GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-31 16:07:24 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: 24xws0x7.exe; Driver: C:\Users\Damian\AppData\Local\Temp\kwdiqpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\nvvsvc.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff96013169a 4 bytes [13, 60, F9, 7F] .text C:\Windows\system32\nvvsvc.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9601316a2 4 bytes [13, 60, F9, 7F] .text C:\Windows\system32\nvvsvc.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff96013181a 4 bytes [13, 60, F9, 7F] .text C:\Windows\system32\nvvsvc.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff960131832 4 bytes [13, 60, F9, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2032] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff96013169a 4 bytes [13, 60, F9, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2032] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff9601316a2 4 bytes [13, 60, F9, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2032] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ff96013181a 4 bytes [13, 60, F9, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2032] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ff960131832 4 bytes [13, 60, F9, 7F] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_initterm] [3a64656c69616620] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!malloc] [7573657268212520] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_amsg_exit] [909090900021746c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_XcptFilter] [676e696863746546] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!swscanf_s] [736e6f7073657220] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!wcschr] [657220726f662065] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!free] [5325203a74726f70] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!towupper] [9090909090909000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_wtoi] [9090909090909090] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_lock] [610063006f004c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memcpy_s] [350034005c006c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_vsnprintf] [30003000440045] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memset] [33002d00420035] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memcmp] [2d004300330031] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memcpy] [43003400360034] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!strchr] [4500430041002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!__CxxFrameHandler3] [450037002d0032] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_unlock] [30004600350031] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!sqrtf] [32003100390036] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!__dllonexit] [9090000000460033] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_onexit] [657461756c617645] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memmove] [65736e6f70736552] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_vsnwprintf] [3a64656c69614620] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[msvcrt.dll!wcscmp] [7573657268212520] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!RtlVirtualUnwind] [725068636e75614c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!RtlLookupFunctionEntry] [6c72557963617669] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!RtlCaptureContext] [3a64656c69614620] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmAddToStream] [7573657268212520] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmIsOptedIn] [909090900021746c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmSetDWORD] [9090909090909090] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmIncrementDWORD] [676e696c62616e45] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwEventUnregister] [7020657565757120] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwEventRegister] [676e697265747365] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwUnregisterTraceGuids] [6572656874202d20] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwRegisterTraceGuidsW] [6972632065726120] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwGetTraceEnableFlags] [6572206c61636974] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwGetTraceEnableLevel] [6e69207374726f70] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwGetTraceLoggerHandle] [6575712065687420] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwEventWrite] [657320726f206575] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwTraceMessage] [76656c20646e6f63] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateRectRgn] [12de0d8d48000000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!RestoreDC] [fd15ffd48b410000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!SaveDC] [1bba000b91] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateCompatibleBitmap] [15ffccfffffeede9] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!StretchBlt] [b5e8c88b000b931c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetStretchBltMode] [d8b48d88b0000d9] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetPixel] [25058d48000af02c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!ExtFloodFill] [840fc83b48000af0] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetStockObject] [11c41f6ffffa5cc] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetMagicColors] [8d48ffffa5c2840f] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetRegionData] [ffd38b0009c3b30d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!GdiAlphaBlend] [568d41000b91b315] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!BitBlt] [aeff80d8b481c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetLayout] [440009c3d1058d4c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetObjectW] [19e810498b48cb8b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetTextColor] [ffffa590e90000b4] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetBkMode] [d50d8b48dc8b41cc] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateFontIndirectW] [efce058d48000aef] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateSolidBrush] [f62174c83b48000a] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateDIBSection] [d8d481b74011c41] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateCompatibleDC] [ffd48b4100001244] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!DeleteObject] [1dba000b916315] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!DeleteDC] [ccfffffe53e90000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!SelectObject] [fc98548084f8b48] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetDeviceCaps] [b756e8ffffa55384] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSystemMetrics] [7265766965636552] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!FindWindowExW] [3a64656c69616620] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!PostThreadMessageW] [7573657268212520] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!MessageBoxW] [909090900021746c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!InflateRect] [7373656c64616548] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CopyRect] [726564616f6c7055] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!OpenIcon] [3a64656c69616620] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!FindWindowW] [7573657268212520] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetShellWindow] [909090900021746c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSysColorBrush] [6e6f437472617453] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadBitmapW] [70556465746e6573] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CharUpperBuffW] [6961662064616f6c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CharLowerW] [682125203a64656c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!IsCharUpperW] [21746c75736572] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!DestroyIcon] [677261206c6c754e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgItemInt] [724543206f742073] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!IsDlgButtonChecked] [74533a3a70704163] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgCtrlID] [9090909000747261] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!InvalidateRect] [616d6d6f63206f4e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawIconEx] [20656e696c20646e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!MoveWindow] [746e656d75677261] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumChildWindows] [9090909090900073] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!EndTask] [7300690064002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SendMessageTimeoutW] [790061006c0070] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetWindowLongW] [70007300650072] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadIconW] [650073006e006f] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetDlgItemTextW] [9090909090900000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetDlgItemInt] [7300650072002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CheckDlgButton] [73006e006f0070] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SendDlgItemMessageW] [73006500700065] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterClassW] [7200650074] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClassInfoW] [6d00640061002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!RedrawWindow] [720061006e0069] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CallWindowProcW] [76006900680063] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindow] [9090909000000065] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!IsWindow] [77006f0064002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgItem] [61006f006c006e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!EnableWindow] [6c006e006f0064] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SendMessageW] [9090909000000079] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetFocus] [6500680063002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadImageW] [650072006b0063] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!WaitForInputIdle] [6e006f00700073] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CharNextW] [61007000650073] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawTextW] [9090000000680074] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindowLongW] [6f70736552727473] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!OffsetRect] [6e496c6d5865736e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetMonitorInfoW] [706f432068746150] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!MonitorFromPoint] [64656c6961462079] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!ValidateRect] [736572682125203a] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetForegroundWindow] [9090900021746c75] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!ShowWindow] [7300650072002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!FillRect] [73006e006f0070] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClientRect] [740075006f0065] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!EndPaint] [9090909090900000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!BeginPaint] [6f70736552727473] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!PostQuitMessage] [754f6c6d5865736e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!KillTimer] [6f43206874615074] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!DestroyWindow] [656c696146207970] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetTimer] [6572682125203a64] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindowLongPtrW] [90900021746c7573] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetMessageW] [750061006c002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CreateWindowExW] [7200680063006e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!CreateWindowInBand] [6f007000730065] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterWindowMessageW] [650073006e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SystemParametersInfoW] [750061006c002d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!UnregisterClassW] [7000680063006e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetWindowLongPtrW] [61007600690072] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterClassExW] [72007500790063] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadStringW] [909090900000006c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SendNotifyMessageW] [206e776f6e6b6e55] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadCursorW] [746e656d75677261] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetCursor] [909090005325203a] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!SetSysColors] [616974696e496f43] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSysColor] [61704120657a696c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!ReleaseDC] [5420746e656d7472] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDC] [2064656461657268] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!DispatchMessageW] [203a64656c696146] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!TranslateMessage] [6c75736572682125] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!PeekMessageW] [9090909090002174] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!MsgWaitForMultipleObjects] [6574616470556f44] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!PostMessageW] [6166206b63656843] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetParent] [2125203a64656c69] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumWindows] [21746c7573657268] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClassNameW] [9090909090909000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrDupW] [238348ffffa64584] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpNW] [20c48348d38b4800] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!UrlCompareW] [b8de025ff485b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveFileSpecW] [33cc909090909090] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRStrIW] [90000b911915ffc9] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsPrefixW] [9090ccffffa5d7e9] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsNetworkPathW] [9090909090909090] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsRelativeW] [3a64656c62617369] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHStrDupW] [69626163696c7070] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetUSValueW] [6e6f6d207969746c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!UrlEscapeW] [90909000726f7469] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHCreateStreamOnFileEx] [626163696c707041] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpNIW] [64656c6961662074] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathUnExpandEnvStringsW] [736572682125203a] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrStrIW] [9090900021746c75] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpIW] [6f70736572746547] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrFormatByteSizeW] [6163696669746f4e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathStripToRootW] [64656c6961662074] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveFileSpecA] [736572682125203a] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathStripPathA] [9090900021746c75] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRChrA] [626163696c707041] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathAddBackslashW] [6f6d207974696c69] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathQuoteSpacesW] [6f6c20746f6e2073] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegSetPathW] [6365622064656461] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrToIntW] [5245572065737561] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathAppendW] [6173696420736920] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrStrW] [9090900064656c62] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathCombineW] [4c646e616d6d6f43] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveExtensionW] [6772416f54656e69] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFindExtensionW] [656c696166205776] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsFileSpecW] [6e69772125203a64] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrToIntExW] [9090900021727265] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHDeleteValueW] [476e6f4d6c655243] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHSetValueW] [6e553a3a68706172] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHGetValueW] [7265747369676572] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetValueW] [9000776f646e6957] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRChrW] [53726f4674696157] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrChrW] [6a624f656c676e69] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetPathW] [6c69616620746365] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFileExistsW] [72682125203a6465] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFindFileNameW] [6e75616c20746f4e] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpW] [6575642072656874] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHDeleteKeyW] [20524557206f7420] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFindNextComponentW] [726f706552737365] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsDirectoryW] [616c6620676e6974] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathCommonPrefixW] [9090909090900067] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateShellItemArrayFromShellItem] [b8f0f15ffccffff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateShellItemArrayFromIDLists] [f097ec085d88b00] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemWithParent] [48000aec190d8b48] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHChangeNotify] [f6ffffb4b3840fc8] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHFileOperationW] [8b4800000010baff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemFromIDList] [92e57058d4c1049] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHQueryRecycleBinW] [3345ffffbc2a0d8d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHParseDisplayName] [b8ebf15ffd233c0] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateDirectoryExW] [aec1005894800] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetNameFromIDList] [33ccffffa608e9ff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetIDListFromObject] [ffc883c35b20c483] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!ExtractIconW] [ffffa25fe9800040] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemFromParsingName] [ff8de7e90b2148cc] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetKnownFolderPath] [330875c13b48ccff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetFolderPathEx] [e8c35b20c48348c0] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FileTimeToDosDateTime] [57bbccffffa544] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [aef7f058b488007] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetFileAttributesW] [aef780d8d4800] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetFileTime] [ffa307840fc13b48] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateFileMappingW] [fd840f011c40f6ff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetTempFileNameW] [127e0d8d48ffffa2] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LCMapStringW] [b910815ff0000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalFileTimeToFileTime] [4c000aef510d8b48] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MapViewOfFile] [8b480009c33a058d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetFileSize] [e80000000aba1049] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!UnmapViewOfFile] [ffa2cfe90000b34c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLastError] [e840244c8d48ccff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalFree] [840fc0850008e71c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetTickCount] [918e15ffffff950b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetUserDefaultUILanguage] [8d484a75c085000b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DelayLoadFailureHook] [d8b48000aef1305] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!OpenEventW] [ba2174041c41f627] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetNumberFormatW] [245c89480000006d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentThread] [ffffbde00d8d4c20] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetModuleHandleExW] [480009d1a9058d4c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateActCtxW] [1530ce810498b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReleaseActCtx] [5d15ff000003e8b9] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ActivateActCtx] [ffff9478e9000b93] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DeactivateActCtx] [e990000b913215ff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WriteFile] [ffffff93cde90000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WaitForMultipleObjects] [638348000b8f8315] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetExitCodeThread] [ccffff91efe90008] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ResumeThread] [8348