GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-17 12:09:28 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD10EZEX-00KUWA0 rev.15.01H15 931,51GB Running: nsu2ij30.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\services.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Windows\System32\svchost.exe[400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\System32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\Explorer.EXE[1604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1368] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[2708] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[2856] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074811a22 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074811ad0 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074811b08 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074811bba 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074811bda 2 bytes [81, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Windows\system32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\conhost.exe[3180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3440] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768087c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[3616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[3932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bbeecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1568] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 .text C:\Users\admin\Downloads\nsu2ij30.exe[1428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a322 1 byte [62] .text C:\Users\admin\Downloads\nsu2ij30.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c31465 2 bytes [C3, 74] .text C:\Users\admin\Downloads\nsu2ij30.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c314bb 2 bytes [C3, 74] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!__mb_cur_max] [c5e8000021f024b4] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!isleadbyte] [24b4394466fffffc] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!isxdigit] [f64d840f000021f0] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!localeconv] [8b48007d8b49ffff] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!wctomb] [484850ff078b48cf] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!mbtowc] [f08b48cf8b48178b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!iswctype] [8b48178b485052ff] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!wcstombs] [484852ffd88b48cf] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!__badioinfo] [4804496348084d8b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!__pioinfo] [e808294c8d48d08b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_read] [248c8d4cfffffa00] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!ungetc] [fff5ebe9000021f0] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!isdigit] [ffffed10e9c78bff] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!calloc] [ed46e900000018bf] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_CxxThrowException] [eb13894466ffff] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!memset] [e9cfff4802c38348] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!memcpy] [ff018b48fffffe5a] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_onexit] [8478b48d88b4c10] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_lock] [4928478b48038949] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!__dllonexit] [ff31448d4c084b8d] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_unlock] [5f894cff18548d4a] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!?terminate@@YAXXZ] [20578948c5234c08] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [fc13b4c184f8948] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_amsg_exit] [ca3b48ff498d4918] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_initterm] [3ee9ffffe9ab860f] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_XcptFilter] [9090909090000075] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_resetstkoflw] [49dc8b4c90909090] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z] [5441575655105b89] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_errno] [8b4850ec83485541] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!__CxxFrameHandler] [4cea8b48098b48f1] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!realloc] [483c83416610468b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_iob] [4500006eb9840f25] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_fileno] [ce8b48d58b48c033] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_isatty] [9c8b48ffffebebe8] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!strncmp] [c483480000008824] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!wcschr] [5d5e5f5c415d4150] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_vsnwprintf] [8b4800000008b9c3] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!malloc] [fd28548e1f748c2] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!free] [747fe9ffff473284] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!memmove] [c14908438b4c0000] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_wfopen] [c88b48138b4803e0] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!fread] [4be9900000000fe8] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!ftell] [9090909090ffff47] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!fseek] [4fbe25ff90909090] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!fclose] [66240cb70f410002] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!_purecall] [6661850f24148545] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!logf] [f24048541660000] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!expf] [30e9830000666185] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[msvcrt.dll!log] [4488c0950fc93b41] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!FlushFileBuffers] [658f8c0fd13b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!WriteFile] [fc16e0f66c8280f] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!SetFilePointer] [ebc15e0ff3c05b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [49f0580ff3c7ff41] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!UnhandledExceptionFilter] [74d93b495f74f93b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetCurrentProcess] [c13a452024548a5a] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!TerminateProcess] [b8000007ee840f] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [ff28541660000ff] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetCurrentProcessId] [f08566000065b385] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetTickCount] [b841000065bd850f] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!QueryPerformanceCounter] [6f0bb410000007f] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!RtlCaptureContext] [228244483480000] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!RtlLookupFunctionEntry] [8348338966cfff48] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!RtlVirtualUnwind] [b024bc894802c3] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!OutputDebugStringA] [a8249c89480000] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetModuleFileNameW] [4f840fd13a410000] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetCurrentThreadId] [eb01b540ffffff] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetLocalTime] [10458b49184d8b49] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!FormatMessageW] [8d48023024448348] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!Sleep] [3b4c02c48349480c] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!VirtualProtect] [e900000234830fe1] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!DelayLoadFailureHook] [90909090000000ca] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!LoadLibraryExA] [49dc8b4c90909090] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!CloseHandle] [55204b894d105b89] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!LockResource] [8b4850ec83485741] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!CreateFileMappingW] [d98b4910418b4811] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!DisableThreadLibraryCalls] [f6570f402474290f] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetProcAddress] [4c50248d4ce98b4c] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!SetLastError] [8a41287b8949f38b] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetLastError] [244c8844c18a45e9] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!CreateFileW] [90248c884421] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!SizeofResource] [8d4420244c8844f9] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [412a74d93b49ca57] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!LoadLibraryW] [4813894466357a8d] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!LoadResource] [49287b894902c383] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!FreeLibrary] [7a8d411474205b89] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!FindResourceW] [c383481389446634] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!UnmapViewOfFile] [5b8949287b894902] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!MapViewOfFile] [458b4918498b4820] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!GetFileSize] [30b948148d4810] IAT C:\Windows\system32\SearchIndexer.exe[3616] @ C:\Windows\System32\NLSData0007.dll[KERNEL32.dll!LocalFree] [1830fe23b4c0000] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3672:4252] 000007fefb592ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3672:4740] 000007fef1a75124 ---- EOF - GMER 2.1 ----