GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-06 11:14:03 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD321KJ rev.CP100-11 298,09GB Running: q9rjsex5.exe; Driver: C:\Users\UKASZ~1\AppData\Local\Temp\pxddqpow.sys ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_unlock] [ccccccccccccccff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!wcsstr] [5653551024548948] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_wcslwr_s] [c9246c8d48574157] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!wcscpy_s] [4800000090ec8148] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!wcsrchr] [48fffffffec745c7] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_lock] [3d8d4cf18b48fa8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_vscwprintf] [e50d8b48000523ec] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!vswprintf_s] [2174cf3b49000523] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!isdigit] [79801b74084441f6] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!qsort] [27ba15720541] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!memcmp] [fffa1828058d4c00] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!memcpy] [fa9c9fe838498b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!memset] [c7088b48078b48ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_vsnprintf] [1000000f481] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!realloc] [6db6e800000028b9] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_errno] [85487f458948fffa] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_initterm] [89480f8b481c74c0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_amsg_exit] [ff0374c98548674d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!memmove] [8b4867558d480841] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_wcsicmp] [4890ffffd9c2e8c8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!memcpy_s] [9de8774d8d48d08b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!free] [8d4c078b48fffd56] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!malloc] [8b48cf558d487745] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!wcsncpy_s] [8b48ffff9d02e808] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!wcstoul] [1aaae8404e8b48d0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!memmove_s] [8b48405e8b48ffff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_vsnwprintf] [8b4800003ebee8cf] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!__dllonexit] [ff637fe8cb8b48d0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_onexit] [78b485674c084ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!__CxxFrameHandler3] [74c085486f458948] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[msvcrt.dll!_XcptFilter] [6f558d480840ff03] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!WinSqmAddToStreamEx] [49000523110d8b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!WinSqmSetString] [84441f62274cf3b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!WinSqmSetDWORD] [1672054179801c74] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!WinSqmEndSession] [58d4c00000029ba] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!WinSqmStartSession] [38498b48fffa1754] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!VerSetConditionMask] [8b4890fffa9bcbe8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!RtlCaptureContext] [c4e9fffe2916e8cf] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!RtlLookupFunctionEntry] [22d60d8b48000000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!RtlVirtualUnwind] [f62174cf3b490005] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!NtOpenThreadToken] [4179801b74044441] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!NtClose] [28ba157202] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!NtOpenProcessToken] [48fffa1719058d4c] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!NtQueryInformationToken] [fffa9b90e838498b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ntdll.dll!WinSqmAddToStream] [6cbee800000058b9] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegOpenKeyExW] [ccfffa5ca3e87f4d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegEnumKeyW] [4800058ca1158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegGetValueW] [fffcf518e8d74d8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!OpenProcessToken] [48000515a9158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!LookupPrivilegeValueW] [fffa5c82e8d74d8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!AdjustTokenPrivileges] [77458948078b4890] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegCreateKeyExW] [840ff0374c08548] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegQueryValueExW] [e8ce8b4877558d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegSetValueExW] [405e8b4800004178] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegDeleteValueW] [fffef0c8e8cf8b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!GetManagedApplications] [97850fc084ffff70] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!InstallApplication] [58b9000000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegEnumValueW] [8b481874c0854877] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegCloseKey] [58408b4d018b4c0f] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegQueryValueW] [c88b48c0aab120ba] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!GetLocalManagedApplicationData] [8b4890fffa7593e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegEnumKeyExW] [62f6e8774d8d48d0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ADVAPI32.dll!RegQueryInfoKeyW] [e877558d4890fffd] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[DUser.dll!SetGadgetStyle] [5d8b48fffa224315] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[DUser.dll!InvalidateGadget] [fd3acfe80b8b4877] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!GetObjectW] [4800051581158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!GetDeviceCaps] [fffa5bd2e87f4d8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!CreateFontIndirectW] [58bd0158d48cc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!DeleteObject] [fcf447e8d74d8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!SelectObject] [514d8158d48ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!GetTextMetricsW] [fa5bb1e8d74d8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!GetTextExtentPointW] [e800000020b990ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!GdiGradientFill] [cf458948fffa7974] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[GDI32.dll!GetStockObject] [f8b481c74c08548] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetTimer] [11e95d5c415e41e3] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!KillTimer] [888a8b48fffe2d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!DialogBoxParamW] [48fffcf6e1e90000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!ExitWindowsEx] [d5e9000000408a8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetWindowThreadProcessId] [308a8d48fffcf6] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!IsCharAlphaNumericW] [48fffcf6c9e90000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!PostMessageW] [bde9000000388a8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SendMessageW] [ec83485540fffcf6] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!LoadStringW] [4a7b841ea8b4820] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!InsertMenuW] [fa192f158d480000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetMenuDefaultItem] [ffb6e8384d8b48ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!DispatchMessageW] [c35d20c48348fffc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!LoadCursorW] [cccccccccccccccc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetCursor] [5653551024548948] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!TranslateMessage] [c9246c8d48574157] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!PostQuitMessage] [4800000090ec8148] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!PeekMessageW] [48fffffffec745c7] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!MsgWaitForMultipleObjectsEx] [3d8d4cf18b48fa8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!CharNextW] [4d0d8b4800052654] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!MessageBoxW] [2174cf3b49000526] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!LoadIconW] [79801b74084441f6] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetActiveWindow] [37ba15720541] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetWindowTextW] [fffa1a90058d4c00] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!EnableWindow] [fa9f07e838498b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetDlgItem] [c7088b48078b48ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!ShowWindow] [1000000f481] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetForegroundWindow] [1448ff40468b4800] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetParent] [701ee800000028b9] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetDC] [85487f458948fffa] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!ReleaseDC] [89480f8b481c74c0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetWindowLongPtrW] [8b4867558d480841] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetWindowLongPtrW] [4890ffffdbaae8c8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!CallWindowProcW] [5e8774d8d48d08b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!DestroyWindow] [8d4c078b48fffd59] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetSysColorBrush] [8b48cf558d487745] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!EndDialog] [8b48ffff9f6ae808] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetDlgItemTextW] [1d12e8404e8b48d0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!AllowSetForegroundWindow] [458948078b48ffff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SendDlgItemMessageW] [40ff0374c0854867] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!DestroyIcon] [ce8b4867558d4808] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetSystemMetrics] [5e8b48000036f7e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetSysColor] [410be8cf8b4840] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!LockWindowUpdate] [e8cb8b48d08b4800] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetMessageW] [850fc084ffff65cc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetRect] [58b900000097] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SystemParametersInfoW] [8948fffa6f8ae800] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!UnregisterClassA] [481874c085486745] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetDlgItemTextW] [408b4d018b4c0f8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetFocus] [8b48c0aab120ba58] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetFocus] [4890fffa6b12e8c8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!IsWindowVisible] [75e8674d8d48d08b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!ChangeWindowMessageFilterEx] [67558d4890fffd58] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!RegisterWindowMessageW] [74c084ffff17a3e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetWindowTextLengthW] [48000004dab84131] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!RegisterClipboardFormatW] [8b48fffa17c2158d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SetWindowPos] [304ee80b8b48675d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetWindow] [43ff775d8948fffd] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetLastActivePopup] [50b00158d4808] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetClassNameW] [fa5151e8774d8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetCursorPos] [5814f158d48ccff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetWindowRect] [e9c6e8d74d8d4800] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!SwitchToThisWindow] [50a57158d48fffc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!CreateWindowExW] [5130e8d74d8d4800] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!UnregisterClassW] [8948078b4890fffa] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!RegisterClassW] [ff0374c085486745] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!GetWindowLongW] [8b4867558d480840] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!AdjustWindowRect] [8b48ffffe7f6e8ce] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[USER32.dll!FindWindowW] [cf3b49000524c30d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!ReleaseStgMedium] [8b4c0f8b481874c0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!CoInitialize] [6846e8c88b48c0aa] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!PropVariantClear] [4d8d480005078b15] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!CoGetObject] [4890fffa4e64e8d7] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserSize] [4820ec83485540ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserUnmarshal] [377b841ea8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserMarshal] [48fffa1481158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserUnmarshal64] [5e8000000d88d8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserFree64] [5d20c48348fffcfb] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserSize64] [4820ec83485540c3] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserFree] [37db841ea8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[ole32.dll!HWND_UserMarshal64] [48fffa1459158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHAutoComplete] [ffff1b10e8d04d8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathIsDirectoryW] [d0558d484474c084] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathIsRootW] [d0558d481375c084] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!StrCmpNW] [21413e8e04d8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!StrRetToBufW] [8b48108b48d0458b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathRemoveBlanksW] [8148088b48078b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!StrDupW] [8548e84d89480f8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathIsNetworkPathW] [8d480841ff0374c9] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathQuoteSpacesW] [dde6e8c88b48e855] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathCommonPrefixW] [8d48d08b4890ffff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathIsRelativeW] [48fffd5b41e8e04d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathRemoveArgsW] [8d48e0458d4c078b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHSetThreadRef] [4e8b48d08b48ffff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHCreateThreadRef] [8b48ffff1f4ee840] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHSetValueW] [c08548e845894807] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHRegGetValueW] [558d480840ff0374] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathRemoveFileSpecW] [3933e8ce8b48e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHGetValueW] [8948078b48487189] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathGetArgsW] [ff0374c08548e845] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!StrCmpNIW] [88b48078b480840] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathRemoveBackslashW] [442024448840458a] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathUnquoteSpacesW] [558d48c68b4dcb8a] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathFindFileNameW] [8b480000733ae8e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathFindExtensionW] [e8c28148138b481f] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathCombineW] [ffff19f8e8000000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHDeleteKeyW] [4874c084e85d8948] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!StrToIntW] [843ff0374db8548] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!AssocCreate] [458948000000e880] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!StrChrW] [558d48e8458d4c08] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathFileExistsW] [e8ce8b48e8558d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathParseIconLocationW] [250d8b48ffffea58] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHQueryValueExW] [2274cc3b49000527] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!SHStrDupW] [79801c74084441f6] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathStripToRootW] [fffa1b68058d4c00] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHLWAPI.dll!PathIsUNCW] [fa9fdfe838498b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!LoadLibraryExW] [77558d480841ff03] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetProcAddress] [ffffe494e8c88b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FreeLibrary] [7f4d8d48d08b4890] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetExitCodeThread] [558d48fffd625be8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!lstrcmpiW] [267ae8404e8b487f] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!RaiseException] [88b48078b48ffff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!MultiByteToWideChar] [48078b4848718948] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SizeofResource] [4800007eade8088b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!LoadResource] [854877458948078b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FindResourceExW] [8d480840ff0374c0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetModuleFileNameW] [f21ae8ce8b487755] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!DisableThreadLibraryCalls] [52ee70d8b48ffff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetModuleHandleExW] [41f62274cf3b4900] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FindClose] [54179801c740844] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SetEvent] [4c00000040ba1672] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FindFirstFileW] [8b48fffa232a058d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FindNextFileW] [90fffaa7a1e83849] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!IsWow64Process] [90c48148cf8b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetEnvironmentVariableW] [5d5b5e5f5f410000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetExitCodeProcess] [8a8b48fffe34dfe9] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateEventW] [fcfeafe9000000c8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!ResetEvent] [4820ec83485540ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!MulDiv] [5e5b841ea8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!LockResource] [48fffa2121158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetCurrentThreadId] [a5e8000000d08d8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FlushInstructionCache] [5d20c48348fffd07] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!ExpandEnvironmentStringsW] [d08a8d48c3] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CompareFileTime] [485540fffe349fe9] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!TermsrvAppInstallMode] [b841ea8b4820ec83] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SetTermsrvAppInstallMode] [ed158d48000005ee] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!DeleteFileW] [d08d8b48fffa20] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CopyFileW] [48fffd0771e80000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CompareStringOrdinal] [8a8d48c35d20c483] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateMutexW] [fe346be9000000d0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!LocalReAlloc] [4820ec83485540ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GlobalFree] [48fffa20b9158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetSystemTimeAsFileTime] [fffd0740e8284d8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!LoadLibraryW] [ccccc35d20c48348] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GlobalSize] [55c48b48cccccccc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GlobalLock] [5741564155415441] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!DelayLoadFailureHook] [c0ec8148a9688d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetModuleHandleW] [4808588948ffffff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetTickCount] [4520788948187089] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!WaitForMultipleObjectsEx] [da8b48e88b4de18a] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateThread] [2dce358d4cf98b4c] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateIoCompletionPort] [52dc70d8b480005] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SetInformationJobObject] [41f62174ce3b4900] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!QueryInformationJobObject] [54179801b740844] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!WaitForSingleObject] [4c00000031ba1572] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetQueuedCompletionStatus] [8b48fffa220a058d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!ResumeThread] [48fffaa681e83849] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!AssignProcessToJobObject] [6de818e983480b8b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateProcessW] [4818c08348fffd10] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateJobObjectW] [e8b74d8d48b74589] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FileTimeToSystemTime] [b7758b48fffe27bc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FileTimeToLocalFileTime] [4900052d790d8b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CompareStringW] [fffb20c8e838498b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!lstrcmpW] [fcf15be8674d8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!LocalAlloc] [51e8c74d8d4890ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetDriveTypeW] [4c01b14190fffcf1] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!IsProcessorFeaturePresent] [4867558d48c7458d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!VerifyVersionInfoW] [fffe2178e8b74d8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!lstrlenW] [4de8a74d8d48d233] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FormatMessageW] [c75d8b4890fffd60] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!LocalFree] [80416e7500f07b83] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CloseHandle] [297400000000b0bf] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!OpenProcess] [404f8b499f558d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetLastError] [8b4890fffdb903e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetCurrentProcess] [185ae8a74d8d48d0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetVersionExW] [e89f4d8d48900002] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!HeapFree] [b3e9fffe3318] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetProcessHeap] [4589489f458d4800] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!WideCharToMultiByte] [8348fffd0fa2e818] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetCurrentProcessId] [8b499f45894818c0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!FindResourceW] [3d56e89f558d48a7] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetLocaleInfoW] [67458d4c78eb0000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetUserDefaultUILanguage] [e8cf8b499f558d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SystemTimeToFileTime] [d08b4890000027ec] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SystemTimeToTzSpecificLocalTime] [4ce84b8d48fffe32] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!TzSpecificLocalTimeToSystemTime] [49e8c6834967758b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GetSystemWindowsDirectoryW] [107e83413974ce3b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!WriteFile] [3948068b49227c00] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateFileW] [fffd0f30e81a7501] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateDirectoryW] [cde8ce8b49f88b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!MoveFileW] [4818478d48fffd36] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SetThreadPriority] [438b4410eb674589] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!HeapDestroy] [674d8d48d38b48f0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!VirtualFree] [67458b4800052c2c] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!VirtualAlloc] [e800000058b90000] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!Sleep] [c68b4c1174c08548] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!UnhandledExceptionFilter] [c88b48c0aab112ba] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!SetUnhandledExceptionFilter] [8b4890fffa71bbe8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!TerminateProcess] [5f1ee89f4d8d48d0] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!QueryPerformanceCounter] [e89f558d4890fffd] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!OutputDebugStringA] [3174c084ffff1e4c] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!CreateActCtxW] [8d4800000466b841] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!ReleaseActCtx] [5d8b48fffa1e6b15] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!ActivateActCtx] [fd36f7e80b8b489f] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!DeactivateActCtx] [843ffaf5d8948ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[KERNEL32.dll!GlobalUnlock] [48000511a9158d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHGetPathFromIDListW] [fa4ae9000000408a] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!CommandLineToArgvW] [308a8d48fffc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHEvaluateSystemCommandTemplate] [41ea8b4820ec8348] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!AssocGetDetailsOfPropKey] [404d8b48fffa1cc4] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHCreateDefaultContextMenu] [c48348fffd034be8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHChangeNotify] [15e9000000508a8d