GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-29 18:58:45 Windows 6.1.7601 Service Pack 1 Running: vv4nopw6.exe ---- Modules - GMER 1.0.15 ---- Module \SystemRoot\system32\DRIVERS\LPCFilter.sys (LPCFilter/COMPAL ELECTRONIC INC.) 00E00000-00E0F000 (61440 bytes) Module \SystemRoot\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) 010B3000-011CF000 (1163264 bytes) Module \SystemRoot\system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) 01035000-01040000 (45056 bytes) Module \SystemRoot\System32\Drivers\PxHlpa64.sys (Px Engine Device Driver for 64-bit Windows/Sonic Solutions) 010A0000-010AC000 (49152 bytes) Module \SystemRoot\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver/TOSHIBA Corporation) 01B8D000-01B92000 (20480 bytes) Module \SystemRoot\system32\DRIVERS\tos_sps64.sys (tos_sps64/TOSHIBA Corporation) 01800000-0187A000 (499712 bytes) Module \SystemRoot\system32\Drivers\fsbts.sys 01BCC000-01BDC000 (65536 bytes) Module \??\C:\Program_Files\SUPERAntiSpyware\SASKUTIL64.SYS (SASKUTIL64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) 014A4000-014AE000 (40960 bytes) Module \??\C:\Program_Files\SUPERAntiSpyware\SASDIFSV64.SYS (SASDIFSV64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) 013DA000-013E4000 (40960 bytes) Module \SystemRoot\system32\drivers\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 04063000-0406E000 (45056 bytes) Module \??\C:\Program_Files_(x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys 0406E000-04076000 (32768 bytes) Module \SystemRoot\System32\drivers\fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) 04076000-0408B000 (86016 bytes) Module \??\C:\Program_Files_(x86)\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 64-bit kernel module/F-Secure Corporation) 0408B000-04098000 (53248 bytes) Module \SystemRoot\System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) 04098000-040A7000 (61440 bytes) Module \SystemRoot\system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) 04A4F000-05157000 (7372800 bytes) Module \SystemRoot\system32\DRIVERS\Rt64win7.sys (Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver /Realtek ) 03E5C000-03EB2000 (352256 bytes) Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) 03EE4000-03F2D000 (299008 bytes) Module \SystemRoot\system32\DRIVERS\tdcmdpst.sys (TOSHIBA ODD Writing Driver for x64./TOSHIBA Corporation.) 03F3E000-03F48000 (40960 bytes) Module \SystemRoot\system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) 05E03000-05FE2000 (1961984 bytes) Module \SystemRoot\system32\DRIVERS\RTL8187B.sys (Realtek RTL8187B NDIS Driver/Realtek Semiconductor Corporation ) 04200000-04279000 (495616 bytes) Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 00520000-0052A000 (40960 bytes) Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) 00840000-008A1000 (397312 bytes) Module \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) 02B26000-02B31000 (45056 bytes) Module \??\C:\Program_Files_(x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys 05CCF000-05D03000 (212992 bytes) Module \Windows\System32\lpk.dll (Language Pack/Microsoft Corporation) FF670000-FF67E000 (57344 bytes) Module \Windows\System32\usp10.dll (Uniscribe Unicode script processor/Microsoft Corporation) FF1A0000-FF269000 (823296 bytes) Module \Windows\System32\devobj.dll (Device Information Set DLL/Microsoft Corporation) FDCD0000-FDCEA000 (106496 bytes) ---- Processes - GMER 1.0.15 ---- Process TosSENotify.exe 624 Process CFProcSRVC.exe 628 Process TCrdMain.exe 1184 Process SynTPEnh.exe 1188 Process SASCore64.exe 1300 Process armsvc.exe 1332 Process fsgk32st.exe 1408 Process FSMA32.EXE 1428 Process RAVCpl64.exe 1468 Process fsgk32.exe 1752 Process CFIWmxSvcs64.exe 1760 Process sua.exe 1928 Process TODDSrv.exe (TDCSrv Application/TOSHIBA Corporation) 1996 Process TosCoSrv.exe 2044 Process igfxtray.exe (igfxTray Module/Intel Corporation) 2392 Process hkcmd.exe (hkcmd Module/Intel Corporation) 2400 Process igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 2476 Process igfxpers.exe (persistence Module/Intel Corporation) 2560 Process TosSmartSrv.exe 2840 Process fssm32.exe 2860 Process ipoint.exe 3096 Process vv4nopw6.exe 3268 Process NDSTray.exe 3584 Process SynTPHelper.exe 3684 Process wmpnetwk.exe 3720 Process KeNotify.exe 3756 Process igfxext.exe (igfxext Module/Intel Corporation) 3808 Process ToshibaServiceStation.exe 3884 Process RoxioBurnLauncher.exe 3892 Process serviceManager.exe 3904 Process FSLAUNCHER0.EXE 4300 Process CFSwMgr.exe 4376 Process CFSvcs.exe 4608 Process TMachInfo.exe 4928 ---- Services - GMER 1.0.15 ---- Service C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Core Service/SUPERAntiSpyware.com) [AUTO] !SASCORE Service C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) [AUTO] AdobeARMservice Service system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx Service system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci Service system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [MANUAL] adpu320 Service system32\DRIVERS\agrsm64.sys (SoftModem Device Driver/LSI Corp) [MANUAL] AgereSoftModem Service system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide Service system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata Service system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.) [MANUAL] amdsbs Service system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata Service system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc Service system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas Service system32\DRIVERS\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv Service system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation) [MANUAL] b57nd60a Service system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo Service system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp Service System32\Drivers\Brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid Service System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm Service System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm Service System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer Service BTHPORT Service C:\ComboFix\catchme.sys [MANUAL] catchme Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (ConfigFree Service Process/TOSHIBA CORPORATION) [AUTO] cfWiMAXService Service system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (ConfigFree Gadget Process Service/TOSHIBA CORPORATION) [AUTO] ConfigFree Gadget Service Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (ConfigFree Service Process/TOSHIBA CORPORATION) [AUTO] ConfigFree Service Service System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache Service system32\DRIVERS\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv Service system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor Service C:\??