Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 BSOD when running GMER


  • Please log in to reply
11 replies to this topic

#1 jrdaub89

jrdaub89

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 01:30 PM

Ok, so my issue is when I try to run GMER to check for rootkits and the like a few seconds after starting it, I get a bsod stating Attempted to write read only memory win32k.sys. My computer runs fine likewise and it only gets a stop when attempting to run GMER. Does this indicate that I may have a virus and/or rootkit? Any help would be appreciated. Thanks.



BC AdBot (Login to Remove)

 


#2 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 01:49 PM

==================================================
Dump File         : 020816-21078-01.dmp
Crash Time        : 2/8/2016 12:22:08 PM
Bug Check String  : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code    : 0x000000be
Parameter 1       : fffff960`26db0000
Parameter 2       : 80300000`08941001
Parameter 3       : ffffd000`a5f87171
Parameter 4       : 00000000`0000000b
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+0
File Description  : Full/Desktop Multi-User Win32 Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.10586.20 (th2_release_sec.151123-1940)
Processor         : x64
Crash Address     : ntoskrnl.exe+142770
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\020816-21078-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 10586
Dump File Size    : 281,276
Dump File Time    : 2/8/2016 12:23:59 PM
==================================================
 
This is the part of the .dmp file I'm not entirely sure how to post the entire dmp file 

Edited by jrdaub89, 08 February 2016 - 01:50 PM.


#3 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 01:59 PM

I also ran the driver verifier and when I rebooted it it instanly crashed. I cant remeber what the reason was but the file name was edevmon.sys which is tied to my eset antivirus i think?



#4 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 08 February 2016 - 05:19 PM

Here is my BSOD dump and perfmon report.

 

As well as system info here:

  • OS - Windows 10
  • x64
  • Originally was Windows 7 which I updated to Windows 10 via Windows Update.
  • Its about a year old
  • Windows 10 install is about 7 months old

 

  • Cpu- Intel Core i5 4440S 2.8GHz
  • Video Card- AMD Radeon HD 6670
  • Mobo- Gigabyte B85-HD3
  • PSU- DMX Power Brand, Model DMX450-450Watts
  • Custom Built Desktop PC

 

 

Attached Files



#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:51 AM

Posted 09 February 2016 - 06:48 AM

I'm headed out of town in a few minutes, but will be back by tomorrow AM

Uninstall ESET and enable Windows Defender and the Windows firewall.

Run Driver Verifier again and see what it says.

 

Zip up the contents of C:\Windows\Minidump and upload it with the next post (after running Driver Verifier)

If you can't zip it up, try copying it to your Desktop and zipping it up there.


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:51 AM

Posted 09 February 2016 - 06:49 AM

Oh, and post over in the Am I Infected forums for info about being infected:    http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 09 February 2016 - 08:45 AM

ok will do minidump zip in next post



#8 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 09 February 2016 - 09:15 AM

Ok I uninstalled eset and ran driver verifier and upon reboot it had a bsod before logon screen with the error: Driver_Verifier_Detected_Violation:tib.sys it doesn't looked like it created a new minidump file but attached is a zip of the minidump.

Attached Files



#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:51 AM

Posted 10 February 2016 - 06:38 AM

tib.sys is usually associated with Acronis TrueImage Backup Archive Explorer

Do you have an outdated version of Acronis installed (check their website)?

Regardless, please uninstall Acronis and see if that helps your situation.
Don't run Driver Verifier again unless the BSOD's recur.

 

FYI - you can still use the bootable version of Acronis without purchasing another version - but must uninstall the current version.
If it's not listed as compatible with your OS, then it must be uninstalled permanently.

If it is listed as compatible with your OS, then you'll have to uninstall it, then download and install a fresh copy (if you want to keep using it)

 

BUT...There seems to be a problem with axryqpow.sys on your system.  It's listed as the cause of the previous BSOD's (not your antivirus)

And a search for this driver doesn't give any significant results.  This is usually a sign (but not a definitive diagnosis) that the system is infected.

Please be sure to post over in the Am I Infected forums as I suggested previously.

It's likely that they will ask you to stop working on this topic - and that's a good thing.

Should the problems persist after the infection is removed, they'll refer you back here so we can continue troubleshooting.G

Good luck!

 

Here's the rest of the analysis:

 

This device is disabled in Device Manager:

 

TRENDnet N150 Wireless PCI Adapter    PCI\VEN_1814&DEV_5360&SUBSYS_703A20F4&REV_00\5&23EA0258&0&0800E3    This device is disabled.