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!ShellExecuteW] [ccccccccccfffcfa] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHGetNameFromIDList] [48fffffffef045c7] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!ShellExecuteExW] [8b4dd98a41207889] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHFileOperationW] [cc3b49000529bb0d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHBrowseForFolderW] [35ba157205417980] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHGetKnownFolderPath] [d23390fffd5c93e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHGetStockIconInfo] [fd5c87e8d84d8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHBindToFolderIDListParentEx] [88b48078b4890ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHBindToParent] [18e9834858498b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHGetSpecialFolderLocation] [c08348fffd0c1be8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHParseDisplayName] [8e8d48e845894818] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHGetFolderPathW] [e8d04d8d4890fffe] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHGetFileInfoW] [48d8558d48000001] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHELL32.dll!SHCreateItemFromIDList] [48108b48d8458b48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[SHCORE.dll!SetProcessReference] [308a8d48fffc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[osbaseln.dll!GetOsBaselineComponentInfoW] [ccccccfffe27d7e9] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[osbaseln.dll!GetOsInstalledComponentInfoW] [56c48b48cccccccc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[osbaseln.dll!OpenOsBaseline] [4850ec8348564157] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[osbaseln.dll!CloseOsBaseline] [48fffffffed840c7] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PropVariantToStrRet] [4dcc8a4500202444] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PropVariantToStringWithDefault] [8b48af558d48c58b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PropVariantToInt32WithDefault] [8b4800000156e80f] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PSCreateMemoryPropertyStore] [ce3b4900052b4b0d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PSGetPropertyFromPropertyStorage] [2d74044441f65a74] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PropVariantCompareEx] [8b49277204417980] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PropVariantToVariant] [4400000033ba4047] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PropVariantToUInt32WithDefault] [8d4c0000017c888b] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PSFormatForDisplay] [498b48fffa1f8305] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!PSGetPropertyDescription] [8b48fffaa41ee838] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!VariantToPropVariant] [ce3b4900052b130d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!VariantCompare] [1c74084441f62274] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[PROPSYS.dll!VariantToUInt64] [34ba167205417980] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_AddRef] [cde838498b48fffa] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [bf4d8d4890fffaa3] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!NdrOleFree] [8d4890fffe3117e8] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!NdrOleAllocate] [90fffe310de8a74d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!NdrCStdStubBuffer_Release] [fd354fe8e84b8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_CountRefs] [8348674d8b4890ff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!NdrDllCanUnloadNow] [90fffd3541e8e8c1] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!IUnknown_Release_Proxy] [fd3537e8e84e8d48] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [c0249c8d4cff] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_QueryInterface] [738b49305b8b4900] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!IUnknown_AddRef_Proxy] [e38b49487b8b4940] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!NdrDllGetClassObject] [5c415d415e415f41] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_Connect] [488a8d48c35d] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_Invoke] [8d48fffcfa86e900] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [fa7ae9000000f88a] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_Disconnect] [588a8d48fffc] IAT C:\WINDOWS\Explorer.EXE[5424] @ C:\WINDOWS\System32\appwiz.cpl[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [8d48fffcfa6ee900] ---- Threads - GMER 2.1 ---- Thread System [4:972] ffffe000240d3c30 Thread C:\WINDOWS\system32\svchost.exe [416:2340] 00007ffd22405340 Thread C:\WINDOWS\system32\svchost.exe [416:1032] 00007ffd1e4610e0 Thread C:\WINDOWS\system32\csrss.exe [4436:4696] fffff96000890b90 ---- Processes - GMER 2.1 ---- Library C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\Dropbox.exe [5404](2014-08-15 18:46:08) 0000000003d70000 Library c:\users\ukasz~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_kosce.dll (*** suspicious ***) @ C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\Dropbox.exe [5404](2014-09-06 06:29:40) 00000000041c0000 Library C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\Dropbox.exe [5404](2013-08-23 19:01:44) 0000000068d70000 Library C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\Dropbox.exe [5404] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000006b150000 Library Đ÷dŕ]H (*** suspicious ***) @ C:\Program Files (x86)\SpeedFan\speedfan.exe [5840] 000000006a5e0000 Library C:\Users\UKASZ~1\AppData\Local\Temp\sfamcc00001.dll (*** suspicious ***) @ C:\Program Files (x86)\SpeedFan\speedfan.exe [5840](2014-05 0000000003140000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 40020296 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Pt?, ?wrz ?05 ?14, 08:47:21??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x02 0x9D 0x9E 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48BFB3CA-4138-4635-8A02-1BAB28068DC7}@LeaseObtainedTime 1409984936 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48BFB3CA-4138-4635-8A02-1BAB28068DC7}@T1 1409986736 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48BFB3CA-4138-4635-8A02-1BAB28068DC7}@T2 1409988086 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48BFB3CA-4138-4635-8A02-1BAB28068DC7}@LeaseTerminatesTime 1409988536 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... ---- EOF - GMER 2.1 ----