GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-24 06:56:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GH10 465,76GB Running: 026po23e.exe; Driver: C:\Users\Ola\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076621401 2 bytes JMP 76afb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076621419 2 bytes JMP 76afb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076621431 2 bytes JMP 76b78f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007662144a 2 bytes CALL 76ad489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000766214dd 2 bytes JMP 76b78822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000766214f5 2 bytes JMP 76b789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007662150d 2 bytes JMP 76b78718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076621525 2 bytes JMP 76b78ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007662153d 2 bytes JMP 76aefca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076621555 2 bytes JMP 76af68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007662156d 2 bytes JMP 76b78fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076621585 2 bytes JMP 76b78b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007662159d 2 bytes JMP 76b786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000766215b5 2 bytes JMP 76aefd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000766215cd 2 bytes JMP 76afb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000766216b2 2 bytes JMP 76b78ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1984] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000766216bd 2 bytes JMP 76b78671 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076621401 2 bytes JMP 76afb21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076621419 2 bytes JMP 76afb346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076621431 2 bytes JMP 76b78f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007662144a 2 bytes CALL 76ad489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766214dd 2 bytes JMP 76b78822 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766214f5 2 bytes JMP 76b789f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007662150d 2 bytes JMP 76b78718 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076621525 2 bytes JMP 76b78ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007662153d 2 bytes JMP 76aefca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076621555 2 bytes JMP 76af68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007662156d 2 bytes JMP 76b78fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076621585 2 bytes JMP 76b78b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007662159d 2 bytes JMP 76b786dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766215b5 2 bytes JMP 76aefd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766215cd 2 bytes JMP 76afb2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766216b2 2 bytes JMP 76b78ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766216bd 2 bytes JMP 76b78671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3504] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ad8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_wtoi] [50245c8b48c78b00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_wcsnicmp] [c4834858246c8b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!towupper] [5f5c415d415e4120] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memcpy] [909090909090c35e] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memcmp] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memset] [398320ec8348f3ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_vsnprintf] [83481a75d98b4800] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memcpy_s] [891e15ffd23308c1] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!free] [a90d840fc0850009] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!iswalpha] [103c70000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!wcschr] [c35b20c48348c033] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!wcstombs] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!swscanf_s] [83485708245c8948] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!memmove] [a840fc9854830ec] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_XcptFilter] [840fd285480000a8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!malloc] [4cffcf830000a809] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_initterm] [247c89025f8dc18b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_amsg_exit] [4b8d202454894828] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!_vsnwprintf] [f02f883000988b4] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[msvcrt.dll!sqrtf] [ebc033000011cb85] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!NtQuerySystemInformation] [90909090c35f30c4] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!DbgPrintEx] [d50d8b4890909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwEventRegister] [3345c93345000d53] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwEventUnregister] [98a9825ff48c0] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!RtlCaptureContext] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!RtlLookupFunctionEntry] [6c894808245c8948] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!RtlVirtualUnwind] [5718247489481024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmAddToStream] [33f18b4820ec8348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmIsOptedIn] [90909090909090ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmSetDWORD] [fed8548fe2c8b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!WinSqmIncrementDWORD] [24834800007cff85] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!EtwEventWrite] [778a6834800fe] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[ntdll.dll!DbgPrompt] [ff8148c7ff480000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetNearestColor] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetNearestPaletteIndex] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateRoundRectRgn] [90900009911225ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateRectRgn] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetPixel] [9090000990da25ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!ExtFloodFill] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetMagicColors] [f000d60290d3b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SelectClipRgn] [c1c1480000b1c985] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!StretchBlt] [850fffffc1f76610] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetStretchBltMode] [900000c20000b1b6] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!IntersectClipRect] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GdiTransparentBlt] [9090000990d225ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetDIBColorTable] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreatePatternBrush] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateHalftonePalette] [909000098fea25ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateBitmap] [a40625ff90909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!RestoreDC] [9090909090900009] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetBkColor] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!TextOutW] [8b4820ec8348f3ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetTextColor] [75c98548098b48d9] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SaveDC] [86383000c63830e] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateCompatibleBitmap] [e8c35b20c4834800] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetRegionData] [238348ffffff5c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GdiAlphaBlend] [909090909090e7eb] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetLayout] [90900009902a25ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetTextColor] [8fb625ff90909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetBkMode] [9090909090900009] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!BitBlt] [44894c1024548948] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateDIBSection] [4820244c894c1824] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateCompatibleDC] [840fd2854828ec83] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!DeleteDC] [24448d4c0001721e] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