1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mywebsearch virus? Or something of the sort. Please help

Discussion in 'Virus & Other Malware Removal' started by fightinharbaughs, Dec 6, 2011.

Thread Status:
Not open for further replies.
  1. fightinharbaughs

    fightinharbaughs Thread Starter

    Joined:
    Dec 6, 2011
    Messages:
    1
    About a week ago I started hearing background noise on my pc sounding like a radio show of some sort. But no window was visible playing anything. Now when I go to websites I get redirected to random sites, my browser often freezes up or doesn't load sites properly. I did a bit of googling and i think it may have something to do with mywebsearch? But I am not certain, I was hoping someone would be able to help me out. I tried to read the log instructions and list them as requested, please let me know if anything else is needed. Thanks for your time. - Here are the logs requested.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:22:18 PM, on 12/6/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=41648106&gct=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
    O3 - Toolbar: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Google Update] "C:\Users\gspot\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.exe -update activex (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - (no file)
    O18 - Protocol: vsharechrome - (no CLSID) - (no file)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - Unknown owner - K:\HitmanPro35.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    --
    End of file - 3377 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.1.0
    Run by gspot at 14:23:19 on 2011-12-06
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.818 [GMT -8:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.ask.com/?l=dis&o=41648106&gct=hp
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Google Update] "c:\users\gspot\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10g_ActiveX.exe -update activex
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B8975E82-EAE2-44B8-A788-61AE8389A716} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C7B91099-34D4-4E59-8BCC-0DA5ED14F727} : DhcpNameServer = 192.168.1.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\gspot\appdata\roaming\mozilla\firefox\profiles\9xl24pis.default\
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\gspot\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-2 366152]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-6 5430272]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-6 157184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-2 22216]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
    S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"k:\hitmanpro35.exe" /crusader:boot --> k:\HitmanPro35.exe [?]
    S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
    S3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-8-14 17408]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-8 15872]
    S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
    S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
    S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2010-4-26 28672]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
    S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
    S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-6 172032]
    S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-27 79360]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-06 08:18:41 388096 ----a-r- c:\users\gspot\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-06 08:18:41 -------- d-----w- c:\program files\Trend Micro
    2011-12-06 07:31:31 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-06 01:28:33 -------- d-----w- c:\users\gspot\appdata\roaming\Egutl
    2011-12-06 01:28:33 -------- d-----w- c:\users\gspot\appdata\roaming\Anuz
    2011-12-03 23:16:06 -------- d-----w- C:\Malwarebytes
    2011-12-03 00:28:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-03 00:28:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 23:22:18 -------- d--h--w- C:\$AVG
    2011-12-02 22:26:03 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-12-02 22:26:03 -------- d-----w- c:\programdata\AVG2012
    2011-12-02 22:20:18 116224 ----a-w- c:\programdata\6UR1oQ3o.exe_
    2011-12-02 20:36:02 -------- d--h--w- c:\programdata\Common Files
    2011-12-02 20:35:09 -------- d-----w- c:\programdata\MFAData
    2011-12-02 11:09:48 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{05994d19-2e6b-482e-b07b-00cff513f196}\mpengine.dll
    2011-11-28 18:07:37 -------- d-sh--w- C:\found.000
    2011-11-19 01:06:06 -------- d-----w- c:\program files\MonitorDriver
    2011-11-09 17:22:31 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 07:03:00 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 05:02:40 2341888 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-12-06 08:23:57 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-27 03:22:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 14:24:25.71 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-06 15:18:59
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000070 SAMSUNG_ rev.1AC0
    Running: ymc8wdcl.exe; Driver: C:\Users\gspot\AppData\Local\Temp\fgloqpog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13D1 83092349 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830CBD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text tdx.sys 8DABA000 34 Bytes [00, 00, 00, 00, 00, 00, 8B, ...]
    .text tdx.sys 8DABA023 211 Bytes [18, 5D, C2, 10, 00, CC, CC, ...]
    .text tdx.sys 8DABA0F7 79 Bytes [75, 14, 6A, 2B, FF, 75, 0C, ...]
    .text tdx.sys 8DABA147 26 Bytes [75, 08, FF, 15, 84, A1, AC, ...]
    .text tdx.sys 8DABA162 49 Bytes [00, 6A, 04, 8D, 45, 1C, 50, ...]
    .text ...
    ? C:\Windows\system32\DRIVERS\tdx.sys suspicious PE modification
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95418000, 0x2F786C, 0xE8000020]
    ? C:\Users\gspot\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtProtectVirtualMemory 77DA5F18 5 Bytes JMP 0059000A
    .text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtWriteVirtualMemory 77DA6A98 5 Bytes JMP 008E000A
    .text C:\Windows\system32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher 77DA7008 5 Bytes JMP 0054000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] ntdll.dll!LdrLoadDll 77DC22B8 5 Bytes JMP 6A602EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\tdx \Device\Tcp [8DAC4FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\tdx \Device\Udp [8DAC4FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
    Device \Driver\tdx \Device\RawIp [8DAC4FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) 8DAA1000-8DAB9000 (98304 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\[email protected]{C118F307-1F87-11DF-BF8B-806E6F6E6963} 13606766584

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB48449$\128892741 0 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310 0 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\@ 2048 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\bckfg.tmp 842 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\cfg.ini 208 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\keywords 202 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\L 0 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\L\xadqgnnk 74752 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\lsflt7.ver 5176 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\U 0 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 2048 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 224768 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 12800 bytes
    File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 98304 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030011

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice