GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-12 17:47:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 M4-CT128M4SSD2 rev.000F 119,24GB Running: zejlw2rk.exe; Driver: C:\Users\Jurek\AppData\Local\Temp\uftcrpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1352] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000601f11a8 2 bytes [1F, 60] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000601f127d 2 bytes CALL 762114b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000601f1310 2 bytes CALL 762114b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000601f13a8 2 bytes [1F, 60] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000601f1422 2 bytes [1F, 60] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2404] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000601f1498 2 bytes [1F, 60] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2596] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe[5628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d31401 2 bytes JMP 7623b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d31419 2 bytes JMP 7623b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d31431 2 bytes JMP 762b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d3144a 2 bytes CALL 76214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d314dd 2 bytes JMP 762b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d314f5 2 bytes JMP 762b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d3150d 2 bytes JMP 762b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d31525 2 bytes JMP 762b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d3153d 2 bytes JMP 7622fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d31555 2 bytes JMP 76236907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d3156d 2 bytes JMP 762b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d31585 2 bytes JMP 762b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d3159d 2 bytes JMP 762b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d315b5 2 bytes JMP 7622fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d315cd 2 bytes JMP 7623b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d316b2 2 bytes JMP 762b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d316bd 2 bytes JMP 762b8891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_wcsupr] [61006e00790044] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_purecall] [2000630069006d] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_wtol] [73006c00610046] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_wcslwr] [65] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!towupper] [11c91ceb8a885d04] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!iswupper] [6048102b0008e89f] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [2006400000002] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!memcpy_s] [7fef1c640a4] C:\Windows\system32\wbem\wmipcima.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [7fef1c640d0] C:\Windows\system32\wbem\wmipcima.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!??1exception@@UEAA@XZ] [cc0094005c0000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z] [188015c012a00f8] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!memmove_s] [25c022a01ec01b4] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!??0exception@@QEAA@XZ] [5c25081200000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_wcsnicmp] [9092b009c0011] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_wcsicmp] [800020001fff8] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_vsnwprintf] [a000000643002] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!swscanf] [3e00000065] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!free] [10031a00280012] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!malloc] [5b36400800060000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_CxxThrowException] [3215c250812] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!__CxxFrameHandler3] [ffff000100000019] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_XcptFilter] [ffde004c0000ffff] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_initterm] [10031a5b5c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_amsg_exit] [21125b3640080006] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_unlock] [4008000c00000028] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!__dllonexit] [5b5c364008080836] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_lock] [5c2508125c250812] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_onexit] [1900000321] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [ffffffff0001] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!memcpy] [31a5b5cffd4004c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!memset] [4008000600000010] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!_wtoi] [31affdc21125b36] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[msvcrt.dll!memcmp] [4008000000000010] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ntdll.dll!RtlVirtualUnwind] [8115c0808125c08] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ntdll.dll!RtlLookupFunctionEntry] [12000214115c22] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ntdll.dll!RtlCaptureContext] [5b0b000807150008] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?EndRead@CThreadBase@@QEAAXXZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetAt@CHPtrArray@@QEBAPEAXH@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetSize@CHPtrArray@@QEBAHXZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?BeginRead@CThreadBase@@QEAAHK@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??1CHPtrArray@@QEAA@XZ] [7fef1c6a80c] C:\Windows\system32\wbem\wmipcima.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CHPtrArray@@QEAA@XZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??1CThreadBase@@UEAA@XZ] [4ff4a1b100000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z] [200000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?AddRef@CInstance@@QEAAJXZ] [2bc000000024] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Release@CInstance@@QEAAJXZ] [1fc0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?MakeLower@CHString@@QEAAXXZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ReleaseBuffer@CHString@@QEAAXH@Z] [7fef1c6e640] C:\Windows\system32\wbem\wmipcima.