GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-26 09:19:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 CT250BX1 rev.MU02 232,89GB Running: wo06zin4.exe; Driver: C:\Users\LARYKU~1\AppData\Local\Temp\uftiqaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[880] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077b69040 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763c1401 2 bytes JMP 769db233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763c1419 2 bytes JMP 769db35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763c1431 2 bytes JMP 76a59011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763c144a 2 bytes CALL 769b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763c14dd 2 bytes JMP 76a5890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763c14f5 2 bytes JMP 76a58ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763c150d 2 bytes JMP 76a58800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763c1525 2 bytes JMP 76a58bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763c153d 2 bytes JMP 769cfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763c1555 2 bytes JMP 769d6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763c156d 2 bytes JMP 76a590c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763c1585 2 bytes JMP 76a58c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763c159d 2 bytes JMP 76a587c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763c15b5 2 bytes JMP 769cfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763c15cd 2 bytes JMP 769db2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763c16b2 2 bytes JMP 76a58f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1556] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763c16bd 2 bytes JMP 76a58759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763c1401 2 bytes JMP 769db233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763c1419 2 bytes JMP 769db35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763c1431 2 bytes JMP 76a59011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763c144a 2 bytes CALL 769b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763c14dd 2 bytes JMP 76a5890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763c14f5 2 bytes JMP 76a58ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763c150d 2 bytes JMP 76a58800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763c1525 2 bytes JMP 76a58bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763c153d 2 bytes JMP 769cfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763c1555 2 bytes JMP 769d6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763c156d 2 bytes JMP 76a590c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763c1585 2 bytes JMP 76a58c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763c159d 2 bytes JMP 76a587c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763c15b5 2 bytes JMP 769cfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763c15cd 2 bytes JMP 769db2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763c16b2 2 bytes JMP 76a58f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763c16bd 2 bytes JMP 76a58759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763c1401 2 bytes JMP 769db233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763c1419 2 bytes JMP 769db35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763c1431 2 bytes JMP 76a59011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763c144a 2 bytes CALL 769b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763c14dd 2 bytes JMP 76a5890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763c14f5 2 bytes JMP 76a58ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763c150d 2 bytes JMP 76a58800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763c1525 2 bytes JMP 76a58bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763c153d 2 bytes JMP 769cfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763c1555 2 bytes JMP 769d6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763c156d 2 bytes JMP 76a590c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763c1585 2 bytes JMP 76a58c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763c159d 2 bytes JMP 76a587c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763c15b5 2 bytes JMP 769cfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763c15cd 2 bytes JMP 769db2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763c16b2 2 bytes JMP 76a58f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763c16bd 2 bytes JMP 76a58759 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001035e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001035c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001036654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001036a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010368ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!wcsstr] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!wcschr] [46000000000000c0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!wcsrchr] [1] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!_vsnwprintf] [46000000000000c0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!memcmp] [2e495041574c4853] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!memcpy] [6c6c64] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!memset] [63006d006f0063] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!iswalpha] [320033006c0074] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!_XcptFilter] [6c006c0064002e] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!free] [419930522] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!memmove] [200019ec4] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!_onexit] [900019e74] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!_lock] [3000019ee4] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!__dllonexit] [100000000] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!_unlock] [7fef2e848e4] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[msvcrt.dll!_amsg_exit] [7fef2e84d04] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[ntdll.dll!RtlVirtualUnwind] [19ff0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[ntdll.dll!RtlLookupFunctionEntry] [300000000] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[ntdll.dll!RtlCaptureContext] [2000019f40] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[ntdll.dll!RtlNtStatusToDosError] [100000000] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[ntdll.dll!NtFsControlFile] [119930522] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[ntdll.dll!NtQueryInformationFile] [19ff0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[ntdll.dll!WinSqmAddToStream] [300000000] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!FindResourceExW] [77b64f10] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!SystemTimeToTzSpecificLocalTime] [77b9c100] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!TzSpecificLocalTimeToSystemTime] [77b651b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!FileTimeToSystemTime] [77b633a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetProcessHeap] [7fefeb710a0] C:\Windows\system32\GDI32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!HeapFree] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!DisableThreadLibraryCalls] [77b66bc0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!LocalFree] [77b53c40] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!CompareFileTime] [77b53c80] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!lstrlenW] [77b98b30] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetFileAttributesW] [77b6a190] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetLastError] [77b72130] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!MulDiv] [77b63c60] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetFileAttributesExW] [77b62d00] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!LocalAlloc] [77b66670] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetVolumePathNameW] [77b71520] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!SystemTimeToFileTime] [77b65a40] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!FreeLibrary] [77b651d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetProcAddress] [77b64750] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!LoadLibraryExA] [77b71980] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!DelayLoadFailureHook] [77b633c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!Sleep] [77b65b00] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!QueryPerformanceCounter] [77b66440] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetCurrentThreadId] [77b63f20] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!TerminateProcess] [77b69040] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetCurrentProcess] [77b63a20] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!UnhandledExceptionFilter] [77b640d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [77b6b170] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetVersionExW] [77beb890] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!FormatMessageW] [77b63400] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!MultiByteToWideChar] [77b659c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetDriveTypeW] [77b71570] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!LockResource] [77b66580] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!CreateEventW] [77b65c40] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!WaitForSingleObject] [77b71500] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!lstrcmpA] [77b68db0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!RegCloseKey] [77b57da0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!LoadLibraryW] [77b717d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!CreateFileW] [77b72090] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!lstrlenA] [77b5d870] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!CloseHandle] [77ba8cb0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetModuleFileNameW] [77b60950] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!ActivateActCtx] [77b71a70] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[KERNEL32.dll!GetModuleHandleW] [77b71a50] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!SetMenuItemInfoW] [7fef2e834ec] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetMenuItemInfoW] [11d16528b62f5910] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetMenuItemCount] [d0d1ef800001196] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!DeleteMenu] [11d23c6f394c3de0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!RedrawWindow] [b77a794fc0007b81] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!SetWindowLongPtrW] [6574656c6544] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetWindowLongPtrW] [65766f6d65526f4e] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!EnableWindow] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetFocus] [6d65526563726f46] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!MoveWindow] [6c61560065766f] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!MapWindowPoints] [4400000042] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetWindowRect] [530000004d] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!KillTimer] [7fef2e714fc] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetSystemMetrics] [7fef2e714f8] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetClientRect] [7fef2e714f4] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!SetTimer] [7fef2e714f0] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!PostMessageW] [7fef2e714ec] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetDlgItem] [7fef2e714e0] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!SetWindowPos] [7fef2e714d0] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!GetWindowLongW] [7fef2e714c8] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!SetWindowLongW] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!SetDlgItemTextW] [7fef2e83d48] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!LoadStringA] [7fef2e91ed0] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!InsertMenuItemW] [7fef2e91f70] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[USER32.dll!LoadStringW] [6c642e3233656c6f] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHCreateDefaultExtractIcon] [7fef2e55ab8] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHGetIDListFromObject] [7fef2e5662c] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHBindToParent] [7feffde8ea0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHGetItemFromDataObject] [7feffde1500] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!ShellExecuteExW] [7feffe12cb8] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHGetKnownFolderPath] [7feffe2bfd4] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHBindToObject] [7feffe08e50] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHParseDisplayName] [7feffe08e78] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHCreateItemFromIDList] [7feffe08d14] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHCreateItemFromParsingName] [7feffe22954] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHBindToFolderIDListParentEx] [7feffe3a778] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHELL32.dll!SHCreateDefaultContextMenu] [7feffe0ab88] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!PSCreateMultiplexPropertyStore] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!InitPropVariantFromResource] [77a59e4c] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!PSCreateMemoryPropertyStore] [77a67724] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!InitVariantFromFileTime] [77a5ceac] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!PropVariantToStringAlloc] [77a5cee0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!PropVariantCompareEx] [77a64ed0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!VariantCompare] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!VariantToPropVariant] [7fef2e563a8] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!PSFormatForDisplay] [7fef2e55b78] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!VariantToBuffer] [7fef2e558ac] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[PROPSYS.dll!PSPropertyBag_WriteStr] [7fef2e55a14] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!StrDupW] [7feffde3de8] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!SHRegGetValueW] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!StrPBrkW] [7feeffcde24] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!StrCmpIW] [7feeffcd1e8] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!PathRemoveFileSpecW] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!PathFindFileNameW] [0] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!PathGetDriveNumberW] [200000000] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!PathIsUNCW] [6d8800000027] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!PathIsNetworkPathW] [6188] IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!StrRetToStrW] [7fef2e83454] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!PathRemoveBackslashW] [7fef2e83518] C:\Windows\system32\twext.dll IAT C:\Windows\Explorer.EXE[1968] @ C:\Windows\system32\twext.dll[SHLWAPI.dll!PathIsUNCServerW] [7fef2e835a4] C:\Windows\system32\twext.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80043242c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80048272c0 Device \Driver\cdrom \Device\CdRom0 fffffa8006a582c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80048272c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80048272c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{023D26C1-F48F-4BF8-8F32-50C2A0E131D5} fffffa8006bad2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4BEC36ED-3607-45A5-8862-F6D2B03A06FC} fffffa8006bad2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006bad2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80048272c0 ---- EOF - GMER 2.1 ----