GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-05 18:30:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-1 WDC_WD1002FAEX-00Z3A0 rev.05.01D05 931,51GB Running: zvmx8tut.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000754811a8 2 bytes [48, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000754813a8 2 bytes [48, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000075481422 2 bytes [48, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000075481498 2 bytes [48, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 00000000752a1b41 2 bytes [2A, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 00000000752a1be8 2 bytes [2A, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 00000000752a1c20 2 bytes [2A, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 00000000752a1cd2 2 bytes [2A, 75] .text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1868] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 00000000752a1cf2 2 bytes [2A, 75] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_onexit] [d0d8b48d8490fdb] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_lock] [e1063d8d480000e1] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!__dllonexit] [e4840fcf3b480000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_unlock] [f011c41f6000000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!?terminate@@YAXXZ] [36ba000000da84] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [48000000b9e90000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_amsg_exit] [8d480000e0e20d8b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_initterm] [cf3b480000e0db3d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_XcptFilter] [1874041c41f61e74] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memset] [37baffffd7] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!malloc] [ffffebace8ce8b4c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcsstr] [ffa0ef15ffce8b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_ui64tow] [cd15ff3775c085ff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!vswprintf_s] [cb81d8b70fffffa0] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_vscwprintf] [4e0fc08580070000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_wcsicmp] [db8580004005b8d8] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcstok_s] [e0860d8b48d8490f] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!iswspace] [f66874cf3b480000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memcmp] [38ba6274011c41] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memcpy] [8b48d23344eb0000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcstol] [85ffffa07915ffce] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcscspn] [ffa08715ff4a75c0] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!calloc] [cb81d8b70fff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!free] [b8d84e0fc0858007] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memmove_s] [490fdb8580004005] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memcpy_s] [e0400d8b48d8] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_wsplitpath_s] [1c41f62274cf3b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_vsnwprintf] [39ba1c7401] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!sqrtf] [4c10498b48cb8b44] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!logf] [91e8ffffd6d2058d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!__CxxFrameHandler3] [8bdb3302ebffffeb] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_CxxThrowException] [230248c8b48c3] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!ceilf] [96bfe8cc334800] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetModuleHandleW] [738b49185b8b4900] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateToolhelp32Snapshot] [ccccc35fe38b4920] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetCurrentThreadId] [57565540cccccccc] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!Sleep] [60ec814855415441] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CompareStringOrdinal] [dfc6058b48000002] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetVersion] [848948c433480000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LocalFree] [6483480000025024] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetLastError] [3024648348003824] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DeactivateActCtx] [49f18b49ed334500] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetLastError] [29394ce18b4ce88b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LoadLibraryW] [dfa70d8b483775] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetProcAddress] [dfa0058d4800] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ActivateActCtx] [1c41f61a74c83b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FindActCtxSectionStringW] [4110498b48147401] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateActCtxW] [d636058d4c3b558d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetModuleFileNameW] [bfffffe7e1e8ffff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetModuleHandleExW] [1dae980004005] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!QueryActCtxW] [19e840fc0854d00] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!OutputDebugStringA] [95840fc9854d0000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CloseHandle] [7401ea83527401ea] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!WaitForSingleObject] [1c8840fc83b4800] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateEventW] [840f011c41f60000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetEvent] [3dba000001be] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DeleteFileW] [8d4800000175e900] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CompareFileTime] [9bc0e830244c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!lstrlenW] [e830244c8d4822eb] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetFileAttributesW] [8d4816eb00009bc0] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateFileW] [9b90e830244c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalFree] [e830244c8d480aeb] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateThread] [244c8d4800009bb4] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LocalAlloc] [f88bfffffd32e840] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!lstrcmpW] [dd0d8b482b79c085] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!lstrcmpiW] [ded6058d480000de] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FreeLibrary] [30840fc83b480000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SizeofResource] [f011c41f6000001] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LockResource] [3eba0000012684] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LoadResource] [480000008ce90000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FindResourceW] [2024648330244c8b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FindResourceExW] [4c00000001bd4100] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetFileAttributesW] [48cd8b453824448d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetSystemTime] [8b00009b35e8d58b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SystemTimeToTzSpecificLocalTime] [d8b482779c085f8] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!WaitForMultipleObjects] [85058d480000de8c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FileTimeToSystemTime] [840fc83b480000de] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalAlloc] [1c698444000000df] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalReAlloc] [8d41000000d5840f] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SystemTimeToFileTime] [24048b4d3feb3e55] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetTickCount] [548d4838244c8b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!Process32FirstW] [8b00009adde84024] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ReadFile] [d8b483b79c085f8] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!WriteFile] [45058d480000de4c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetFilePointerEx] [840fc83b480000de] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FlushFileBuffers] [1c6984440000009f] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetFileInformationByHandle] [40ba00000095840f] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalSize] [4c10498b48000000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalLock] [8b44ffffd4d2058d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalUnlock] [7bebffffe98ee8cf] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetCurrentProcessId] [ff9f5715ff0e8b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FileTimeToLocalFileTime] [15ff40244c8d48ff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetDateFormatW] [48068948ffff9f54] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetTimeFormatW] [7000ebf2575c085] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FormatMessageW] [ddf00d8b4880] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ReleaseActCtx] [480000dde9058d48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [1c6984444774c83b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DosDateTimeToFileTime] [eb00000041ba4174] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!EnumUILanguagesW] [33ebff33ed33452a] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetUserDefaultUILanguage] [d8b4880070057bf] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetLocaleInfoW] [bd058d480000ddc4] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetDriveTypeW] [4a74c83b480000dd] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetProcessHeap] [4c10498b48000000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!HeapFree] [fde8ffffd452058d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DisableThreadLibraryCalls] [38244c8b48ffffe5] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetSystemDirectoryW] [99fae80574c98548] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetNumberFormatW] [4830244c8b480000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!MulDiv] [99f7e80574c985] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetTempPathW] [8d480c74ed854500] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateDirectoryW] [7ca2e8d23340244c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!TzSpecificLocalTimeToSystemTime] [248c8b48c78b0000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!QueryPerformanceCounter] [e8cc334800000250] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!QueryPerformanceFrequency] [60c4814800009414] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ResetEvent] [5f5c415d41000002] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LoadLibraryExA] [ccccccccccc35d5e] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DelayLoadFailureHook] [18e98348cccccccc] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!HeapDestroy] [cccccc0000576fe9] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RaiseException] [28ec8348cccccccc] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetVersionExA] [8bfe1d8d4c128b4c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [1658933b4dffff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!TerminateProcess] [4d08528b4c117500] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetCurrentProcess] [47500001660933b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!UnhandledExceptionFilter] [d883c01b05ebc033] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [a8b4c2674c085ff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RtlVirtualUnwind] [75000016688b3b4d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RtlLookupFunctionEntry] [8b3b4d084a8b4c11] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RtlCaptureContext] [c033047500001670] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!Process32NextW] [85ffd883c01b05eb] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!OpenProcess] [8b480889490d75c0] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetProcessTimes] [9ebc0330850ff01] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptAcquireContextW] [ccccc328c4834880] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptImportKey] [1b8cccccccc] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptCreateHash] [eab00501f000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptHashData] [ccccccccccccccc3] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptSignHashW] [950d8d4828ec8348] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptDestroyHash] [838e80000ea] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptDestroyKey] [c4834800000001b8] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptReleaseContext] [ccccccccccccc328] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegCloseKey] [5718247489481024] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegOpenKeyExW] [21834920ec8348] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegQueryValueExW] [8b48e88b49d98b49] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegEnumKeyW] [8b483874d28548f1] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetDeviceCaps] [92fae8000000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!DeleteDC] [3174c08548f88b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetTextExtentPoint32W] [690e8c88b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetStockObject] [48ffffd2c91d8d4c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetTextExtentPointW] [894cffffd2ea058d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!CreateDIBSection] [778948184789481f] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!DeleteObject] [ffce8b48068b4820] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!CreateCompatibleDC] [eb01084783f00850] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrRetToBufW] [3b480000dbc2058d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!SHGetThreadRef] [74011c41f61974c8] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!SHRegGetValueW] [e8ffffd249058d4c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrStrIW] [8b4800000080e980] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathCombineW] [cbaffffd202058d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrCmpIW] [45058d480000db4c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrStrW] [1b74c83b480000db] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrCSpnW] [8b481574041c41f6] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathFindFileNameW] [ffd1cf058d4c1049] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrFormatByteSizeW] [85e80000000dbaff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrCmpW] [78b48db33ffffe3] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!SHGetValueW] [8b481050ffcf8b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!StrCmpLogicalW] [4830245c8b48c38b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathRemoveBlanksW] [ccccccc35f20c483] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!AssocQueryKeyW] [245c8948cccccccc] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathRemoveExtensionW] [4857102474894808] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!SHStrDupW] [830020834120ec83] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathStripPathW] [831574da8b4804e9] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathAddBackslashW] [57b8077401f9] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathAppendW] [40d233ff3372eb00] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!AssocCreate] [ffc98b4923ebf632] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathFindExtensionW] [c88b48ffff9a5315] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[SHLWAPI.dll!PathRemoveFileSpecW] [f6d08bffff9a4315] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!UnregisterClassA] [4010438b48398948] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!DialogBoxParamW] [8b480c4889ceb60f] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!InsertMenuW] [f61ceb0850891043] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!CharNextW] [438b480b74021a43] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!RemoveMenu] [d8450f48c0854810] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetSubMenu] [19738840107b8948] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!TrackPopupMenu] [5c8b48c0331c5389] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetFocus] [483824748b483024] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetForegroundWindow] [ccccccc35f20c483] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetForegroundWindow] [245c8948cccccccc] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetShellWindow] [894810246c894808] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!LoadMenuW] [50ec834857182474] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!DestroyMenu] [850f01fa83f98b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!LoadStringW] [fd0d8948000000e4] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SendMessageW] [58d48db330000e7] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetClassNameW] [bd358d48ffff9f8c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetMenuDefaultItem] [e7cf15880000e7] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!LoadIconW] [e7c01d894800] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetWindowTextW] [880000e7a91d8948] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetDlgItemTextW] [589480000e7bc1d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!EndDialog] [ed3589480000e7bc] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetDlgItem] [e7a81d89660000d9] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetWindowLongPtrW] [e7a41d890000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetWindowLongPtrW] [4c0000e7a12d8d48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!IsDlgButtonChecked] [4808468d4800458b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!UnhookWindowsHookEx] [8948fffffece0d8d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SendDlgItemMessageW] [4024448d48382444] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!CheckDlgButton] [1b94130245c8948] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!EnableWindow] [8948d68b48000000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!ShowWindow] [4c08c5834828245c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetWindowLongW] [245c894840244489] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetWindowLongW] [15ff202444894848] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetClientRect] [48368b48ffff990c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetSystemMetrics] [5d0d8b48b375f33b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!LoadImageW] [ff99d715ff0000e7] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetParent] [d9780d8b48ff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!IsChild] [480000d971358d48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!CallNextHookEx] [41c41f61b74ce3b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!CreateWindowExW] [8d4c10498b481574] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetWindowPos] [cbaffffcfeb05] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetWindowsHookExW] [48ffffe1b1e80000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetDC] [67eb0000e74a3d89] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!ReleaseDC] [3b4c6175d33bdb33] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetWindowRect] [d9363d8b485c75c3] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!ScreenToClient] [d92f358d480000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SetTimer] [47f64974fe3b4800] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!KillTimer] [104f8b481a74041c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!PostMessageW] [cfa6058d4c0d538d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetDlgCtrlID] [48ffffe171e8ffff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!DestroyIcon] [3b480000d90a3d8b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetWindowTextW] [4f8b4816eb2474fe] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!CopyImage] [15ff0a74cb3b4808] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetSysColor] [85f8948ffff987c] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetCursorPos] [e575fb3b483f8b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetClassInfoW] [246c8b4860245c8b] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!LoadCursorW] [1b87024748b4868] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!RegisterClassW] [5f50c48348000000] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!FindWindowW] [ccccccccccccccc3] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetWindow] [74894808245c8948] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetWindowThreadProcessId] [8b20ec8348571024] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SendMessageTimeoutW] [d8a80d8b48d9] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!SwitchToThisWindow] [48041c41f6fa8b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetLastActivePopup] [59740000d89a358d] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!DestroyWindow] [498b481c74ce3b48] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!RegisterClipboardFormatW] [ffffcf18058d4c10] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetMenuItemInfoW] [e0dee80000000eba] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[USER32.dll!GetMenuItemCount] [d8770d8b48ffff] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[WINMM.dll!timeSetEvent] [1f74041c41f62574] IAT C:\Windows\Explorer.EXE[1724] @ C:\Windows\system32\wpdshext.dll[WINMM.dll!timeKillEvent] [4c10498b480f8b4c] ---- Files - GMER 2.1 ---- File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003bb 241664 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003bc 1486848 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003bd 241664 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003be 241664 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003bf 1486848 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003c0 241664 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003c2 241664 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003c3 1486848 bytes File C:\Users\Marcin\AppData\Local\Opera Software\Opera Stable\Cache\f_0003c1 1486848 bytes ---- EOF - GMER 2.1 ----