GMER 1.0.15.15565 - http://www.gmer.net
Rootkit scan 2011-03-20 14:49:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HTS541080G9SA00 rev.MB4OC60R
Running: l1o5m5sm.exe; Driver: C:\Users\Astarte\AppData\Local\Temp\kgdiqfow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0x9750C780]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0x9750C830]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0x9750C8D0]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0x9750C970]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                               81AB9B74 4 Bytes  [80, C7, 50, 97] {ADD BH, 0x50; XCHG EDI, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                               81AB9DA4 8 Bytes  [30, C8, 50, 97, D0, C8, 50, ...] {XOR AL, CL; PUSH EAX; XCHG EDI, EAX; ROR AL, 0x1; PUSH EAX; XCHG EDI, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 681                                                                                               81AB9E04 4 Bytes  [70, C9, 50, 97] {JO 0xffffffffffffffcb; PUSH EAX; XCHG EDI, EAX}

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1196] USER32.dll!TrackPopupMenu                                       75FB14F3 5 Bytes  JMP 64A96373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1332] ntdll.dll!LdrLoadDll                                                     76E493A8 5 Bytes  JMP 001813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                     SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                     SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----