If not using this device, please uninstall it's software and physically remove the device from your system

If using the device, re-enable it and update the driver software to the latest, W10 compatible version (then re-disable it if so desired)

 

Hundreds of errors (in the WER section of MSINFO32) scanning for updates (both Windows and Store Updates).

 

Analysis:
The following is for informational purposes only.
**************************Mon Feb  8 12:22:08.280 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\020816-21078-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.63.amd64fre.th2_release.160104-1513
System Uptime: 0 days 0:01:38.103
*** WARNING: Unable to verify timestamp for axryqpow.sys
*** ERROR: Module load completed but symbols could not be loaded for axryqpow.sys
Probably caused by : axryqpow.sys ( axryqpow+68a4 )
BugCheck BE, {fffff96026db0000, 8030000008941001, ffffd000a5f87171, b}
BugCheck Info: ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
Arguments:
Arg1: fffff96026db0000, Virtual address for the attempted write.
Arg2: 8030000008941001, PTE contents.
Arg3: ffffd000a5f87171, (reserved)
Arg4: 000000000000000b, (reserved)
BUGCHECK_STR:  0xBE
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  hix4ob6m.exe
FAILURE_BUCKET_ID:  0xBE_axryqpow!Unknown_Function
CPUID:        "Intel® Core™ i5-4440S CPU @ 2.80GHz"
MaxSpeed:     2800
CurrentSpeed: 2794
  BIOS Version                  F2
  BIOS Release Date             07/04/2014
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85-HD3
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Feb  8 11:07:08.726 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\020816-28125-01.dmp]
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Built by: 10586.63.amd64fre.th2_release.160104-1513
System Uptime: 3 days 20:24:03.406
*** WARNING: Unable to verify timestamp for axryqpow.sys
*** ERROR: Module load completed but symbols could not be loaded for axryqpow.sys
Probably caused by : axryqpow.sys ( axryqpow+68a4 )
BugCheck BE, {fffff96141510000, 803000010ef11001, ffffd00026c71171, b}
BugCheck Info: ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
Arguments:
Arg1: fffff96141510000, Virtual address for the attempted write.
Arg2: 803000010ef11001, PTE contents.
Arg3: ffffd00026c71171, (reserved)
Arg4: 000000000000000b, (reserved)
BUGCHECK_STR:  0xBE
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
PROCESS_NAME:  hix4ob6m.exe
FAILURE_BUCKET_ID:  0xBE_axryqpow!Unknown_Function
CPUID:        "Intel® Core™ i5-4440S CPU @ 2.80GHz"
MaxSpeed:     2800
CurrentSpeed: 2794
  BIOS Version                  F2
  BIOS Release Date             07/04/2014
  Manufacturer                  Gigabyte Technology Co., Ltd.
  Product Name                  B85-HD3
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
Any drivers in RED should be updated or removed from your system. And should have been discussed in the body of my post.
**************************Mon Feb  8 12:22:08.280 2016 (UTC - 5:00)**************************
SiSRaid2.sys                Wed Sep 24 14:28:20 2008 (48DA86C4)
sisraid4.sys                Wed Oct  1 17:56:04 2008 (48E3F1F4)
pwdrvio.sys                 Mon Jun 15 21:43:45 2009 (4A36F8D1)
iaStorV.sys                 Mon Apr 11 14:48:16 2011 (4DA34CF0)
stexstor.sys                Mon Nov 26 19:02:51 2012 (50B4032B)
amdsbs.sys                  Tue Dec 11 16:21:44 2012 (50C7A3E8)
tib_mounter.sys             Thu Dec 27 08:25:05 2012 (50DC4C31)
vstxraid.sys                Mon Jan 21 14:00:28 2013 (50FD904C)
bxvbda.sys                  Mon Feb  4 14:47:18 2013 (51101046)
fltsrv.sys                  Fri Mar  1 08:53:39 2013 (5130B2E3)
lsi_sss.sys                 Fri Mar 15 19:39:38 2013 (5143B13A)
tib.sys                     Wed Mar 20 05:00:38 2013 (51497AB6)
HpSAMD.sys                  Tue Mar 26 17:36:54 2013 (515214F6)