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetBuffer@CHString@@QEAAPEAGH@Z] [7fef1c6e6e0] C:\Windows\system32\wbem\wmipcima.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetLength@CHString@@QEBAHXZ] [6d006e0061004c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Right@CHString@@QEBA?AV1@H@Z] [650053006e0061] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Left@CHString@@QEBA?AV1@H@Z] [72006500760072] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Compare@CHString@@QEBAHPEBG@Z] [6570795400000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Mid@CHString@@QEBA?AV1@H@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??4CHString@@QEAAAEBV0@AEBV0@@Z] [6f746f7250626d53] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Find@CHString@@QEBAHG@Z] [6c6f63] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Commit@CInstance@@QEAAJXZ] [726f70736e617254] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z] [74] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z] [7600650044005c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z] [5c006500630069] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z] [6d006e0061004c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ] [650052006e0061] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CHString@@QEAA@PEBG@Z] [65007200690064] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ValidateEnumerationFlags@Provider@@MEAAJJ@Z] [72006f00740063] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Format@CHString@@QEAAXPEBGZZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??1CHString@@QEAA@XZ] [736c69747574656e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CHString@@QEAA@XZ] [6c6c642e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z] [7fef1c6be20] C:\Windows\system32\wbem\wmipcima.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??1Provider@@UEAA@XZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0Provider@@QEAA@PEBG0@Z] [572d534d2d495041] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z] [69767265532d4e49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?captainsLog@@3VProviderLog@@A] [76736e69772d6563] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ] [302d312d314c2d63] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??YCHString@@QEAAAEBV0@PEBG@Z] [6c6c642e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ValidateGetObjFlags@Provider@@MEAAJJ@Z] [572d534d2d495041] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ValidateMethodFlags@Provider@@MEAAJJ@Z] [69767265532d4e49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ValidateQueryFlags@Provider@@MEAAJJ@Z] [67616e614d2d6563] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ValidateDeletionFlags@Provider@@MEAAJJ@Z] [314c2d746e656d65] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z] [6c6c642e302d312d] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?SetSize@CHPtrArray@@QEAAXHH@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?IsEmpty@CHString@@QEBAHXZ] [642e696c63736b77] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetPropertyBitMask@CFrameworkQueryEx@@QEAAXAEBVCHPtrArray@@PEAX@Z] [6c6c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??H@YA?AVCHString@@AEBV0@PEBG@Z] [6d006e0061004c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z] [6f0057006e0061] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?SetDWORD@CInstance@@QEAA_NPEBGK@Z] [740073006b0072] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Setbool@CInstance@@QEAA_NPEBG_N@Z] [6f006900740061] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?SetCHString@CInstance@@QEAA_NPEBG0@Z] [6e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z] [57004f00520042] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z] [5200450053] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??4CHString@@QEAAAEBV0@PEBD@Z] [7672655372425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z] [6d756e457265] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CWinMsgEvent@@QEAA@XZ] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??1CWinMsgEvent@@QEAA@XZ] [744f797265755172] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?RegisterForMessage@CWinMsgEvent@@IEAAXIH@Z] [69616d6f44726568] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?UnRegisterMessage@CWinMsgEvent@@IEAA_NIH@Z] [736e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?SetCreationClassName@Provider@@IEAA_NPEAVCInstance@@@Z] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?s_strComputerName@Provider@@0VCHString@@A] [654e746573655272] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??YCHString@@QEAAAEBV0@G@Z] [74536e6f676f6c74] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?FindOneOf@CHString@@QEBAHPEBG@Z] [657461] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Empty@CHString@@QEAAXXZ] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?RemoveAt@CHStringArray@@QEAAXHH@Z] [6143677562654472] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?RemoveAll@CHStringArray@@QEAAXXZ] [6c6c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Add@CHStringArray@@QEAAHPEBG@Z] [7254677562654472] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?SetAt@CHString@@QEAAXHG@Z] [656361] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??YCHString@@QEAAAEBV0@AEBV0@@Z] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z] [7453797265755172] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Add@CHPtrArray@@QEAAHPEAX@Z] [7363697473697461] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??H@YA?AVCHString@@PEBGAEBV0@@Z] [7453746573655272] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??H@YA?AVCHString@@AEBV0@G@Z] [7363697473697461] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??H@YA?AVCHString@@AEBV0@0@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z] [73776f724274654e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??4CHString@@QEAAAEBV0@PEBG@Z] [7369746174537265] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?MakeUpper@CHString@@QEAAXXZ] [74654773636974] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CHString@@QEAA@AEBV0@@Z] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z] [6c74654e74655372] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Destroy@CWbemGlueFactory@@QEAAXXZ] [746174536e6f676f] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z] [65] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z] [6573776f72425f49] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?initFailed@Provider@@SAHXZ] [6d45797265755172] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CHStringArray@@QEAA@XZ] [6f44646574616c75] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??1CHStringArray@@QEAA@XZ] [736e69616d] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z] [77006f00720062] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z] [7200650073] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z] [75006300650053] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z] [79007400690072] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??1CObjectPathParser@@QEAA@XZ] [6500640049003d] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!??ACHStringArray@@QEBA?AVCHString@@H@Z] [6600690074006e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[framedynos.dll!?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z] [74006100630069] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!RegCreateKeyW] [76eb4ef0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!RegSetValueExW] [76f3bab0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!RegCloseKey] [76eb5190] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!RegOpenKeyW] [76eec140] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!RegDeleteKeyW] [76ec1910] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!OpenThreadToken] [76eb4730] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!RevertToSelf] [76ec1980] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ADVAPI32.dll!ImpersonateLoggedOnUser] [76eb6420] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetLastError] [76eb33e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!QueryInformationJobObject] [76eb3380] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!OpenJobObjectW] [76eb5c20] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!CloseHandle] [76eb5ac0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetCurrentProcessId] [76ec1760] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [76ec2020] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!TerminateProcess] [76ead860] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetCurrentProcess] [76ef8e00] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!UnhandledExceptionFilter] [76ec1520] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [76eb59a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [76ec14b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!CreateEventW] [7fefd527610] C:\Windows\system32\RPCRT4.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!WaitForSingleObjectEx] [7fefd5382c0] C:\Windows\system32\RPCRT4.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!CreateThread] [7fefd527000] C:\Windows\system32\RPCRT4.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!SetEvent] [7fefd4f2a70] C:\Windows\system32\RPCRT4.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!ResetEvent] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetExitCodeThread] [7fefece10e0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!SetLastError] [7fefece58a0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!OpenProcess] [7fefed2bfd4] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!OutputDebugStringA] [7fefece10ac] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetVersionExW] [7fefece929c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetModuleFileNameW] [7fefece3b70] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetCurrentThread] [7fefece3b1c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetComputerNameW] [7fefece3330] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!DebugBreak] [7fefece4448] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!LoadLibraryW] [7fefecf4a38] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetWindowsDirectoryW] [7fefece3be0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!GetProcAddress] [7fefece6960] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!FreeLibrary] [7fefece2840] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!lstrlenA] [7fefed12cb8] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!AssignProcessToJobObject] [7fefece8e28] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!QueryPerformanceCounter] [7fefece137c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!LocalAlloc] [7fefed20b58] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!LocalFree] [7fefece33b8] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[KERNEL32.dll!DeviceIoControl] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ole32.dll!StringFromGUID2] [ffec004cfff0004c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ole32.dll!StringFromCLSID] [8080808ffe8004c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ole32.dll!CoTaskMemFree] [808080808080808] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[ole32.dll!CLSIDFromString] [ffd4004c40080808] IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[DEVOBJ.dll!DevObjGetClassDevs] [76eee2f0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[DEVOBJ.dll!DevObjDestroyDeviceInfoList] [76ebb8f0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[DEVOBJ.dll!DevObjCreateDeviceInfoList] [76ea2ec0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[DEVOBJ.dll!DevObjEnumDeviceInterfaces] [76eb3c40] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[DEVOBJ.dll!DevObjGetDeviceInterfaceDetail] [76eb3c60] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4656] @ C:\Windows\system32\wbem\wmipcima.dll[DEVOBJ.dll!DevObjEnumDeviceInfo] [76eac000] C:\Windows\system32\kernel32.dll ---- EOF - GMER 2.2 ----