Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #31  
Old January 16th, 2019, 07:22 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,807
As huge as these logs have gotten I am sure everyone is challenged.

I would back off checking for rootkits, except I have never had Gmer crash for no reason on 10 before.

Open Gmer. Does it show anything on it's initial scan (no, don't push the Scan button)? If so, can you use the snipping too and take a snap of it, upload it to a photo site and post a copy here?

Also after opening Gmer, click the >>> at the top to expand the tabs. Then click the processes tab. Look through that list, and see if there are any blank spaces (no exe file or info shows). Also if there are processes similar to:

.32*

Again, upload a snap if you spot any.

============

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt type the following, pressing Enter after:

chkdsk /r

It will likely find volumes in use and ask if you want it to run on reboot - select Y for yes, then reboot. This will scan for files as well a locate and repair bad sectors of the disk.

You can watch as it checks the disk, and be looking for it moving or changing or recovering files or sectors, which would suggest file system corruption. Check disk will correct all these. Post back after if it helped any.
Reply With Quote


  #32  
Old January 17th, 2019, 12:51 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
10:18:34.0218 0x1c54 WAB Migrate - ok
10:18:34.0218 0x1c54 Waiting for KSN requests completion. In queue: 265
10:18:35.0237 0x1c54 AV detected via SS2: Windows Defender, windowsdefender:// ( ), 0x60100 ( disabled : updated )
10:18:35.0253 0x1c54 AV detected via SS2: ESET Security, C:\Program Files\ESET\ESET Security\ecmds.exe ( 12.0.31.0 ), 0x41000 ( enabled : updated )
10:18:35.0253 0x1c54 Win FW state via NFP2: enabled ( trusted )
10:18:35.0469 0x1c54 ================================================== ==========
10:18:35.0469 0x1c54 Scan finished
10:18:35.0469 0x1c54 ================================================== ==========
10:18:35.0469 0x2154 Detected object count: 0
10:18:35.0469 0x2154 Actual detected object count: 0
Reply With Quote
  #33  
Old January 17th, 2019, 12:55 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Nothing about .32
Reply With Quote
  #34  
Old January 17th, 2019, 01:12 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2019-01-16 18:12:11
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c TOSHIBA_MQ01ABD075 rev.AX1P2C 698.64GB
Running: tnmspzf6.exe; Driver: C:\Users\MattS\AppData\Local\Temp\kwddiaow.sys


---- Disk sectors - GMER 2.2 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Threads - GMER 2.2 ----

