Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting weird, freezing


  • Please log in to reply
2 replies to this topic

#1 broman400

broman400

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 AM

Posted 13 May 2018 - 10:29 PM

Recently had a trojan in my TEMP folder, Norton removed it and fixed some registry settings the trojan changed. After that I scanned with Malwarebytes and Bitdefender (removed norton) but all clean. Scanned recently with GMER and it put some system processes in the malware category. Attached is my log text, I don't know what to do or how to thoroughly check if I am actually infected. Thank you

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-05-13 23:22:12
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST500LT0 rev.0001 465.76GB
Running: ggqz4otu.exe; Driver: C:\Users\broma_000\AppData\Local\Temp\pglcqpoc.sys
 
 
---- Disk sectors - GMER 2.2 ----
 
Disk    \Device\Harddisk0\DR0                                 unknown MBR code
 
---- Threads - GMER 2.2 ----
 
Thread  C:\WINDOWS\system32\csrss.exe [720:1336]              ffffb8a73a246840
Thread  C:\WINDOWS\system32\svchost.exe [440:992]             00007ffd489a8b20
Thread  C:\WINDOWS\system32\svchost.exe [440:1256]            00007ffd435ab610
Thread  c:\windows\system32\svchost.exe [724:984]             00007ffd4b9af130
Thread  C:\WINDOWS\system32\dwm.exe [988:1116]                00007ffd46bfc740
Thread  C:\WINDOWS\system32\svchost.exe [1068:3000]           00007ffd49556b20
Thread  C:\WINDOWS\system32\svchost.exe [1068:3052]           00007ffd49556b20
Thread  C:\WINDOWS\system32\svchost.exe [1068:3296]           00007ffd49556b20
Thread  C:\WINDOWS\system32\svchost.exe [1068:3636]           00007ffd3ae8bc10
Thread  C:\WINDOWS\system32\svchost.exe [1068:3792]           00007ffd3b2ecdf0
Thread  C:\WINDOWS\system32\svchost.exe [1068:3984]           00007ffd3aebd030
Thread  C:\WINDOWS\system32\svchost.exe [1068:3988]           00007ffd3ae6db20
Thread  C:\WINDOWS\system32\svchost.exe [1068:3992]           00007ffd3ae64b10
Thread  c:\windows\system32\svchost.exe [1372:1436]           00007ffd41f0f550
Thread  c:\windows\system32\svchost.exe [1372:1548]           00007ffd41eea490
Thread  c:\windows\system32\svchost.exe [1372:1552]           00007ffd41eea490
Thread  c:\windows\system32\svchost.exe [1372:1556]           00007ffd41eea490
Thread  c:\windows\system32\svchost.exe [1476:1492]           00007ffd4b9af130
Thread  c:\windows\system32\svchost.exe [1476:1516]           00007ffd41474460
Thread  c:\windows\system32\svchost.exe [1528:1572]           00007ffd40fdd600
Thread  c:\windows\system32\svchost.exe [1528:4196]           00007ffd40ef28c0
Thread  c:\windows\system32\svchost.exe [1592:1640]           00007ffd40cbca90
Thread  c:\windows\system32\svchost.exe [1592:1680]           00007ffd40cd4fa0
Thread  c:\windows\system32\svchost.exe [1592:1684]           00007ffd40cdeb00
Thread  c:\windows\system32\svchost.exe [1592:1688]           00007ffd40cdf160
Thread  c:\windows\system32\svchost.exe [1592:1692]           00007ffd40cb5980
Thread  c:\windows\system32\svchost.exe [1592:3032]           00007ffd3ba78dc0
Thread  c:\windows\system32\svchost.exe [1592:3036]           00007ffd40e26330
Thread  c:\windows\system32\svchost.exe [1592:2348]           00007ffd40cd54a0
Thread  c:\windows\system32\svchost.exe [1604:2884]           00007ffd4db86b10
Thread  c:\windows\system32\svchost.exe [1732:1756]           00007ffd3f8e1a50
Thread  c:\windows\system32\svchost.exe [1852:1900]           00007ffd4b9af130
Thread  c:\windows\system32\svchost.exe [1844:2176]           00007ffd3db54410