axryqpow.sys                Sun Apr  7 13:19:48 2013 (5161AAB4)
megasr.sys                  Mon Jun  3 18:02:39 2013 (51AD127F)
apmwin.sys                  Thu Jul 25 17:20:30 2013 (51F1969E)
gpt_loader.sys              Thu Jul 25 17:20:49 2013 (51F196B1)
mounthlp.sys                Thu Jul 25 17:20:58 2013 (51F196BA)
TeeDriverx64.sys            Thu Sep  5 14:02:18 2013 (5228C72A)
iaStorA.sys                 Thu Apr  3 19:00:05 2014 (533DE7F5)
nvraid.sys                  Mon Apr 21 14:28:42 2014 (5355635A)
nvstor.sys                  Mon Apr 21 14:34:03 2014 (5355649B)
vsmraid.sys                 Tue Apr 22 15:21:41 2014 (5356C145)
mvumis.sys                  Fri May 23 16:39:04 2014 (537FB1E8)
evbda.sys                   Mon Jan 12 05:29:16 2015 (54B3A1FC)
percsas3i.sys               Wed Feb  4 17:52:41 2015 (54D2A2B9)
percsas2i.sys               Thu Feb  5 17:51:05 2015 (54D3F3D9)
iaStorAV.sys                Thu Feb 19 07:08:39 2015 (54E5D247)
XtuAcpiDriver.sys           Thu Feb 26 07:51:57 2015 (54EF16ED)
megasas.sys                 Wed Mar  4 21:36:29 2015 (54F7C12D)
lsi_sas.sys                 Wed Mar 25 15:36:48 2015 (55130E50)
lsi_sas2i.sys               Wed Apr  8 16:58:43 2015 (55259683)
lsi_sas3i.sys               Thu Apr  9 14:07:43 2015 (5526BFEF)
arcsas.sys                  Thu Apr  9 15:12:07 2015 (5526CF07)
ADP80XX.SYS                 Thu Apr  9 16:49:48 2015 (5526E5EC)
amdxata.sys                 Thu Apr 30 20:55:35 2015 (5542CF07)
rt640x64.sys                Tue May  5 12:21:03 2015 (5548EDEF)
amdsata.sys                 Thu May 14 08:14:52 2015 (555491BC)
3ware.sys                   Mon May 18 18:28:03 2015 (555A6773)
edevmon.sys                 Mon Jul  6 10:33:20 2015 (559A91B0)
intelide.sys                Thu Oct 29 22:09:42 2015 (5632D166)
synth3dvsp.sys              Thu Oct 29 22:38:44 2015 (5632D834)
nv_agp.sys                  Thu Oct 29 22:39:06 2015 (5632D84A)
agp440.sys                  Thu Oct 29 22:39:51 2015 (5632D877)
vmsproxy.sys                Thu Oct 29 22:42:34 2015 (5632D91A)
hvsocket.sys                Thu Oct 29 22:46:55 2015 (5632DA1F)
VBoxNetLwf.sys              Tue Jan 19 11:40:16 2016 (569E66F0)
VBoxNetAdp6.sys             Tue Jan 19 11:40:17 2016 (569E66F1)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Feb  8 11:07:08.726 2016 (UTC - 5:00)**************************
WinisoCDBus.sys             Tue May  8 05:57:47 2012 (4FA8EE1B)
snapman.sys                 Wed Jan 16 08:44:06 2013 (50F6AEA6)
hfsplusrec.sys              Thu Jul 25 17:19:57 2013 (51F1967D)
AtihdWT6.sys                Mon May 25 21:21:51 2015 (5563CAAF)
SCDEmu.SYS                  Sun Jun  7 20:59:17 2015 (5574E8E5)
eamonm.sys                  Mon Jul  6 10:33:18 2015 (559A91AE)
ehdrv.sys                   Mon Jul  6 10:33:45 2015 (559A91C9)
epfwwfpr.sys                Mon Jul  6 10:35:11 2015 (559A921F)
LDrvPro64.sys               Wed Jul 15 01:07:34 2015 (55A5EA96)
RTKVHD64.sys                Wed Jul 29 07:59:49 2015 (55B8C035)
em015_64.dat                Thu Aug  6 05:05:59 2015 (55C32377)
intelppm.sys                Thu Oct 29 22:09:51 2015 (5632D16F)
atikmpag.sys                Wed Nov  4 16:16:43 2015 (563A75BB)
atikmdag.sys                Wed Nov  4 16:39:32 2015 (563A7B14)
01356383.sys                Mon Nov 16 03:58:57 2015 (56499AD1)
igdkmd64.sys                Wed Nov 18 14:28:29 2015 (564CD15D)
em006_64.dat                Wed Dec 16 08:27:36 2015 (567166C8)
VBoxUSBMon.sys              Tue Jan 19 11:40:17 2016 (569E66F1)
VBoxDrv.sys                 Tue Jan 19 11:40:46 2016 (569E670E)
em018_64.dat                Wed Jan 20 01:44:33 2016 (569F2CD1)
http://www.carrona.org/drivers/driver.php?id=SiSRaid2.sys
http://www.carrona.org/drivers/driver.php?id=sisraid4.sys
http://www.carrona.org/drivers/driver.php?id=pwdrvio.sys
http://www.carrona.org/drivers/driver.php?id=iaStorV.sys