\C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [MANUAL] F-Secure Gatekeeper Service C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe (F-Secure Anti-Virus Scanning Service/F-Secure Corporation) [AUTO] F-Secure Gatekeeper Handler Starter Service C:\??\C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [SYSTEM] F-Secure HIPS Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk Service C:\windows\system32\Drivers\fsbts.sys [BOOT] fsbts Service C:\Program Files (x86)\Frontier\Security\FWES\Program\fsdfwd.exe (F-Secure Internet Shield daemon/F-Secure Corporation) [MANUAL] FSDFWD Service System32\drivers\fses.sys (F-Secure Email Interceptor/F-Secure Corporation) [SYSTEM] FSES Service System32\drivers\fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) [SYSTEM] FSFW Service C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE (F-Secure Management Agent/F-Secure Corporation) [AUTO] FSMA Service C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe (F-Secure ORSP Service/F-Secure Corporation) [MANUAL] FSORSPClient Service C:\??\C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [SYSTEM] fsvista Service system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir Service system32\drivers\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD Service ialm Service system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor Service system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [MANUAL] iaStorV Service system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx Service system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp Service system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService Service system32\DRIVERS\LPCFilter.sys (LPCFilter/COMPAL ELECTRONIC INC.) [BOOT] LPCFilter Service system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC Service system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS Service system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2 Service system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI Service system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation) [MANUAL] megasas Service system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR Service C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance Service MSDTC Bridge 3.0.0.0 Service MSDTC Bridge 4.0.0.0 Service system32\drivers\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios Service system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960 Service system32\drivers\nvraid.sys (NVIDIAŽ nForce(TM) RAID Driver/NVIDIA Corporation) [MANUAL] nvraid Service system32\drivers\nvstor.sys (NVIDIAŽ nForce(TM) Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor Service system32\DRIVERS\psi_mf.sys (Secunia PSI Driver/Secunia) [MANUAL] PSI Service System32\Drivers\PxHlpa64.sys (Px Engine Device Driver for 64-bit Windows/Sonic Solutions) [BOOT] PxHlpa64 Service system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300 Service system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx Service System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.) [MANUAL] RSUSBSTOR Service system32\DRIVERS\Rt64win7.sys (Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver /Realtek ) [MANUAL] RTL8167 Service system32\DRIVERS\RTL8187B.sys (Realtek RTL8187B NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTL8187B Service system32\DRIVERS\Rts516xIR.sys [MANUAL] RtsUIR Service C:\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [SYSTEM] SASDIFSV Service C:\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [SYSTEM] SASKUTIL Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv Service C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia PSI Agent/Secunia) [MANUAL] Secunia PSI Agent Service C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia Update Agent/Secunia) [AUTO] Secunia Update Agent Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2 Service system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4 Service SMSvcHost 3.0.0.0 Service SMSvcHost 4.0.0.0 Service system32\DRIVERS\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor Service C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (SureThing Labelflash Disc Printer Service Module/MicroVision Development, Inc.) [MANUAL] stllssvr Service system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP Service TCPIP6TUNNEL Service TCPIPTUNNEL Service system32\DRIVERS\tdcmdpst.sys (TOSHIBA ODD Writing Driver for x64./TOSHIBA Corporation.) [MANUAL] tdcmdpst Service C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TSS TMachInfo Service/TOSHIBA Corporation) [MANUAL] TMachInfo Service C:\Windows\system32\TODDSrv.exe (TDCSrv Application/TOSHIBA Corporation) [AUTO] TODDSrv Service C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Power Saver/TOSHIBA Corporation) [AUTO] TosCoSrv Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TosSmartSrv.exe/TOSHIBA Corporation) [MANUAL] TOSHIBA HDD SSD Alert Service Service system32\DRIVERS\tos_sps64.sys (tos_sps64/TOSHIBA Corporation) [BOOT] tos_sps64 Service system32\DRIVERS\TVALZ_O.SYS (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver/TOSHIBA Corporation) [BOOT] TVALZ Service system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass Service system32\DRIVERS\RtsUCcid.sys [MANUAL] USBCCID Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga Service system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide Service system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid Service C:\windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount Service Windows Workflow Foundation 3.0.0.0 Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [MANUAL] WMPNetworkSvc Service WSearchIdxPi ---- EOF - GMER 1.0.15 ----