GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-16 22:21:57 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3320620AS rev.3.AAE Running: e92847gb.exe; Driver: C:\Users\AGAIPI~1\AppData\Local\Temp\uxtoapod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0186F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0186FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0187080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA018711C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKey + 13CD 82C849A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA44E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1667 82CABA24 4 Bytes [3C, 6F, 18, A0] .text ntoskrnl.exe!KeRemoveQueueEx + 1937 82CABCF4 8 Bytes [E4, 6F, 18, A0, 80, 70, 18, ...] {IN AL, 0x6f; SBB [EAX-0x5fe78f80], AH} .text ntoskrnl.exe!KeRemoveQueueEx + 19AB 82CABD68 4 Bytes [1C, 71, 18, A0] ? C:\Windows\system32\DRIVERS\avgtdix.sys suspicious PE modification ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [71079832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [7107A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [710794D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [710794E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [710794B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [710794A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [7107AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [7107A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [71079832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [71079832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [71079832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [710792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [71079E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[1916] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75B6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0040EFB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0040EDB0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0040EF20] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) IAT C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe[2512] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040EFD0] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero MediaHome/Nero AG) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) 89F97000-89FA5000 (57344 bytes) ---- Threads - GMER 1.0.15 ---- Thread SYSTEM [4:252] 89F9E540 Thread SYSTEM [4:256] 89F9E540 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C98D8F99-6764-11DF-B3CE-806E6F6E6963} 41428287312 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Files - GMER 1.0.15 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS106B4.log 1048576 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_d8n.cfs 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_da6.cfs 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dbp.cfs 81190 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dcx.cfs 66224 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f0 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f1 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f10 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f11 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f12 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f13 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f14 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f15 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f16 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f17 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f18 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f19 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f2 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f20 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f3 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f4 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f5 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f6 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f7 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f8 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.f9 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.fdt 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.fdx 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.fnm 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.frq 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.prx 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.tii 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero\Nero MediaHome 4\idxx\_dd8.tis 0 bytes File C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\lucene-af2f76f1de300f0deb77b820140a8c32-write.lock 0 bytes File C:\Windows\$NtUninstallKB33617$\24215007 0 bytes File C:\Windows\$NtUninstallKB33617$\24215007\@ 2048 bytes File C:\Windows\$NtUninstallKB33617$\24215007\L 0 bytes File C:\Windows\$NtUninstallKB33617$\24215007\L\xadqgnnk 295248 bytes File C:\Windows\$NtUninstallKB33617$\24215007\U 0 bytes File C:\Windows\$NtUninstallKB33617$\615364845 0 bytes ---- EOF - GMER 1.0.15 ----