 20:00:48 -------- d-----w- C:\test
2012-12-20 19:27:43 -------- d-----w- c:\documents and settings\administrator\apktool
2012-12-20 17:43:22 -------- d-----w- C:\Riot Games
2012-12-20 14:09:28 5632 ----a-w- c:\windows.0\system32\ptpusb.dll
2012-12-20 14:09:27 15104 ----a-w- c:\windows.0\system32\drivers\usbscan.sys
2012-12-20 14:09:26 159232 ----a-w- c:\windows.0\system32\ptpusd.dll
2012-12-19 19:51:52 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PMB Files
2012-12-19 19:51:46 -------- d-----w- c:\documents and settings\all users.windows.0\application data\PMB Files
2012-12-19 19:50:49 -------- d-----w- c:\program files\Pando Networks
2012-12-18 20:09:33 -------- d-----w- c:\documents and settings\administrator\.thumbnails
2012-12-18 16:51:25 -------- d-----w- c:\documents and settings\administrator\hsperfdata_Administrator
2012-12-18 16:38:22 -------- d-----w- C:\cygwin
2012-12-18 16:36:09 680467 ----a-w- C:\setup.exe
2012-12-18 16:35:49 -------- d-----w- C:\cygwin_packages
2012-12-18 16:19:48 -------- d-----w- c:\program files\Sun
2012-12-18 15:03:27 -------- d-----w- c:\program files\Advanced Tactical Center
2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-01-10 21:05:04 697864 ----a-w- c:\windows.0\system32\FlashPlayerApp.exe
2013-01-10 21:05:03 74248 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2012-11-15 09:46:18 278728 ----a-w- c:\windows.0\system32\drivers\atksgt.sys
2012-11-15 09:46:17 25416 ----a-w- c:\windows.0\system32\drivers\lirsgt.sys
2012-11-08 10:49:52 26984 ----a-w- c:\windows.0\system32\drivers\avgtpx86.sys
.
============= FINISH: 23:13:44.78 ===============



DDS attach



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/08/2012 15:01:42
System Uptime: 16/01/2013 22:34:33 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-K8NF-9-RH
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 939 | 1809/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 30.721 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&13699180&0&3848
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&13699180&0&3848
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 Plugin
Adobe Photoshop CS4
Adobe Reader X (10.1.5)
Advanced Tactical Center™ 1.12
Alien Swarm
Android SDK Tools
Athlon 64 Processor Driver
AVG 2012
AVG Security Toolbar
Borland Delphi 7
Brick-Force
CCleaner
Cheat Engine 6.1
CINEMA 4D 11.514
Component Set For Windows 2000 (NT)
Contrast PlanPlus MMI
Counter Strike 1.6 FULL v44
Counter Strike 1.6 Map Pack
Counter Strike 1.6 v5.5 Steam Release
EASEUS Data Recovery Wizard Professional 5.5.1 Retail
GetDataBack for NTFS
GIMP 2.6.11
Google Chrome
HashTab
Helldorado
Java 7 Update 9
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 20
JavaFX 2.1.1
JDownloader 0.9
League of Legends
LogMeIn Hamachi
m0d_s0beit_3.4
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable - SP1 x86 8.0.59193
Microsoft Visual C++ 2008 Redistributable - SP1 x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 11 Mini Repack
Nero Backup Drivers
Notepad++
NVIDIA Drivers
NVIDIA PhysX v8.09.04
Pando Media Booster
Razer Game Booster
Realtek AC'97 Audio
Registry Mechanic 10.0.0.132
RockMelt
SAGEM [email protected] 800-840
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
SimilarSites
Skype Click to Call
Skype™ 6.0
Steam
System Requirements Lab CYRI
TeamSpeak 3 Client
Tom Clancy's Splinter Cell Chaos Theory
Transcripted Alienware Demo
Unity Web Player
Unlocker 1.9.0
Vuze
Warsow 1.0
WebFldrs XP
WinRAR archiver
World of Tanks
Xvid 1.1.2 final uninstall
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
16/01/2013 13:41:38, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
16/01/2013 13:11:38, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
16/01/2013 12:56:37, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================


GMER



GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-16 23:18:32
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000078 Maxtor_6L160M0 rev.BACE1G10 149.05GB
Running: ydlqi9yp.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdapod.sys


---- System - GMER 2.0 ----

SSDT sptd.sys ZwCreateKey [0xB7ECFA50]
SSDT sptd.sys ZwEnumerateKey [0xB7F03FFE]
SSDT sptd.sys ZwEnumerateValueKey [0xB7F0438C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA0E3C004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA0E3C0D4]
SSDT sptd.sys ZwOpenKey [0xB7ECFA30]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0E3BD76]
SSDT sptd.sys ZwQueryKey [0xB7F04464]
SSDT \??\C:\WINDOWS.0\system32\drivers\avgtpx86.sys (AVG Technologies) ZwQueryValueKey [0xB81B91EA]
SSDT sptd.sys ZwSetValueKey [0xB7F044F6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0E3BE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0E3BEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA0E3BF56]

INT 0x63 ? 89D94CC8
INT 0x73 ? 89D94CC8
INT 0x82 ? 89DC4CC8
INT 0xA4 ? 89C5ACC8
INT 0xB4 ? 89C5ACC8

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2648 80501E80 4 Bytes JMP FCB81B91
.text sptd.sys B7E95000 32 Bytes [5A, 77, 6D, 80, 20, 27, 6D, ...]
.text sptd.sys B7E95024 4 Bytes [74, 7F, E8, B7]
.text sptd.sys B7E9502D 119 Bytes JMP 8F33D08F
.text sptd.sys B7E950A5 255 Bytes [5C, 53, 80, 05, 7A, 53, 80, ...]
.text sptd.sys B7E951A5 47 Bytes [4F, 54, 80, 04, 1A, 53, 80, ...]
.text ...
.sptd2 C:\WINDOWS.0\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F8CD38]
? C:\WINDOWS.0\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B6920934 5 Bytes JMP 89C5A1D8
.text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB49B3360, 0x3D46A5, 0xE8000020]
.text C:\WINDOWS.0\system32\DRIVERS\atksgt.sys section is writeable [0xA0BFB300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS.0\system32\DRIVERS\lirsgt.sys section is writeable [0xB1793300, 0x1B7E, 0xE8000020]
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Kernel IAT/EAT - GMER 2.0 ----

IAT \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E96574] sptd.sys
IAT \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E960C0] sptd.sys
IAT \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E96FE0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E960C0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E96362] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E962A4] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E971BC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E96FE0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EAB312] sptd.sys

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[708] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.0\Explorer.EXE[776] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[976] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1176] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[1392] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[2344] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\RockMelt\Application\rockmelt.exe[3760] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792

---- EOF - GMER 2.0 ----

i hope i gave you enough info about problem :/
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top