GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-12 14:34:54 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000038 Hitachi_HTS547575A9E384 rev.JE4OA60A 698,64GB Running: 54cmv5q4.exe; Driver: C:\Users\MAGDA-~1\AppData\Local\Temp\uxldapow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff8029c1c7d00 4 bytes [C0, 52, AC, FF] .text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 965 fffff8029c1c7d05 87 bytes [AD, 4E, 03, 40, 6A, A5, 04, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ff9d2ef154a 4 bytes [EF, D2, F9, 7F] .text C:\WINDOWS\Explorer.EXE[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ff9d2ef1552 4 bytes [EF, D2, F9, 7F] .text C:\WINDOWS\Explorer.EXE[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ff9d2ef162a 4 bytes [EF, D2, F9, 7F] .text C:\WINDOWS\Explorer.EXE[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ff9d2ef1642 4 bytes [EF, D2, F9, 7F] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetModuleFileNameA] [5f00735f66746e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetModuleFileNameW] [5f66746e69727063] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetModuleHandleW] [7570635f006c5f73] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!Sleep] [747570635f007374] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetProcAddress] [616572635f007377] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!ExitProcess] [74616572635f0074] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!WriteFile] [656c61636f6c5f65] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetStdHandle] [666e616373635f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetSystemWindowsDirectoryW] [666e616373635f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetSystemDirectoryW] [616373635f006c5f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetLongPathNameW] [73635f00735f666e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCurrentThreadId] [6c5f735f666e6163] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FlsSetValue] [33656d6974635f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FlsGetValue] [656d6974635f0032] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!DebugBreak] [74635f00735f3233] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!OutputDebugStringA] [635f003436656d69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCommandLineA] [735f3436656d6974] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CloseHandle] [5f66746e69727077] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetLastError] [69727077635f0070] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!ResumeThread] [6c5f705f66746e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreateThread] [746e69727077635f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FlsFree] [61637377635f006c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetLastError] [637377635f00666e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCurrentThread] [635f006c5f666e61] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FlsAlloc] [735f666e61637377] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FindNextFileA] [6e61637377635f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FindFirstFileA] [645f006c5f735f66] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FindClose] [746867696c7961] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FindNextFileW] [5f65646f6365645f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FindFirstFileW] [7265746e696f70] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetLogicalDrives] [6d6974666669645f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetDiskFreeSpaceA] [6669645f00323365] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FileTimeToSystemTime] [3436656d697466] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FileTimeToLocalFileTime] [6570616d736f645f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetErrorMode] [627473645f007272] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!Beep] [7075645f00736169] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetFileAttributesA] [5f00327075645f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetFileAttributesA] [735f766e65707564] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetEnvironmentVariableA] [5f00747663655f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCurrentDirectoryA] [5f00735f74766365] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetCurrentDirectoryA] [705f65646f636e65] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetFullPathNameA] [5f007265746e696f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetDriveTypeA] [5f6465646f636e65] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCurrentProcessId] [6e655f006c6c756e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreateDirectoryA] [64616572687464] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!MoveFileA] [65726874646e655f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RemoveDirectoryA] [6e655f0078656461] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!DeleteFileA] [655f006e6f726976] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetFileAttributesW] [6e7272655f00666f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetEnvironmentVariableW] [6c636578655f006f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCurrentDirectoryW] [656c636578655f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetCurrentDirectoryW] [706c636578655f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetFileAttributesW] [706c636578655f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetFullPathNameW] [76636578655f0065] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreateDirectoryW] [6576636578655f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!MoveFileW] [7076636578655f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RemoveDirectoryW] [7076636578655f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetDriveTypeW] [746978655f0065] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!DeleteFileW] [646e617078655f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetExitCodeProcess] [5f65736f6c63665f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!WaitForSingleObject] [5f006b636f6c6f6e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreateProcessA] [6c6165736f6c6366] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!LoadLibraryA] [747663665f006c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FreeLibrary] [735f747663665f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreateProcessW] [6e65706f64665f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!ReadFile] [5f6873756c66665f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!DuplicateHandle] [5f006b636f6c6f6e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCurrentProcess] [7261686374656766] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [6377746567665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetTimeZoneInformation] [6b636f6c6f6e5f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetLocalTime] [686377746567665f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!WideCharToMultiByte] [626c69665f007261] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetFileTime] [656c69665f006675] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!LocalFileTimeToFileTime] [5f006874676e656c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SystemTimeToFileTime] [676e656c656c6966] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetLocalTime] [665f003436696874] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!MultiByteToWideChar] [665f006f6e656c69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCPInfo] [65736f6c63646e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetACP] [6966646e69665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetOEMCP] [665f003233747372] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!IsValidCodePage] [7473726966646e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetDateFormatA] [665f003436693233] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetTimeFormatA] [7473726966646e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RaiseException] [646e69665f003436] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RtlPcToFileHeader] [6934367473726966] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RtlLookupFunctionEntry] [646e69665f003233] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RtlUnwindEx] [5f0032337478656e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapSetInformation] [7478656e646e6966] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapCreate] [665f003436693233] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapDestroy] [367478656e646e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapFree] [6e646e69665f0034] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapQueryInformation] [6574696e69665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapValidate] [6873756c665f0066] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapCompact] [6f6d665f006c6c61] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!HeapWalk] [6c6370665f006564] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!VirtualProtect] [6370665f00737361] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!VirtualAlloc] [665f00667373616c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetSystemInfo] [6c665f6565656970] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!VirtualQuery] [73657270665f0074] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetHandleCount] [697270665f007465] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetFileType] [665f006c5f66746e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetStartupInfoA] [705f66746e697270] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetFileInformationByHandle] [746e697270665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!PeekNamedPipe] [665f006c5f705f66] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreateFileA] [735f66746e697270] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreateFileW] [747570665f006c5f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetFilePointer] [70665f0072616863] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetConsoleCP] [6c6f6e5f63777475] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetConsoleMode] [7570665f006b636f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FlushFileBuffers] [5f00726168637774] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CreatePipe] [6f6e5f6461657266] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetStdHandle] [72665f006b636f6c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!ReadConsoleInputA] [6f6c6f6e5f646165] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetConsoleMode] [72665f00735f6b63] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!PeekConsoleInputA] [6c61636f6c5f6565] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetNumberOfConsoleInputEvents] [61656572665f0065] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!ReadConsoleInputW] [5f61656572665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!WriteConsoleA] [66656572665f0073] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetConsoleOutputCP] [616373665f00736c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!WriteConsoleW] [73665f006c5f666e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!IsDBCSLeadByteEx] [6c5f735f666e6163] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!ReadConsoleA] [5f6b656573665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!ReadConsoleW] [5f006b636f6c6f6e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetEndOfFile] [3436696b65657366] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetProcessHeap] [696b656573665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!LockFile] [636f6c6f6e5f3436] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!UnlockFile] [65706f73665f006b] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!TerminateProcess] [74617473665f006e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!UnhandledExceptionFilter] [617473665f003233] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [5f00343669323374] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!IsDebuggerPresent] [34367461747366] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RtlVirtualUnwind] [343674617473665f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!RtlCaptureContext] [6574665f00323369] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!SetConsoleCtrlHandler] [636f6c6f6e5f6c6c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [6c6c6574665f006b] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FreeEnvironmentStringsW] [6574665f00343669] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetEnvironmentStringsW] [6f6e5f3436696c6c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetCommandLineW] [74665f006b636f6c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!FreeEnvironmentStringsA] [665f003233656d69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetEnvironmentStrings] [735f3233656d6974] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!QueryPerformanceCounter] [36656d6974665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetTickCount] [656d6974665f0034] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetStringTypeW] [75665f00735f3436] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetStringTypeA] [5f00687461706c6c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!LCMapStringA] [3233656d69747566] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!LCMapStringW] [656d697475665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CompareStringA] [727077665f003436] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!CompareStringW] [5f006c5f66746e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetLocaleInfoW] [66746e6972707766] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetLocaleInfoA] [727077665f00705f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!GetUserDefaultLCID] [6c5f705f66746e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!EnumSystemLocalesA] [6e69727077665f00] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!IsValidLocale] [5f006c5f735f6674] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll[KERNEL32.dll!LoadLibraryW] [6e5f657469727766] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\MAPI32.dll[KERNEL32.dll!GetModuleHandleA] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!_amsg_exit] [d3e79636e65646e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!_XcptFilter] [6d657373612f3c0a] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!malloc] [a0d0a0d3e796c62] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!free] [560000003403a4] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!_vsnwprintf] [450056005f0053] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!_initterm] [4f004900530052] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!memset] [4f0046] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!memcpy] [10000feef04bd] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[msvcrt.dll!memmove] [2580400000060003] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[ntdll.dll!RtlCaptureContext] [3f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[ntdll.dll!RtlVirtualUnwind] [200040004] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!DelayLoadFailureHook] [2000100000000] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GlobalAlloc] [80000028800000e8] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!CreateFileW] [8000004000000010] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!