!EnumFontFamiliesExW] [834800000012e840] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetObjectW] [9090909090c328c4] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateFontIndirectW] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SelectPalette] [548948182444894c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!RealizePalette] [5308244c89481024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SelectObject] [5641554154415756] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!PatBlt] [c74840ec83485741] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!DeleteObject] [4dfffffffe302444] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetStockObject] [e98b4cf28b4cf88b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!SetPaletteEntries] [8920245c8948db33] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetPaletteEntries] [3b4800000098249c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreateSolidBrush] [49000171f3840fd3] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetDeviceCaps] [ff6ae8ce8b49d08b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!CreatePalette] [c98348f06348ffff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!TranslateCharsetInfo] [720e840ff13b48ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetTextExtentPoint32W] [10000fe81480001] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[GDI32.dll!GetTextMetricsW] [4800017239870f00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!FindWindowExW] [f1850f003b830001] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!PostThreadMessageW] [ff084f8d4800014a] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!MessageBoxW] [1ba9000098b3315] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!CopyRect] [28244c8d48000000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!OpenIcon] [5c8b48fffff833e8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!FindWindowW] [4858246c8b485024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetShellWindow] [247c8b486024748b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetCursorPos] [c35c4140c4834868] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetCursorPos] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!CharUpperBuffW] [48c28b4c38ec8348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!CharLowerW] [14e808518b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!IsCharUpperW] [834800eb20244489] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgItemInt] [9090909090c338c4] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawIconEx] [245c894890909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumChildWindows] [894810246c894808] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EndTask] [20ec834857182474] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SendMessageTimeoutW] [20b9d98b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadIconW] [55e8f28b48e88b49] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!RedrawWindow] [8548f88b48fffff7] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!CallWindowProcW] [4800015439840fc0] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetFocus] [83000c6083002083] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawIcon] [ff854800eb000860] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!IsWindow] [8b4800015429840f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadBitmapW] [5be8cf8b48d5] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetRect] [678348105d8b4400] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DestroyIcon] [8548105f89440018] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDesktopWindow] [4800015412850ff6] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawMenuBarTemp] [894818478948038b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawFrameControl] [7508733b4800eb3b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawCaptionTempW] [638348087b894804] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetSysColorsTemp] [8300206383480018] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DestroyMenu] [c0331043ffff284b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EnableMenuItem] [6c8b4830245c8b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadMenuW] [484024748b483824] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetWindowLongW] [909090c35f20c483] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!PtInRect] [8348f3ff90909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!WaitForInputIdle] [d98b48128b4820ec] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterClassW] [fc085fffff90be8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClassInfoW] [c38b4800016bc788] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgCtrlID] [9090c35b20c48348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!CharNextW] [245c894890909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumDisplaySettingsExW] [4857102474894808] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ChangeDisplaySettingsW] [da8bf88b4920ec83] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ChangeDisplaySettingsExW] [57501fa83f18b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetRectEmpty] [c78b4c00000c77e8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterClipboardFormatW] [5c8b48ce8b48d38b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumDisplayDevicesW] [483824748b483024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawTextW] [909006eb5f20c483] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!OffsetRect] [2444894c90909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!MonitorFromPoint] [4c89481024548918] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!FillRect] [ec81485756530824] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ValidateRect] [8b48fa8b00000140] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetForegroundWindow] [5c8900000001bbf1] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadImageW] [d566c15892024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EndPaint] [5588840fd285] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!BeginPaint] [5590850f01fa83] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!PostQuitMessage] [d6080058b4800] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!KillTimer] [172b5850fc08548] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetTimer] [848b4c1a74db8500] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetMessageW] [48d78b0000017024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!UnregisterClassW] [8b000000e1e8ce8b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!RegisterClassExW] [8500eb20244489d8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ReleaseCapture] [7024848b4c3874db] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetCapture] [ce8b48d78b000001] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ShowCursor] [89d88b00000043e8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetFocus] [1ff8300eb202444] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetMonitorInfoW] [72d9840fdb850875] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!MonitorFromRect] [553d840fff850001] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!AdjustWindowRect] [34840f03ff830000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetWindowPos] [d55e705c7000055] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!MoveWindow] [48c38bffffffff00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawTextExW] [5e5f00000140c481] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgItemTextW] [909090909090c35b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindowRect] [83485708245c8948] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ShowWindow] [557d840fd28520ec] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!IsWindowVisible] [48447501fa830000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindowLongW] [15ff000d55f20d89] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ChildWindowFromPoint] [f50d8d4c0009896c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DrawEdge] [5fd6058d4c000d55] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadCursorW] [eb7158d48000d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetCursor] [9a4c80d8d4800] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetSysColors] [d557605c7] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSysColor] [e800000e61