000b8f7215ff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ResetEvent] [ffff92e2e9000863] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FileTimeToLocalFileTime] [48000b8f6115ffcc] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrlenW] [e900238300086383] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DosDateTimeToFileTime] [4005b8ccffff924c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WideCharToMultiByte] [ccffff924de98000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProcAddress] [48000aee71058d48] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetModuleHandleW] [3b48000aee6a0d8b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetLastError] [74011c41f61974c8] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLocaleInfoW] [a5058d4c0a568d13] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [e810498b48000011] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!QueryPerformanceCounter] [70057b80000b25c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!TerminateProcess] [b8ccffff9332e980] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [ff9327e9801b8003] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!UnhandledExceptionFilter] [8900000001beccff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!Sleep] [8d480000008824b4] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentThreadId] [2824448948782444] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FormatMessageW] [8d4c002024648348] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!HeapFree] [8b48c0334530244c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [74c085000b94cb15] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetFileAttributesExW] [39e980004005bf0a] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindFirstFileExW] [8d30244c8b000001] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetTempPathW] [830c7601f883ff41] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReleaseMutex] [782444830b7507f9] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateMutexW] [33782444ff04eb02] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateThreadpoolWork] [8348c0ff12740a39] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DeleteFileW] [f9834e7401f88305] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CompareFileTime] [447405f883057501] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentProcessId] [7401f8830575c985] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateThread] [aed80058d483b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FreeLibraryAndExitThread] [48000aed790d8b48] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LoadLibraryExW] [ffffff71840fc83b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindClose] [ff67840f011c41f6] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindNextFileW] [4c0000000bbaffff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindFirstFileW] [8b48000010aa058d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemWow64DirectoryW] [e90000b161e81049] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemDirectoryW] [48104789ffffff4d] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetWindowsDirectoryW] [b74c98548084f8b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetModuleFileNameW] [8348000b8e0a15ff] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FreeLibrary] [ff78244c8b000867] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrcmpiW] [478948000b8ddb15] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LoadLibraryW] [70247c8b480ceb08] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLongPathNameW] [480000008824b48b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetPrivateProfileStringW] [775c98548084f8b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CloseHandle] [444deb8007000ebf] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MulDiv] [5de8d2337824448b] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateProcessW] [7824448d48ffff04] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MultiByteToWideChar] [478b482824448948] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalAlloc] [8d4c202444894808] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetFilePointer] [8b48c0334530244c] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReadFile] [ff38244c8b482857] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateFileW] [fc085000b939b15] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CopyFileW] [107c7fffffecc85] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateDirectoryW] [897824448b000000] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CompareStringOrdinal] [840ff685ff331447] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DisableThreadLibraryCalls] [244c8b48ffff91a2] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProcessHeap] [90000b930115ff38] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WaitForSingleObject] [b70fccffff9191e9] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentProcess] [ade9800700000dc0] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DuplicateHandle] [8d0d8b48ccffffb5] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateEventW] [ec86058d48000aec] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!IsDebuggerPresent] [27840fc83b48000a] IAT C:\Windows\Explorer.EXE[2688] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetEvent] [f011c41f6ffffb5] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [596:604] fffff9600083c4d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x4B 0x4E 0x5C 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x97 0x3B 0x7C 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 15 Reg HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime 0x2E 0xD8 0x5F 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SEC42560_00_07DB_27^4DF1FF8F9F20910084EE1852AFAC459E@Timestamp 0x61 0xA9 0x3A 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 688 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1552749657 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 5af0f6f4-79ea-4145-8ab3-4ff7e24 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{81c92e43-5c29-4d1b-9963-cb1cecbde94e} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cd21eed1dd0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{3b2261a0-6f73-4f5d-8042-8b3bdb3e35b2}@LastProbeTime 1406810167 Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Cz?, ?lip ?31 ?14, 12:37:26??????|???????|???????????????|???? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 381 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 56 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AED78346-8EE6-4C8F-B674-CF75EB90E28C}@LeaseObtainedTime 1406807258 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AED78346-8EE6-4C8F-B674-CF75EB90E28C}@T1 1406936858 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AED78346-8EE6-4C8F-B674-CF75EB90E28C}@T2 1407034058 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AED78346-8EE6-4C8F-B674-CF75EB90E28C}@LeaseTerminatesTime 1407066458 ---- Files - GMER 2.1 ---- File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d 16690 bytes ---- EOF - GMER 2.1 ----