Thread C:\WINDOWS\system32\csrss.exe [764:8092] ffff85a0893d6840
Thread C:\WINDOWS\system32\svchost.exe [588:1120] 00007ffb0a2e8b00
Thread C:\WINDOWS\system32\svchost.exe [588:1244] 00007ffb0a4ebfd0
Thread C:\WINDOWS\system32\svchost.exe [1492:2972] 00007ffafe3cbc70
Thread C:\WINDOWS\system32\svchost.exe [1492:3036] 00007ffafe3fd080
Thread C:\WINDOWS\system32\svchost.exe [1492:3184] 00007ffafe3adb20
Thread C:\WINDOWS\system32\svchost.exe [1492:3188] 00007ffafe3a4b10
Thread c:\windows\system32\svchost.exe [2036:2080] 00007ffb0347d600
Thread c:\windows\system32\svchost.exe [2036:3652] 00007ffb0fddaaf0
Thread c:\windows\system32\svchost.exe [2036:4008] 00007ffb033b28c0
Thread c:\windows\system32\svchost.exe [2056:2144] 00007ffb032e3420
Thread c:\windows\system32\svchost.exe [2064:2236] 00007ffb03103100
Thread c:\windows\system32\svchost.exe [2064:2240] 00007ffb031460b0
Thread c:\windows\system32\svchost.exe [2064:1028] 00007ffb03103100
Thread C:\WINDOWS\System32\svchost.exe [2328:4248] 00007ffb034e6330
Thread C:\WINDOWS\system32\svchost.exe [2652:3132] 00007ffafe032670
Thread C:\WINDOWS\system32\svchost.exe [2652:3440] 00007ffb0afd6b20
Thread c:\windows\system32\svchost.exe [2716:2908] 00007ffafeac5a50
Thread c:\windows\system32\svchost.exe [2992:3272] 00007ffaf8ea0cf0
Thread c:\windows\system32\svchost.exe [2992:3800] 00007ffaf8ea0cf0
Thread c:\windows\system32\svchost.exe [2992:7544] 00007ffafe283aa0
Thread c:\windows\system32\svchost.exe [3068:5632] 00007ffb034e6330
Thread c:\windows\system32\svchost.exe [3236:3308] 00007ffb0d8cf130
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3472] 00007ffb034e6330
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3476] 00007ffb034e6330
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3784] 00007ffb034e6330
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3788] 00007ffb034e6330
Thread c:\windows\system32\svchost.exe [3908:3988] 00007ffafb426e50
Thread c:\windows\system32\svchost.exe [3908:3996] 00007ffafb42b0c0
Thread c:\windows\system32\svchost.exe [4156:4184] 00007ffb0d8cf130
Thread c:\windows\system32\svchost.exe [4156:4188] 00007ffafad814a0
Thread c:\windows\system32\svchost.exe [5400:5512] 00007ffb0fddaaf0
Thread C:\WINDOWS\Explorer.EXE [5588:5884] 00007ffae1bec730
Thread C:\WINDOWS\Explorer.EXE [5588:5956] 00007ffafa4897d0
Thread C:\WINDOWS\Explorer.EXE [5588:5976] 00007ffae468f360
Thread C:\WINDOWS\Explorer.EXE [5588:6120] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:5380] 00007ffae4579220
Thread C:\WINDOWS\Explorer.EXE [5588:6252] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:7768] 00007ffaf94e91e0
Thread C:\WINDOWS\Explorer.EXE [5588:3292] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:9052] 00007ffb034e6330
Thread C:\WINDOWS\Explorer.EXE [5588:9088] 00007ffacc218ea0
Thread C:\WINDOWS\Explorer.EXE [5588:9092] 00007ffb034e6330
Thread C:\WINDOWS\Explorer.EXE [5588:9096] 00007ffb034e6330
Thread C:\WINDOWS\Explorer.EXE [5588:8616] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:8660] 00007ffae0ed7160
Thread C:\WINDOWS\Explorer.EXE [5588:5044] 00007ffaedbc3610
Thread C:\WINDOWS\Explorer.EXE [5588:4924] 00007ffad0485c40
Thread C:\WINDOWS\Explorer.EXE [5588:3836] 00007ffafb280ce0
Thread C:\WINDOWS\Explorer.EXE [5588:5288] 00007ffad07022a0
Thread C:\WINDOWS\Explorer.EXE [5588:5708] 00007ffae4579220
Thread C:\WINDOWS\Explorer.EXE [5588:8012] 00007ffaedbd1a70
Thread C:\WINDOWS\Explorer.EXE [5588:10144] 00007ffadf6e6d60
Thread C:\WINDOWS\Explorer.EXE [5588:5376] 00007ffae4579220
Thread C:\WINDOWS\Explorer.EXE [5588:10780] 00007ffae0ed7160
Thread C:\WINDOWS\Explorer.EXE [5588:5432] 00007ffacc3118e0
Thread C:\WINDOWS\Explorer.EXE [5588:11096] 00007ffadfd6b8b0
Thread C:\WINDOWS\Explorer.EXE [5588:5968] 00007ffae0ed7160
Thread C:\WINDOWS\Explorer.EXE [5588:10964] 00007ffadf6e6d60
Thread C:\Windows\System32\RuntimeBroker.exe [6016:5180] 00007ffb0ccb6d50
Thread C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe [7008:6720] 00007ffafa687580
Thread C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe [7008:4652] 00007ffacb528d20
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:6300] 00007ffb0a06f6f0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:540] 00007ffad794db30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:1356] 00007ffaf94e91e0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:4672] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:4716] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:4128] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:6228] 00007ffad794cfc0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:1180] 00007ffaf8ea0cf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:3244] 00007ffaf8ea0cf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:7820] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:7824] 00007ffaef60c0f0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:7888] 00007ffafb280ce0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8084] 00007ffae7621a40
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8096] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8100] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8104] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8108] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8624] 00007ffaf964a7b0
Thread C:\Windows\System32\RuntimeBroker.exe [7836:8964] 00007ffb0ccb6d50
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8392] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8428] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8472] 00007ffacf351070
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8476] 00007ffacf350800
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8480] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8520] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8536] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8552] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8588] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8604] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8636] 00007ffacf384670
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8720] 00007ffb0fddaaf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8724] 00007ffb0fddaaf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8824] 00007ffafb280ce0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8828] 00007ffad9338fa0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8832] 00007ffad95733e0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8836] 00007ffad95d6e20
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8840] 00007ffad9582470
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:9140] 00007ffad95d6e20
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:9144] 00007ffb0fddaaf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:9212] 00007ffb0ccb6d50
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8404] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8432] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8496] 00007ffacf351070
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8500] 00007ffacf350800
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8524] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8544] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8556] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8576] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8600] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8628] 00007ffacf384670
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8396] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8424] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8440] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8452] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8456] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8460] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8492] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8592] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8400] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8436] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8484] 00007ffacf351070
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8488] 00007ffacf350800
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8516] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8548] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8568] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8580] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8596] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8632] 00007ffacf384670
Thread C:\Windows\System32\RuntimeBroker.exe [4656:5148] 00007ffb0ccb6d50
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:8356] 00007ffafe8edd40
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:6676] 00007ffb0d843ec0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:6984] 00007ffaf94e91e0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7416] 00007ffafa687580
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7408] 00007ffb0d81a1c0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7520] 00007ffb0ccb6d50
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7708] 00007ffb0c5b4360
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7972] 00007ffb0a6fbc80
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:2004] 00007ffafb280ce0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7088] 00007ffafa4897d0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:8672] 00007ffb0702c760
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:4904] 00007ffaee9d1280
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:6000] 00007ffadf337ed0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:4944] 00007ffaf964a7b0