e80000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SystemParametersInfoW] [9a7e800000a6c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SendNotifyMessageW] [1b800eb00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DestroyWindow] [c4834830245c8b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!MapWindowPoints] [9090909090c35f20] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DispatchMessageW] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!TranslateMessage] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!PeekMessageW] [6c894808245c8948] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!MsgWaitForMultipleObjects] [5541544157561024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!PostMessageW] [db3320ec83485641] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindow] [d33be98b4ce08b4d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetParent] [1bf000053e1840f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClientRect] [d6850fd73b000000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!UpdateWindow] [25048b4865000000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!InvalidateRect] [8b48eb8b00000030] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EnableWindow] [48f0c03300eb0870] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetDlgItemTextW] [f000d54f935b10f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindowLongPtrW] [fc33b000d54ff05] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!CheckDlgButton] [358d480001711485] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!IsDlgButtonChecked] [fd358d4c0009a3f4] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetWindowTextW] [d54e33d890009a3] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EndDialog] [2373f63b49c38b00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetWindowLongPtrW] [170cd850fc33b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSysColorBrush] [274cb3b480e8b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!FrameRect] [3b4908c68348d1ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetSystemMetrics] [b2850fc33be572f6] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!InflateRect] [a3ae158d48000170] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SetDlgItemInt] [9a3670d8d480009] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!LoadStringW] [5c700000a52e800] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!ReleaseDC] [2000d549c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDC] [48c38b480a75eb3b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SendDlgItemMessageW] [3948000d547a0587] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!SendMessageW] [ad850f000d600b1d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetDlgItem] [d54773d01000170] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!GetClassNameW] [15ffcd8b4826eb00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!DialogBoxParamW] [b51d894800098554] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!CreateWindowExW] [54b61d8948000d54] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[USER32.dll!EnumWindows] [d545c1d89000d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHDeleteKeyW] [4400098dc115ff08] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrStrIW] [48ca8bc28b48307b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRChrW] [14e55850f485339] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFindFileNameW] [8948487b89480000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetPathW] [fc5ee838244c8d48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrChrW] [880fc085e88bffff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetValueW] [8910478b00014e43] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHGetValueW] [1bc41482444] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHSetValueW] [48307b8b4800eb00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHDeleteValueW] [14e7b840fff85] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrToIntExW] [3043894818478b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsFileSpecW] [83480575387b3b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFindExtensionW] [48638348003863] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveExtensionW] [584b830050638348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathCombineW] [8b4800000001baff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrStrW] [8b48fffffa2ae8cf] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHStrDupW] [4bfffffff9a2e8cf] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathParseIconLocationW] [ff084b8d4800eb00] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegSetPathW] [854500014e32850f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathQuoteSpacesW] [894c068b481f74e4] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrDupW] [48244c8b4420247c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpNW] [d58b483824448b4c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!UrlCompareW] [4800000001baffff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveFileSpecW] [fff9cfe838244c8d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsNetworkPathW] [90c35f5c415d415e] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveBlanksW] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsRelativeW] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathIsPrefixW] [10698d4840ec8348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!SHRegGetUSValueW] [d58b48c933450840] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!UrlEscapeW] [c08500098d7215ff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpNIW] [e0840fc08545000d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathUnExpandEnvStringsW] [58e8504f8d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathCommonPrefixW] [24448900001000b8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrFormatByteSizeW] [3300014df9840fc0] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathStripToRootW] [60246c8b4800ebdb] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathRemoveFileSpecA] [48c38b6824748b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathStripPathA] [40c4834858245c8b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRChrA] [909090909090c35f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathAddBackslashW] [ec83485441c48b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathFileExistsW] [894808588948ffff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!PathAppendW] [ec608300e0608348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpIW] [ff08c18348f20348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrCmpW] [4810438d48587500] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrToIntW] [304f8d4838244489] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHLWAPI.dll!StrRStrIW] [4ee82824548d48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemFromIDList] [49d88bfffffd9be8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemWithParent] [5f5c415d415e415f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetPathFromIDListW] [9090909090c35b5e] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHQueryRecycleBinW] [4800015717850fc9] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateDirectoryExW] [15ff08528b48cf8b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetNameFromIDList] [8538b480009913c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetIDListFromObject] [c08a8b4c1a] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!ExtractIconW] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!ExtractIconExW] [571840894cc48b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHCreateItemFromParsingName] [5741564155415441] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetKnownFolderPath] [2444c74850ec8348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!SHGetFolderPathEx] [588948fffffffe30] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[SHELL32.dll!ShellExecuteExW] [7089481068894808] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[slc.dll!SLGetWindowsInformationDWORD] [38246c8b4830245c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentProcess] [830fc63b4808458b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DuplicateHandle] [2b80001725c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateEventW] [c1400f48e6f74800] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