mbam , gmer
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/27/2010 12:39:42 AM
mbam-log-2010-10-27 (00-39-42).txt
Scan type: Quick scan
Objects scanned: 127237
Time elapsed: 8 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
********************************************************************
gmer:
GMER 1.0.15.15477 -
http://www.gmer.net
Rootkit scan 2010-10-27 08:30:16
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\sri\AppData\Local\Temp\uwldypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8BF31992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8BF333FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8BF33674]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8BF338E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8BF322AA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8BF32A52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8BF32E4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8BF324C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8BF32D34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8BF31582]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8BF32C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8BF3172A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8BF32F6E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8BF31F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8BF32030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8BF32C9E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8BF34596]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8BF35716]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8BF32694]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8BF34688]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8BF34D62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8BF32EE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8BF32336]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8BF32DC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8BF31BDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8BF34AFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8BF33004]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8BF31AD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8BF33B30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8BF3509C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8BF3498E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8BF33368]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8BF3322E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8BF34330]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8BF355B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8BF3279C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8BF3214C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8BF33BD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8BF34790]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8BF351EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8BF352DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8BF35418]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8BF344BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8BF31D7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8BF31CD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8BF34F40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8BF31E68]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A83599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82AAF730 4 Bytes [92, 19, F3, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82AAF758 8 Bytes [FA, 33, F3, 8B, 74, 36, F3, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82AAF79C 4 Bytes [E6, 38, F3, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82AAF7C8 4 Bytes [AA, 22, F3, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82AAF7EC 4 Bytes [52, 2A, F3, 8B]
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9E9A2000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9E9A2123 486 Bytes [D5, 99, 9E, FE, 05, 34, D5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 529A 9E9A230A 142 Bytes [99, 9E, 3B, 08, 77, 04, 3B, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9E9A2399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9E9A23FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
.text autochk.exe 002011D1 4 Bytes [5C, 7A, 2B, 64]
.text autochk.exe 002011D7 2 Bytes [8A, 4D]
.text autochk.exe 002011DA 1 Byte [41]
.text autochk.exe 002011DA 3 Bytes [41, 00, 4E]
.text autochk.exe 002011DE 1 Byte [55]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Tunngle\TnglCtrl.exe[688] ntdll.dll!DbgBreakPoint 77843574 1 Byte [90]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1624] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1624] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1624] USER32.dll!NotifyWinEvent + 48B 75ECF724 4 Bytes [70, 11, 46, 6C] {JO 0x13; INC ESI; INSB }
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtCreateFile + 6 77854A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtCreateFile + B 77854A3B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtMapViewOfSection + 6 77855096 1 Byte [28]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtMapViewOfSection + 6 77855096 4 Bytes [28, 03, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtMapViewOfSection + B 7785509B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenFile + 6 77855146 4 Bytes [68, 00, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenFile + B 7785514B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcess + 6 778551F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcess + B 778551FB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcessToken + B 7785520B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcessTokenEx + 6 77855216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenProcessTokenEx + B 7785521B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThread + 6 77855276 4 Bytes [68, 01, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThread + B 7785527B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThreadToken + 6 77855286 4 Bytes [68, 02, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThreadToken + B 7785528B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtOpenThreadTokenEx + B 7785529B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtQueryAttributesFile + 6 778553A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtQueryAttributesFile + B 778553AB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtQueryFullAttributesFile + B 7785545B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationFile + 6 77855AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationFile + B 77855AAB 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationThread + 6 77855B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtSetInformationThread + B 77855B0B 1 Byte [E2]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtUnmapViewOfSection + 6 77855E26 1 Byte [68]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtUnmapViewOfSection + 6 77855E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\sri\AppData\Local\Google\Chrome\Application\chrome.exe[3000] ntdll.dll!NtUnmapViewOfSection + B 77855E2B 1 Byte [E2]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74522494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74505624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7452250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74518573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74514D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74518819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7451907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7451E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74514C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- Threads - GMER 1.0.15 ----
Thread System [4:3824] 9E9AFF2E
---- EOF - GMER 1.0.15 ----