---- EOF - GMER 2.2 ----
Reply With Quote
  #35  
Old January 17th, 2019, 01:41 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,807
Did running check disk effect anything?
Reply With Quote
  #36  
Old January 17th, 2019, 04:46 PM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Both times I tried to run it ( after restarts) and ESET still off, it said it was used by another process.
Reply With Quote
  #37  
Old January 17th, 2019, 06:19 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,807
Not sure I understand. In the second half of my steps in post number 31, you follow those check disk steps, and what said it was busy?
Reply With Quote
  #38  
Old January 17th, 2019, 07:55 PM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
"CHKDSK cannot run because thee volume is in use by another process", would you like it to run after the system restarts" When I select Y after the reboot it says the same above message. I tried rebooting a few times this morning.
Reply With Quote
  #39  
Old January 17th, 2019, 08:00 PM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
also cannot lock current drive. Headed to work, it will be the morning before I can get back to this Thank you for the help so far.
Reply With Quote
  #40  
Old January 18th, 2019, 06:27 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Ran chkdsk and nothing found
Reply With Quote
  #41  
Old January 18th, 2019, 02:30 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,807
Sure not finding any smoking gun here. The logs show you have a few browser, or at least Internet Explorer and Firefox. Does the slowness occur in both of these?
Reply With Quote
  #42  
Old January 18th, 2019, 04:26 PM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Yes. Not as bad depending on the day.
Reply With Quote
  #43  
Old January 19th, 2019, 12:48 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,807
Intermittent problems are tougher to figure on.


Disable Eset and download and run Kaspersky's KVRT tool from here. It works similar to TDSSKiller. I don't have specific steps to run it, but have used it successfully to remove rootkits in the past when TDSSKiller found nothing.

===================

I also would like to check the dump file from the Gmer crash. Not necessarily to analyze it, since that will just say Gmer's file caused the crash. But I would like to see it's "strings", the readable text part of the file. Sometimes you can catch infection caught by surprise because of the dump.

Make sure you can View Hidden Files.


Navigate to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there.

I no longer have an upload site, so will need you to upload to one you use, then post the link here so I can download it. If you don't know of an upload site post and I will locate one.
Reply With Quote
  #44  
Old January 19th, 2019, 04:14 PM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Hi Tom, no minidump file and the scan was clean. Could it be it's just aging? it's an HP with an I5 processor, clocked at 2.4 GHZ and 6 GB ram?
Reply With Quote
  #45  
Old January 21st, 2019, 05:25 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,807
That would effect all system speeds. And surely not all that old of a computer.

Open Device Manager - see here for steps.

Click on the Pointer next to Network adapters to expand the list. Identify your wireless device, right click it and select Uninstall. DO NOT agree to uninstall the drivers, if asked.

Reboot the computer. Windows should see the wireless device and reinstall it. See if clearing it and what that does clears up the Internet access.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:36 AM.