!IsDebuggerPresent] [fffffe78e8c88b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CloseHandle] [2024448948e08b4c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetEvent] [73840fe33b4c00eb] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalAlloc] [982484c7000172] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLastError] [4166000000010000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetTickCount] [f33b48fb8b241c89] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalFree] [814800017293840f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrcmpiW] [86870f7ffffffffe] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentThread] [8b357cfb3b000172] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!TerminateThread] [4dcf8b4dceff48fb] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrlenW] [cc8b49d68b48c68b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetUserDefaultUILanguage] [fc33bfffffec3e8] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLocaleInfoW] [4898480001726e8c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindNextFileW] [17263870fc63b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetNumberFormatW] [8941660775c63b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateFileMappingW] [8c0ffb3b00eb741c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!UnmapViewOfFile] [9824b48b0001725e] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MapViewOfFile] [ce840ff33b000000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetFileSize] [8b49d48b49000172] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DeactivateActCtx] [f88b00000032e8cd] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ActivateActCtx] [1727b8c0fc33b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReleaseActCtx] [874f33b00ebfb8b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateActCtxW] [fffffdb8e8cc8b49] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetModuleHandleW] [5f4140c48348c78b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FileTimeToDosDateTime] [5e5f5c415d415e41] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FileTimeToLocalFileTime] [909090909090c35b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WideCharToMultiByte] [4c89481024548948] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [4154415756530824] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetFileAttributesW] [4838ec8348564155] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetFileTime] [fffffffe202444c7] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetTempFileNameW] [f633d98b48ea8b4c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetTempPathW] [8de0840fd63b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LCMapStringW] [49ffce8349c03300] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DosDateTimeToFileTime] [aff266fa8b48ce8b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetExitCodeThread] [8b4cc9ff48d1f748] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ResumeThread] [80248c89e1] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ResetEvent] [870f00010000f981] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [3b01798d00016d8d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!UnhandledExceptionFilter] [8900016e60820ff9] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!TerminateProcess] [7b3b0000008824bc] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [ba00016dac860f08] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!QueryPerformanceCounter] [e8cb8b4800000001] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!Sleep] [b8cf8b90fffffd9c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DelayLoadFailureHook] [49e1f74800000002] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LoadLibraryExA] [15e8c88b48c6400f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProcAddress] [eb038948fffffd] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CompareStringW] [840fc63b48038b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentThreadId] [8930896600016da5] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WriteFile] [c58b4d08538b087b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LocalFileTimeToFileTime] [30e80b8b48] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SystemTimeToFileTime] [6dbf8c0fc63bf88b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLocalTime] [fe8b0c6389440001] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FormatMessageW] [38c48348c78b00eb] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetCurrentProcessId] [5e5f5c415d415e41] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ProcessIdToSessionId] [909090909090c35b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!HeapFree] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProcessHeap] [3b49cb8b45db3345] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [870f7ffffffffa81] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetFileAttributesExW] [7ccb3b450000b0ef] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetFileAttributesW] [fd33b49cb8b454d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindFirstFileExW] [feba410000b0e984] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReleaseMutex] [2b4cd22b4c7fffff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateMutexW] [90909090909090c1] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateThreadpoolWork] [41660804b70f4118] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DeleteFileW] [9090909090909090] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateThread] [548948182444894c] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FreeLibraryAndExitThread] [5308244c89481024] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LoadLibraryExW] [5641554154415756] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindClose] [c74830ec83485741] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WaitForSingleObject] [4dfffffffe282444] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FindFirstFileW] [f98b4cf28b4ce88b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemWow64DirectoryW] [8824bc8948ff33] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetSystemDirectoryW] [3b4901708d490000] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetWindowsDirectoryW] [4800016bf1820ff0] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetModuleFileNameW] [4802478d20247489] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!FreeLibrary] [f48ff4f8d48e6f7] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!LoadLibraryW] [fbdee8c88b48c140] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetLongPathNameW] [848948e08b4cffff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WriteProfileStringW] [4c00eb0000008824] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!WaitForMultipleObjects] [16b7e840fe73b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetPrivateProfileStringW] [7d840ff73b48df8b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!lstrcmpW] [fffffe814800016b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateProcessW] [16b70870f7fff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MultiByteToWideChar] [fefd81494e7cdf3b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!SetFilePointer] [16b69870f7fffff] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!ReadFile] [3b48df8bcc8b4900] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateFileW] [4c00016b6a840ff7] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CopyFileW] [448d49f42b4dee2b] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CreateDirectoryW] [411774c73b480035] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!CompareStringOrdinal] [74c73b660e04b70f] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GetProductInfo] [2c183480189660d] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!DisableThreadLibraryCalls] [3b48df7501ee8348] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!GlobalAlloc] [6600016b3a840ff7] IAT C:\Windows\Explorer.EXE[1948] @ C:\Windows\system32\themeui.dll[KERNEL32.dll!MulDiv] [6b3d8c0fdf3b3989] ---- Processes - GMER 2.1 ---- Process C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (*** suspicious ***) @ C:\Users\Ola\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [2176] (Microsoft® Volume Shadow Copy Service/Microsoft Corporation)(2015-06-23 08:34:59) 0000000000400000 ---- EOF - GMER 2.1 ----