GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-28 17:15:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwkoqaod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwClose [0xEDE732A0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwConnectPort [0xEDE7134E]
SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                  ZwCreateKey [0xF750087E]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwCreateProcess [0xEDE72FD0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwCreateProcessEx [0xEDE73140]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwCreateSection [0xEDE73E10]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwCreateSymbolicLinkObject [0xEDE738AE]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwCreateThread [0xEDE747D0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwDuplicateObject [0xEDE73450]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwLoadDriver [0xEDE70EA0]
SSDT            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)                   ZwOpenFile [0xF71AF030]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwOpenProcess [0xEDE72DC0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwOpenSection [0xEDE73C3E]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwQuerySystemInformation [0xEDE74436]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwRequestWaitReplyPort [0xEDE71930]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwResumeThread [0xEDE74740]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwSetContextThread [0xEDE74B00]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwSetInformationFile [0xEDE750C0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwSetSecurityObject [0xEDE6FAF0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwSetSystemInformation [0xEDE73A90]
SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                  ZwSetValueKey [0xF7500BFE]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwSuspendThread [0xEDE746F0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwSystemDebugControl [0xEDE711B0]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwTerminateProcess [0xEDE742AB]
SSDT            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  ZwWriteVirtualMemory [0xEDE73310]

Code            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  FsRtlCheckLockForReadAccess
Code            \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)  IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                           804E9FA0 5 Bytes  JMP EDE75520 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                              804EE87E 5 Bytes  JMP EDE75A20 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
init            C:\WINDOWS\system32\drivers\tifm21.sys                             entry point in "init" section [0xF651083F]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                             klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Ip                                           rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                            SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                            EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                            SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                            EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                          rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                          rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                        rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

---- EOF - GMER 1.0.15 ----