_llseek] [8000005800000018] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!_lread] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!_lwrite] [1000000000000] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!_lclose] [8000007000000001] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GlobalFree] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetTempPathW] [1000000000000] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetTempFileNameW] [8000008800000001] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!lstrlenA] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!LocalAlloc] [1000000000000] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!DosDateTimeToFileTime] [800000a000000002] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!LocalFileTimeToFileTime] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!lstrcmpiW] [1000000000000] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!CloseHandle] [b800000409] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!SetFilePointer] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!ReadFile] [1000000000000] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetFileSizeEx] [c800000409] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetShortPathNameW] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetProcessHeap] [d800000409] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!HeapFree] [c80000b778] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!lstrlenW] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetSystemDirectoryW] [3a40000b3d0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!SetThreadPriority] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetCurrentThread] [2e00000b0f0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!Sleep] [0] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!UnhandledExceptionFilter] [490055004d0003] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [6576206c6d783f3c] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetCurrentProcess] [31223d6e6f697372] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!TerminateProcess] [6f636e652022302e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!QueryPerformanceCounter] [5455223d676e6964] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetCurrentProcessId] [6174732022382d46] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetCurrentThreadId] [3d656e6f6c61646e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [d3e3f2273657922] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetTickCount] [6f43202d2d213c0a] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetProcAddress] [2074686769727970] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!LoadLibraryExW] [7263694d20296328] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetModuleFileNameW] [6f432074666f736f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!DeactivateActCtx] [6f697461726f7072] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!ActivateActCtx] [3c0a0d3e2d2d206e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!ReleaseActCtx] [796c626d65737361] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!CreateActCtxW] [223d736e6c6d7820] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[KERNEL32.dll!GetModuleHandleW] [656863733a6e7275] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!SetCursor] [636f727020202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!LoadCursorW] [637241726f737365] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!SendMessageW] [7275746365746968] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!LoadStringW] [3436646d61223d65] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!SetWindowTextW] [20202020200a0d22] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!RegisterClipboardFormatW] [7020202020202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!MessageBoxW] [79654b63696c6275] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!GetMenuItemCount] [36223d6e656b6f54] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!InsertMenuW] [3431343662353935] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!GetMenuItemInfoW] [2266643166636334] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!CreatePopupMenu] [2020202020200a0d] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!InsertMenuItemW] [616c202020202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!DeleteMenu] [223d65676175676e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!RemoveMenu] [202020200a0d222a] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!DestroyMenu] [a0d3e2f20202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!SetMenuDefaultItem] [65642f3c20202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!LoadMenuW] [41746e65646e6570] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[USER32.dll!GetSubMenu] [3e796c626d657373] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathFindFileNameW] [49796c626d657373] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathCombineW] [d797469746e6564] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathAddBackslashA] [202020202020200a] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathFindFileNameA] [7079742020202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!StrRetToBufW] [6e20202020202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!SHStrDupW] [63694d223d656d61] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathSkipRootW] [572e74666f736f72] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathIsUNCW] [432e73776f646e69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!AssocCreate] [202020202020200a] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathFindExtensionW] [7265762020202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHLWAPI.dll!PathAppendW] [2e36223d6e6f6973] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!ShellExecuteW] [737365636f727020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!SHBindToParent] [746968637241726f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!SHBindToObject] [223d657275746365] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!SHBrowseForFolderW] [7372657620202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!SHGetFileInfoW] [312e35223d6e6f69] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!SHGetPathFromIDListW] [200a0d22302e302e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!AssocGetDetailsOfPropKey] [3d65707974202020] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!SHBindToFolderIDListParentEx] [7250207265746e65] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[SHELL32.dll!SHGetPathFromIDListA] [706972637365642f] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[PROPSYS.dll!PSFormatForDisplay] [3e22302e31223d6e] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[PROPSYS.dll!VariantToPropVariant] [6d657373613c0a0d] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[PROPSYS.dll!InitVariantFromStrRet] [746e656449796c62] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[PROPSYS.dll!VariantCompare] [2020200a0d797469] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[PROPSYS.dll!InitVariantFromFileTime] [4d223d656d616e20] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[ole32.dll!PropVariantClear] [72007400530001] IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\cabview.dll[ole32.dll!OleSetClipboard] [460067006e0069] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [468:476] fffff9600094fb90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----