http://www.carrona.org/drivers/driver.php?id=stexstor.sys
http://www.carrona.org/drivers/driver.php?id=amdsbs.sys
http://www.carrona.org/drivers/driver.php?id=tib_mounter.sys
http://www.carrona.org/drivers/driver.php?id=vstxraid.sys
http://www.carrona.org/drivers/driver.php?id=bxvbda.sys
http://www.carrona.org/drivers/driver.php?id=fltsrv.sys
http://www.carrona.org/drivers/driver.php?id=lsi_sss.sys
http://www.carrona.org/drivers/driver.php?id=tib.sys
http://www.carrona.org/drivers/driver.php?id=HpSAMD.sys
axryqpow.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=megasr.sys
http://www.carrona.org/drivers/driver.php?id=apmwin.sys
http://www.carrona.org/drivers/driver.php?id=gpt_loader.sys
http://www.carrona.org/drivers/driver.php?id=mounthlp.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=nvraid.sys
http://www.carrona.org/drivers/driver.php?id=nvstor.sys
http://www.carrona.org/drivers/driver.php?id=vsmraid.sys
http://www.carrona.org/drivers/driver.php?id=mvumis.sys
http://www.carrona.org/drivers/driver.php?id=evbda.sys
percsas3i.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
percsas2i.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=iaStorAV.sys
http://www.carrona.org/drivers/driver.php?id=XtuAcpiDriver.sys
http://www.carrona.org/drivers/driver.php?id=megasas.sys
http://www.carrona.org/drivers/driver.php?id=lsi_sas.sys
lsi_sas2i.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
lsi_sas3i.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=arcsas.sys
http://www.carrona.org/drivers/driver.php?id=ADP80XX.SYS
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
http://www.carrona.org/drivers/driver.php?id=amdsata.sys
http://www.carrona.org/drivers/driver.php?id=3ware.sys
http://www.carrona.org/drivers/driver.php?id=edevmon.sys
http://www.carrona.org/drivers/driver.php?id=intelide.sys
synth3dvsp.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=nv_agp.sys
http://www.carrona.org/drivers/driver.php?id=agp440.sys
vmsproxy.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
hvsocket.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=VBoxNetLwf.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp6.sys
http://www.carrona.org/drivers/driver.php?id=WinisoCDBus.sys
http://www.carrona.org/drivers/driver.php?id=snapman.sys
http://www.carrona.org/drivers/driver.php?id=hfsplusrec.sys
http://www.carrona.org/drivers/driver.php?id=AtihdWT6.sys
http://www.carrona.org/drivers/driver.php?id=SCDEmu.SYS
http://www.carrona.org/drivers/driver.php?id=eamonm.sys
http://www.carrona.org/drivers/driver.php?id=ehdrv.sys
http://www.carrona.org/drivers/driver.php?id=epfwwfpr.sys
LDrvPro64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=em015_64.dat
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
01356383.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=em006_64.dat
http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
http://www.carrona.org/drivers/driver.php?id=em018_64.dat
 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 10 February 2016 - 08:51 AM

Thank you for the help i will post to am i infected to see what they think!



#11 jrdaub89

jrdaub89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 10 February 2016 - 09:19 AM

For some reason I have found a syslist.txt file on my pc with a list of all my.sys files. The axryqpow.sys is located in my c:\users\appdata\local\temp and when i go there it oddly enough says that the sys file is a GMER driver!



#12 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:51 AM

Posted 10 February 2016 - 03:51 PM

I am not a malware expert, nor am I very familiar with GMER.

I am very suspicious of any drivers that load out of the AppData folders

 

Let the malware experts handle this - once they do what they do best, they'll send you back here if that's what's needed.

Good luck!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users