GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-05 19:58:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547550A9E384 rev.JE3OA60B 465,76GB Running: kdyosz36.exe; Driver: C:\Users\toshiba\AppData\Local\Temp\pwliypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Windows\system32\services.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[1940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe[2032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 75e6b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 75e6b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 75ee8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 75e448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 75ee87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 75ee8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 75ee8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 75ee8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 75e5fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 75e668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 75ee8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 75ee8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 75ee865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 75e5fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 75e6b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 75ee8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 75ee85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\TODDSrv.exe[1016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe[1924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe[2380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2664] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[3428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe[3796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[3804] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\Toshiba\TECO\Teco.exe[4100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe[4328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe[4416] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Users\toshiba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe[4812] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 75e6b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 75e6b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 75ee8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 75e448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 75ee87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 75ee8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 75ee8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 75ee8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 75e5fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 75e668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 75ee8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 75ee8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 75ee865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 75e5fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 75e6b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 75ee8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 75ee85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075e48791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 75e6b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 75e6b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 75ee8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 75e448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 75ee87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 75ee8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 75ee8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 75ee8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 75e5fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 75e668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 75ee8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 75ee8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 75ee865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 75e5fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 75e6b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 75ee8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 75ee85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 75e6b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 75e6b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 75ee8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 75e448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 75ee87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 75ee8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 75ee8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 75ee8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 75e5fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 75e668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 75ee8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 75ee8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 75ee865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 75e5fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 75e6b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 75ee8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 75ee85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 75e6b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 75e6b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 75ee8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 75e448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 75ee87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 75ee8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 75ee8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 75ee8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 75e5fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 75e668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 75ee8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 75ee8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 75ee865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 75e5fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 75e6b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 75ee8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 75ee85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b31401 2 bytes JMP 75e6b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b31419 2 bytes JMP 75e6b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b31431 2 bytes JMP 75ee8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b3144a 2 bytes CALL 75e448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b314dd 2 bytes JMP 75ee87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b314f5 2 bytes JMP 75ee8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b3150d 2 bytes JMP 75ee8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b31525 2 bytes JMP 75ee8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b3153d 2 bytes JMP 75e5fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b31555 2 bytes JMP 75e668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b3156d 2 bytes JMP 75ee8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b31585 2 bytes JMP 75ee8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b3159d 2 bytes JMP 75ee865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b315b5 2 bytes JMP 75e5fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b315cd 2 bytes JMP 75e6b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b316b2 2 bytes JMP 75ee8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b316bd 2 bytes JMP 75ee85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[5836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[6124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text c:\Program Files (x86)\Nero\Update\NASvc.exe[5408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[3356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[2108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[6044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007747ef8d 1 byte [62] .text C:\Users\toshiba\Downloads\kdyosz36.exe[6056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e6a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4076:3644] 000007fefb5f2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4076:3684] 000007feedabcf60 ---- Files - GMER 2.1 ---- File C:\Windows\Temp\SEPAE8D.tmp 0 bytes ---- EOF - GMER 2.1 ----