GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-14 21:11:12 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3320620AS rev.3.AAE Running: e92847gb.exe; Driver: C:\Users\AGAIPI~1\AppData\Local\Temp\uxtoapod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x90FFBF3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x90FFBFE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x90FFC080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x90FFC11C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKey + 13CD 82C3A9A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C5A4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1667 82C61A24 4 Bytes [3C, BF, FF, 90] .text ntoskrnl.exe!KeRemoveQueueEx + 1937 82C61CF4 8 Bytes [E4, BF, FF, 90, 80, C0, FF, ...] {IN AL, 0xbf; CALL [EAX-0x6f003f80]} .text ntoskrnl.exe!KeRemoveQueueEx + 19AB 82C61D68 4 Bytes [1C, C1, FF, 90] .text cdrom.sys 89EE7000 10 Bytes [90, 90, 90, 90, 90, FF, 25, ...] .text cdrom.sys 89EE700B 55 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] .text cdrom.sys 89EE7043 126 Bytes [48, 10, 0B, 48, 14, 75, 06, ...] .text cdrom.sys 89EE70C2 64 Bytes [FF, 55, 8B, EC, 56, 57, FF, ...] .text cdrom.sys 89EE7103 13 Bytes [66, 39, 48, 34, 74, 55, FF, ...] .text ... ? C:\Windows\system32\drivers\cdrom.sys suspicious PE modification ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExFreePoolWithTag] FFFE3FE9 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwClose] 3050A1FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoQueryFileInformation] D86889EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExInitializeResourceLite] 6A89EF20 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExDeleteResourceLite] 6A016A37 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeInitializeEvent] 3070FF03 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeEnterCriticalRegion] FFB3C9E8 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExAcquireFastMutexUnsafe] C61E89FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExReleaseFastMutexUnsafe] 23EB0107 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeLeaveCriticalRegion] EF3050A1 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlInsertElementGenericTableAvl] 20D86889 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlDeleteElementGenericTableAvl] 386A89EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlInitializeGenericTableAvl] 026A016A IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtOpenFile] E83070FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtQueryVolumeInformationFile] FFFFB3AA IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtClose] 458B1E89 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!swprintf] 0107C61C IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlInitUnicodeString] 5F002083 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ObReferenceObjectByHandle] C25D5B5E IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoGetRelatedDeviceObject] FFE9001C IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExAcquireResourceExclusiveLite] FF8D89EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExReleaseResourceLite] FE1389EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] FE5C89EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwCreateFile] FE9689EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoGetStackLimits] FECC89EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!MmFlushImageSection] FEEF89EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!CcInitializeCacheMap] FE3689EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!CcPurgeCacheSection] FF6789EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!CcSetFileSizes] 003489EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 003489EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeSetEvent] FF3C89EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!CcFlushCache] [909089EE] \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!CcUninitializeCacheMap] 8B909090 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IofCallDriver] EC8B55FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IofCompleteRequest] 08558B51 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoSetInformation] 37480D8B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!CcCopyWrite] 565389EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!FsRtlCopyRead] 4835FF57 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoCreateDevice] FF89EF30 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwAllocateVirtualMemory] EF343015 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtQuerySystemInformation] 8BF08B89 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!_stricmp] 305E8D3E IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtOpenThread] 15FFCB8B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtQueryInformationThread] [89EF1128] \SystemRoot\system32\drivers\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlEqualUnicodeString] 8DFF4588 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!PsLookupProcessThreadByCid] FF503846 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeInitializeApc] EF10B815 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ObfReferenceObject] 74C08489 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeInsertQueueApc] BE84681B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeDelayExecutionThread] 4F6889EE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtConnectPort] 6A000002 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!PsCreateSystemThread] 0875FF00 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!LpcRequestPort] 374835FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!LpcRequestWaitReplyPort] 15FF89EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeQuerySystemTime] [89EF3440] \SystemRoot\system32\drivers\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlTimeToSecondsSince1980] 8BFF558A IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!qsort] 8086C6CB IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtCreateSection] 01000000 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExAllocatePoolWithTag] 113415FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwUnmapViewOfSection] E85789EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwFlushVirtualMemory] FFFF8E42 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtDeviceIoControlFile] 0304B7FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwCreateSymbolicLinkObject] 20680000 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoFreeWorkItem] FFC00001 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExUuidCreate] E8570875 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtCreateFile] FFFF7699 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtSetInformationFile] C95B5E5F IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtQueryDirectoryFile] 900004C2 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlTimeToTimeFields] [90909090] \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlUnicodeStringToInteger] 8B55FF8B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlTimeToSecondsSince1970] 10EC83EC IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtWriteFile] 087D8B57 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlSecondsSince1970ToTime] 4F39C933 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwQueryInformationFile] CF860F14 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwReadFile] 53000000 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlIpv4AddressToStringA] 2E778D56 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlRandomEx] 8A10468A IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeQueryInterruptTime] 45880A56 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeInsertQueue] 24068AFF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeRemoveQueue] 7E80410F IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeRundownQueue] 5588FF11 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoFreeIrp] 0B568AFE IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeInitializeQueue] 880B4588 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 4D89FD55 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeInitializeTimer] F84D89F0 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeInitializeDpc] 0092840F IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ExQueueWorkItem] 4E8D0000 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoAllocateWorkItem] 125E8D3A IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoQueueWorkItem] 8BF44D89 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeSetTimerEx] 4F3BF84D IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwOpenSection] 8A7E7314 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwMapViewOfSection] 4B3AFF4D IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!MmAllocatePagesForMdl] 8A627526 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!MmUnmapLockedPages] E180164B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!MmFreePagesFromMdl] 75C13A0F IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwOpenFile] FE4D8A58 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlHashUnicodeString] 75204B3A IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!RtlPrefixUnicodeString] FD4D8A50 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoAllocateIrp] 75214B3A IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!KeWaitForSingleObject] FA468B48 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwOpenKey] 03104B8B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwEnumerateKey] 73C83BC8 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwDeleteKey] FA4E8306 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!PoStartNextPowerIrp] 8903EBFF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!PoCallDriver] 46FEFA4E IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwQueryKey] 14478B11 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwSetSystemInformation] 39FF488D IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoCreateDriver] 2274F84D IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ObMakeTemporaryObject] 48F8452B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ZwDeleteFile] 5028C06B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ObReferenceObjectByName] 53F475FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoDriverObjectType] 107815FF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoEnumerateDeviceObjectList] C48389EF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!wcsrchr] 144FFF0C IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoDeleteDevice] 83F84DFF IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!IoDetachDevice] 6D8328EB IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!NtMapViewOfSection] 458A28F4 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!ObfDereferenceObject] F845FF0B IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!_allmul] 28F44583 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!memset] 8028C383 IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!memcpy] 0FFF117E IAT \SystemRoot\system32\drivers\cdrom.sys[ntoskrnl.exe!_aulldiv] FFFF7A85 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[3784] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) 89ED8000-89EE6000 (57344 bytes) ---- Threads - GMER 1.0.15 ---- Thread SYSTEM [4:244] 89EDF540 Thread SYSTEM [4:248] 89EDF540 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Files - GMER 1.0.15 ---- File C:\Windows\$NtUninstallKB33617$\24215007 0 bytes File C:\Windows\$NtUninstallKB33617$\24215007\@ 2048 bytes File C:\Windows\$NtUninstallKB33617$\24215007\L 0 bytes File C:\Windows\$NtUninstallKB33617$\24215007\L\xadqgnnk 108544 bytes File C:\Windows\$NtUninstallKB33617$\24215007\U 0 bytes File C:\Windows\$NtUninstallKB33617$\278486510 0 bytes ---- EOF - GMER 1.0.15 ----