GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-02-08 19:41:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3250620NS rev.3.AEK 232,89GB Running: m57g1hli.exe; Driver: C:\Users\WIESAW~1\AppData\Local\Temp\uwtdqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074dd1a22 2 bytes [DD, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074dd1ad0 2 bytes [DD, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074dd1b08 2 bytes [DD, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074dd1bba 2 bytes [DD, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074dd1bda 2 bytes [DD, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075521465 2 bytes [52, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755214bb 2 bytes [52, 75] .text ... * 2 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[2780] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 00000000762cb9f8 4 bytes [96, 25, BA, 72] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800207def0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[GDI32.dll!StretchBlt] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateBitmap] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!FindWindowExW] [6f006900730072] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!PostThreadMessageW] [6f0050005c006e] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!MessageBoxW] [6900630069006c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!CopyRect] [53005c00730065] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!OpenIcon] [65007400730079] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!FindWindowW] [6d] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetShellWindow] [620061006e0045] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SetCursorPos] [55004c0065006c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetCursorPos] [41] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!CharUpperBuffW] [73006e006f0043] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!CharLowerW] [500074006e0065] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!IsCharUpperW] [70006d006f0072] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgItemInt] [68006500420074] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawIconEx] [6f006900760061] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumChildWindows] [6d006400410072] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!EndTask] [6e0069] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SendMessageTimeoutW] [73006e006f0043] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadIconW] [500074006e0065] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!RedrawWindow] [70006d006f0072] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!CallWindowProcW] [68006500420074] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetFocus] [6f006900760061] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawIcon] [65007300550072] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!IsWindow] [72] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadBitmapW] [6d006f00720050] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SetRect] [6e004f00740070] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DestroyIcon] [75006300650053] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDesktopWindow] [65004400650072] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawMenuBarTemp] [6f0074006b0073] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawFrameControl] [70] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawCaptionTempW] [73007900730025] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SetSysColorsTemp] [72006d00650074] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DestroyMenu] [250074006f006f] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!EnableMenuItem] [7300790073005c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadMenuW] [33006d00650074] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SetWindowLongW] [730055005c0032] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!PtInRect] [63004100720065] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!WaitForInputIdle] [6e0075006f0063] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterClassW] [6e006f00430074] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClassInfoW] [6c006f00720074] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgCtrlID] [74007400650053] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!CharNextW] [730067006e0069] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumDisplaySettingsExW] [6500780065002e] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!ChangeDisplaySettingsW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!ChangeDisplaySettingsExW] [68005300650053] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SetRectEmpty] [6f006400740075] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterClipboardFormatW] [720050006e0077] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumDisplayDevicesW] [6c006900760069] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawTextW] [6500670065] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!MapWindowPoints] [146] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!DispatchMessageW] [46000000000000c0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!TranslateMessage] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!PeekMessageW] [46000000000000c0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!MsgWaitForMultipleObjects] [6c0075006e0028] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!PostMessageW] [29006c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindow] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetParent] [46aa5b4058d879fe] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClientRect] [a0686aff46d168ab] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!UpdateWindow] [498e3cf81cf5e433] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!InvalidateRect] [70e20237ef45a8b] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!EnableWindow] [42087621fae9ce59] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SetDlgItemTextW] [d2fe58cdce2ac38b] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindowLongPtrW] [a63c0cc48ff10791] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!CheckDlgButton] [6500680063002e] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!IsDlgButtonChecked] [2e006b0063] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!EndDialog] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSysColorBrush] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!FrameRect] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSystemMetrics] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SetDlgItemInt] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadStringW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!ReleaseDC] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SendDlgItemMessageW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!SendMessageW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgItem] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrStrIW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRChrW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFindFileNameW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetPathW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrChrW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHGetValueW] [66] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHSetValueW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHDeleteValueW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrToIntExW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsFileSpecW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFindExtensionW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveExtensionW] [12f] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathCombineW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrStrW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathParseIconLocationW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegSetPathW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathQuoteSpacesW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpNW] [cb] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!UrlCompareW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsNetworkPathW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveBlanksW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsPrefixW] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetUSValueW] [67] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!UrlEscapeW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpNIW] [4053b90ac8e6f269] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathUnExpandEnvStringsW] [4a345cad900c0763] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathCommonPrefixW] [70474000aa00bca2] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrFormatByteSizeW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveFileSpecA] [8] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathStripPathA] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRChrA] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathAddBackslashW] [6100330034007b] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFileExistsW] [660036002d0037] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathAppendW] [36003300640062] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpIW] [36006400300033] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpW] [7d0035] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrToIntW] [43005c00730077] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRStrIW] [65007200720075] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemFromIDList] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemWithParent] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetPathFromIDListW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHQueryRecycleBinW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateDirectoryExW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetNameFromIDList] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetIDListFromObject] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!ExtractIconExW] [66] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemFromParsingName] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetKnownFolderPath] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetFolderPathEx] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[SHELL32.dll!ShellExecuteExW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!IsDebuggerPresent] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalAlloc] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrcmpiW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrlenW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateActCtxW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FileTimeToDosDateTime] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetTempPathW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LCMapStringW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!QueryPerformanceCounter] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!Sleep] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LoadLibraryExA] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProcAddress] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CompareStringW] [4a5bc9b200000000] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentThreadId] [200000000] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WriteFile] [212000000028] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalFileTimeToFileTime] [1520] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SystemTimeToFileTime] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentProcessId] [323] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ProcessIdToSessionId] [46000000000000c0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!HeapFree] [101b4e68b722bccb] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProcessHeap] [70474000aa00bca2] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [6e496e776f647475] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetFileAttributesExW] [73736572676f7250] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetFileAttributesW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindFirstFileExW] [6c00640074006e] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReleaseMutex] [6c0064002e006c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateMutexW] [6c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateThreadpoolWork] [46000000000000c0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindClose] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindFirstFileW] [4053b90ac8e6f269] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemWow64DirectoryW] [c498ecfc9a49bea3] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemDirectoryW] [4a345cad900c0763] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetWindowsDirectoryW] [d5793651cd401fbc] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetModuleFileNameW] [48144d0dd55c6730] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FreeLibrary] [bd30fb197a31489e] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LoadLibraryW] [6c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLongPathNameW] [6e] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WriteProfileStringW] [6d] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WaitForMultipleObjects] [6e] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetPrivateProfileStringW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrcmpW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateProcessW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MultiByteToWideChar] [12c] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetFilePointer] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReadFile] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CopyFileW] [66] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateDirectoryW] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CompareStringOrdinal] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProductInfo] [1] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DisableThreadLibraryCalls] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GlobalAlloc] [0] IAT C:\Windows\Explorer.EXE[1676] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MulDiv] [12c] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@8425db8c8a7d 0x02 0xE2 0xEB 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 212205741 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0x30 0x05 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEC 0xD9 0x23 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFA 0x37 0xF3 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0x4E 0xC2 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x71 0x0B 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD2 0xBC 0xD2 0x7E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@8425db8c8a7d 0x02 0xE2 0xEB 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0x30 0x05 0x3E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEC 0xD9 0x23 0x7B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFA 0x37 0xF3 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0x4E 0xC2 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x51 0x71 0x0B 0x23 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD2 0xBC 0xD2 0x7E ... ---- EOF - GMER 2.1 ----