GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-19 16:29:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500DM0 rev.KC47 465,76GB Running: vx451ymj.exe; Driver: C:\Users\GALA\AppData\Local\Temp\pwlyrpow.sys ---- User code sections - GMER 2.2 ---- .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075ef1401 2 bytes JMP 76eeb263 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075ef1419 2 bytes JMP 76eeb38e C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075ef1431 2 bytes JMP 76f690f1 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075ef144a 2 bytes CALL 76ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075ef14dd 2 bytes JMP 76f689ea C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075ef14f5 2 bytes JMP 76f68bc0 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075ef150d 2 bytes JMP 76f688e0 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075ef1525 2 bytes JMP 76f68caa C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075ef153d 2 bytes JMP 76edfce8 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075ef1555 2 bytes JMP 76ee6937 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075ef156d 2 bytes JMP 76f691a9 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075ef1585 2 bytes JMP 76f68d0a C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075ef159d 2 bytes JMP 76f688a4 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075ef15b5 2 bytes JMP 76edfd81 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075ef15cd 2 bytes JMP 76eeb324 C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075ef16b2 2 bytes JMP 76f6906c C:\Windows\syswow64\kernel32.dll .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2388] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075ef16bd 2 bytes JMP 76f68839 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memcpy] [6c616e7265746e69] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_CxxThrowException] [616d726f66726550] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [534453520065636e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!realloc] [468c40c159d007d6] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_onexit] [1bbdb8f9e722eb3] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_lock] [6970617400000001] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!__dllonexit] [6264702e66726570] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_unlock] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!?terminate@@YAXXZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_initterm] [d5058b4858ec8348] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_XcptFilter] [8948c4334800001e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memset] [8a850fc08500] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memcpy_s] [5c70000047eba00] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_purecall] [100002634] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!malloc] [150100001ece1501] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!free] [1f22150100001f00] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_iob] [1f4415010000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_errno] [150100001f661501] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!wcsncpy_s] [1faa150100001f88] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_vsnwprintf] [1fcc15010000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!strncmp] [150100001fee1501] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!fprintf] [1014a8d00002010] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_vsnprintf] [c90d0100001e970d] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!__CxxFrameHandler3] [1eeb0d0100001e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[USER32.dll!UnregisterClassA] [56525349504154] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[USER32.dll!CharNextW] [642e323369706174] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemFree] [158d48c0ff00001f] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemRealloc] [19b941fffffe9c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoCreateInstance] [25a005890002] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemAlloc] [c033453824448d48] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlCaptureContext] [510d0100001f2f0d] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlLookupFunctionEntry] [1f730d0100001f] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlVirtualUnwind] [100001f950d0100] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrlenA] [7feff709d80] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LocalAlloc] [7feff705bac] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!ReleaseMutex] [7feff70d6c0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!WaitForSingleObject] [7feff714070] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!DeleteFileA] [7feff70a830] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetLocalTime] [7feff709d6c] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CopyFileA] [7feff714250] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FormatMessageW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OutputDebugStringW] [773133d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FlushViewOfFile] [7734c0b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CreateFileA] [77313370] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LocalFree] [77321480] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentThread] [77315180] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SetLastError] [7739baa0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetVersionExW] [77319010] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OutputDebugStringA] [7734b9c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [7734ba20] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!UnhandledExceptionFilter] [7734bb00] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentProcess] [77314ee0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!TerminateProcess] [77307790] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [77322020] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentProcessId] [77307810] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentThreadId] [77316500] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!MapViewOfFile] [773214f0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!UnmapViewOfFile] [77315990] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FindResourceW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadResource] [7fefeecbfd4] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryExW] [7fefee810ac] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetModuleHandleW] [7fefee88e28] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!WideCharToMultiByte] [7fefeec0b58] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryW] [7fefee810e0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SizeofResource] [7fefee81000] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetModuleFileNameW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!MultiByteToWideChar] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrlenW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!RaiseException] [7fefbb81810] C:\Windows\system32\msscntrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetLastError] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetProcAddress] [4a5bd41800000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrcmpiW] [11ec00000025] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OpenFileMappingW] [5ec] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetShortPathNameW] [7fefbb83310] C:\Windows\system32\msscntrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CloseHandle] [7fefbb833b0] C:\Windows\system32\msscntrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryExA] [6572617774666f53] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!DelayLoadFailureHook] [6f736f7263694d5c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetVersionExA] [6f646e69575c7466] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetTickCount] [65727275435c7377] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!Sleep] [6f6973726556746e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!QueryPerformanceCounter] [6870656c65545c6e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!memset] [4a5bcc0400000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!_amsg_exit] [123800000024] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!_initterm] [638] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!malloc] [7fefbb73470] C:\Windows\system32\rasctrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!free] [7fefbb73510] C:\Windows\system32\rasctrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!memcpy] [49a0499f66c1aa3c] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ntdll.dll!RtlLookupFunctionEntry] [435c4d4554535953] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ntdll.dll!RtlVirtualUnwind] [6f43746e65727275] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ntdll.dll!RtlCaptureContext] [7465536c6f72746e] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [773133d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetCurrentProcess] [7739baa0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!UnhandledExceptionFilter] [77319010] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetModuleHandleExA] [7734b9c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!FreeLibrary] [7734ba20] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!SetEvent] [7734bb00] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!WaitForSingleObjectEx] [77315180] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!CreateEventA] [77321a00] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!lstrlenW] [773214f0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!FreeLibraryAndExitThread] [77315990] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetLastError] [77321480] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!DisableThreadLibraryCalls] [77314ee0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!CreateThread] [7fefeecbfd4] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!MultiByteToWideChar] [7fefee810ac] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetProcAddress] [7fefee88e28] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!LoadLibraryA] [7fefee8137c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!Sleep] [7fefeec0b58] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!QueryPerformanceCounter] [7fefee810e0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetCurrentThreadId] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetCurrentProcessId] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!CloseHandle] [7fefbb71e28] C:\Windows\system32\rasctrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!NotifyServiceStatusChangeA] [7feff70a560] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!CloseServiceHandle] [7feff70a620] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!OpenServiceA] [7feff70a850] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegCloseKey] [7feff709fa0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegOpenKeyExA] [7feff7168c0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!DeregisterEventSource] [7feff714250] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegQueryValueExA] [7feff70d6c0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegisterEventSourceA] [7feff751e70] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!OpenSCManagerA] [7feff714070] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[4156] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!QueryServiceStatus] [0] ---- EOF - GMER 2.2 ----