Mywebsearch virus? Or something of the sort. Please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

fightinharbaughs

Thread Starter
Joined
Dec 6, 2011
Messages
1
About a week ago I started hearing background noise on my pc sounding like a radio show of some sort. But no window was visible playing anything. Now when I go to websites I get redirected to random sites, my browser often freezes up or doesn't load sites properly. I did a bit of googling and i think it may have something to do with mywebsearch? But I am not certain, I was hoping someone would be able to help me out. I tried to read the log instructions and list them as requested, please let me know if anything else is needed. Thanks for your time. - Here are the logs requested.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:22:18 PM, on 12/6/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=41648106&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\gspot\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - (no file)
O18 - Protocol: vsharechrome - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - Unknown owner - K:\HitmanPro35.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 3377 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.1.0
Run by gspot at 14:23:19 on 2011-12-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.818 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.ask.com/?l=dis&o=41648106&gct=hp
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Google Update] "c:\users\gspot\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10g_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B8975E82-EAE2-44B8-A788-61AE8389A716} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C7B91099-34D4-4E59-8BCC-0DA5ED14F727} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gspot\appdata\roaming\mozilla\firefox\profiles\9xl24pis.default\
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\gspot\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-2 366152]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-6 5430272]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-6 157184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-2 22216]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"k:\hitmanpro35.exe" /crusader:boot --> k:\HitmanPro35.exe [?]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-8-14 17408]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-8 15872]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2010-4-26 28672]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-6 172032]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-27 79360]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
.
=============== Created Last 30 ================
.
2011-12-06 08:18:41 388096 ----a-r- c:\users\gspot\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-06 08:18:41 -------- d-----w- c:\program files\Trend Micro
2011-12-06 07:31:31 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-06 01:28:33 -------- d-----w- c:\users\gspot\appdata\roaming\Egutl
2011-12-06 01:28:33 -------- d-----w- c:\users\gspot\appdata\roaming\Anuz
2011-12-03 23:16:06 -------- d-----w- C:\Malwarebytes
2011-12-03 00:28:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 00:28:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-02 23:22:18 -------- d--h--w- C:\$AVG
2011-12-02 22:26:03 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-02 22:26:03 -------- d-----w- c:\programdata\AVG2012
2011-12-02 22:20:18 116224 ----a-w- c:\programdata\6UR1oQ3o.exe_
2011-12-02 20:36:02 -------- d--h--w- c:\programdata\Common Files
2011-12-02 20:35:09 -------- d-----w- c:\programdata\MFAData
2011-12-02 11:09:48 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{05994d19-2e6b-482e-b07b-00cff513f196}\mpengine.dll
2011-11-28 18:07:37 -------- d-sh--w- C:\found.000
2011-11-19 01:06:06 -------- d-----w- c:\program files\MonitorDriver
2011-11-09 17:22:31 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:03:00 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 05:02:40 2341888 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-12-06 08:23:57 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-27 03:22:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:24:25.71 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 15:18:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000070 SAMSUNG_ rev.1AC0
Running: ymc8wdcl.exe; Driver: C:\Users\gspot\AppData\Local\Temp\fgloqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83092349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830CBD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text tdx.sys 8DABA000 34 Bytes [00, 00, 00, 00, 00, 00, 8B, ...]
.text tdx.sys 8DABA023 211 Bytes [18, 5D, C2, 10, 00, CC, CC, ...]
.text tdx.sys 8DABA0F7 79 Bytes [75, 14, 6A, 2B, FF, 75, 0C, ...]
.text tdx.sys 8DABA147 26 Bytes [75, 08, FF, 15, 84, A1, AC, ...]
.text tdx.sys 8DABA162 49 Bytes [00, 6A, 04, 8D, 45, 1C, 50, ...]
.text ...
? C:\Windows\system32\DRIVERS\tdx.sys suspicious PE modification
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95418000, 0x2F786C, 0xE8000020]
? C:\Users\gspot\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtProtectVirtualMemory 77DA5F18 5 Bytes JMP 0059000A
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtWriteVirtualMemory 77DA6A98 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher 77DA7008 5 Bytes JMP 0054000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] ntdll.dll!LdrLoadDll 77DC22B8 5 Bytes JMP 6A602EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\tdx \Device\Tcp [8DAC4FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\tdx \Device\Udp [8DAC4FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\tdx \Device\RawIp [8DAC4FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8DAA1000-8DAB9000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\[email protected]{C118F307-1F87-11DF-BF8B-806E6F6E6963} 13606766584

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB48449$\128892741 0 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310 0 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\@ 2048 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\bckfg.tmp 842 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\cfg.ini 208 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\keywords 202 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\L 0 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\L\xadqgnnk 74752 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\U 0 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 2048 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 224768 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 12800 bytes
File C:\Windows\$NtUninstallKB48449$\4202645310\U\[email protected] 98304 bytes

---- EOF - GMER 1.0.15 ----
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top