Thread  c:\windows\system32\svchost.exe [1844:6880]           00007ffd3db543d0
Thread  c:\windows\system32\svchost.exe [2236:2248]           00007ffd3d82de50
Thread  c:\windows\system32\svchost.exe [2236:2264]           00007ffd3d82f040
Thread  c:\windows\system32\svchost.exe [2236:2268]           00007ffd3d82eed0
Thread  c:\windows\system32\svchost.exe [2236:2272]           00007ffd3d82f890
Thread  c:\windows\system32\svchost.exe [2236:8264]           00007ffd3d82a1d0
Thread  c:\windows\system32\svchost.exe [2316:2372]           00007ffd3d503420
Thread  c:\windows\system32\svchost.exe [2324:2380]           00007ffd3d5c3100
Thread  c:\windows\system32\svchost.exe [2324:2384]           00007ffd3d6060d0
Thread  c:\windows\system32\svchost.exe [2324:2388]           00007ffd3d45f3c0
Thread  c:\windows\system32\svchost.exe [2324:528]            00007ffd3d5c3100
Thread  C:\WINDOWS\System32\svchost.exe [2584:1228]           00007ffd40e26330
Thread  C:\WINDOWS\system32\svchost.exe [2592:2680]           00007ffd3c3817c0
Thread  C:\WINDOWS\system32\svchost.exe [2592:2684]           00007ffd3c5187f0
Thread  C:\WINDOWS\system32\svchost.exe [2592:4160]           00007ffd40e26330
Thread  C:\WINDOWS\system32\svchost.exe [2592:4056]           00007ffd3b965fa0
Thread  C:\WINDOWS\system32\svchost.exe [2592:4168]           00007ffd3b96a0d0
Thread  C:\WINDOWS\system32\svchost.exe [2592:3720]           00007ffd40e26330
Thread  c:\windows\system32\svchost.exe [2796:3212]           00007ffd3b8b5a50
Thread  c:\windows\system32\svchost.exe [2796:3716]           00007ffd4db86b10
Thread  c:\windows\system32\svchost.exe [3024:7612]           00007ffd16af0c10
Thread  c:\windows\system32\svchost.exe [3024:3620]           00007ffd16af0c10
Thread  c:\windows\system32\svchost.exe [1860:3408]           00007ffd3b185c30
Thread  c:\windows\system32\svchost.exe [1860:3468]           00007ffd3ad45080
Thread  c:\windows\system32\svchost.exe [1860:3532]           00007ffd3ad45080
Thread  c:\windows\system32\svchost.exe [2360:3128]           00007ffd4b9af130
Thread  c:\windows\system32\svchost.exe [2360:3180]           00007ffd3ada6af0
Thread  c:\windows\system32\svchost.exe [2360:3184]           00007ffd3adaacc0
Thread  c:\windows\system32\svchost.exe [2360:3868]           00007ffd39b313f0
Thread  c:\windows\system32\svchost.exe [2360:3876]           00007ffd39b0b760
Thread  c:\windows\system32\svchost.exe [2360:3940]           00007ffd39a66c60
Thread  c:\windows\system32\svchost.exe [2360:4804]           00007ffd41752240
Thread  c:\windows\system32\svchost.exe [2360:1792]           00007ffd41753f50
Thread  c:\windows\system32\svchost.exe [2436:3176]           00007ffd3add4790
Thread  c:\windows\system32\svchost.exe [2436:3220]           00007ffd3adef2e0
Thread  c:\windows\system32\svchost.exe [2436:3224]           00007ffd3adef2e0
Thread  c:\windows\system32\svchost.exe [2436:3228]           00007ffd3adfea70
Thread  c:\windows\system32\svchost.exe [2436:3452]           00007ffd3ad45080
Thread  c:\windows\system32\svchost.exe [2436:3552]           00007ffd3adf3e80
Thread  c:\windows\system32\svchost.exe [2436:3556]           00007ffd3adf3e80
Thread  c:\windows\system32\svchost.exe [2436:3560]           00007ffd3adf3e80
Thread  c:\windows\system32\svchost.exe [2436:3564]           00007ffd3adf3e80
Thread  c:\windows\system32\svchost.exe [2344:4040]           00007ffd49556b20
Thread  c:\windows\system32\svchost.exe [2344:5260]           00007ffd36e21030
Thread  c:\windows\system32\svchost.exe [2344:6064]           00007ffd38e245f0
Thread  c:\windows\system32\svchost.exe [2344:5324]           00007ffd38e245f0
Thread  c:\windows\system32\svchost.exe [3108:3380]           00007ffd3a591bf0
Thread  c:\windows\system32\svchost.exe [3108:3416]           00007ffd3b121390
Thread  c:\windows\system32\svchost.exe [3108:3420]           00007ffd3b121390
Thread  c:\windows\system32\svchost.exe [3108:3424]           00007ffd3b121390
Thread  c:\windows\system32\svchost.exe [3108:3428]           00007ffd3b121390
Thread  c:\windows\system32\svchost.exe [3108:4092]           00007ffd3ad45080
Thread  c:\windows\system32\svchost.exe [3108:1904]           00007ffd3a5bd760
Thread  c:\windows\system32\svchost.exe [3108:3956]           00007ffd3a5c2900
Thread  c:\windows\system32\svchost.exe [3188:3332]           00007ffd4b9af130
Thread  c:\windows\system32\svchost.exe [3232:3848]           00007ffd39d138d0
Thread  c:\windows\system32\svchost.exe [3232:3872]           00007ffd39b42b60
Thread  c:\windows\system32\svchost.exe [3768:4180]           00007ffd39ce6e50
Thread  c:\windows\system32\svchost.exe [3768:4184]           00007ffd39ceb0c0
Thread  C:\WINDOWS\system32\svchost.exe [1672:1132]           00007ffd3bf42670
Thread  C:\WINDOWS\system32\svchost.exe [1672:1040]           00007ffd49556b20
Thread  c:\windows\system32\svchost.exe [2376:3436]           00007ffd30a52160
Thread  c:\windows\system32\svchost.exe [2376:4060]           00007ffd30a45720
Thread  c:\windows\system32\svchost.exe [2376:3644]           00007ffd2e0287e0
Thread  c:\windows\system32\svchost.exe [2376:5872]           00007ffd304e3b20
Thread  c:\windows\system32\svchost.exe [2376:3888]           00007ffd2e08c7a0
Thread  c:\windows\system32\svchost.exe [2376:3840]           00007ffd2e07d180
Thread  c:\windows\system32\svchost.exe [3064:5844]           00007ffd4b9af130
Thread  c:\windows\system32\svchost.exe [6124:6200]           00007ffd40e26330
Thread  C:\WINDOWS\system32\SearchIndexer.exe [7024:1192]     00007ffd3bea4660
Thread  c:\windows\system32\svchost.exe [6312:1176]           00007ffd4733f210
Thread  c:\windows\system32\svchost.exe [1224:5312]           00007ffd41e1dda0
Thread  c:\windows\system32\svchost.exe [1224:7096]           00007ffd41e0ddb0
Thread  c:\windows\system32\svchost.exe [6984:1356]           00007ffd49bcf2b0
Thread  c:\windows\system32\svchost.exe [3016:2408]           00007ffd3ea609e0
Thread  c:\windows\system32\svchost.exe [2552:10456]          00007ffd3ea609e0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:3740]            00007ffd4d8e0ae0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:2476]            00007ffd3b8352e0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:5436]            00007ffd285f32d0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:4444]            00007ffd36c976b0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:2472]            00007ffd36c976b0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:2392]            00007ffd36c976b0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:3860]            00007ffd382c97d0
Thread  C:\WINDOWS\system32\ctfmon.exe [6744:268]             00007ffd4b64aaf0
Thread  C:\WINDOWS\Explorer.EXE [6004:8684]                   00007ffd1f25c730
Thread  C:\WINDOWS\Explorer.EXE [6004:8788]                   00007ffd382c97d0
Thread  C:\WINDOWS\Explorer.EXE [6004:8792]                   00007ffd282cf190
Thread  C:\WINDOWS\Explorer.EXE [6004:8924]                   00007ffd281b9a90
Thread  C:\WINDOWS\Explorer.EXE [6004:10844]                  00007ffd1e0691c0
Thread  C:\WINDOWS\Explorer.EXE [6004:9596]                   00007ffd43d81b80
Thread  C:\WINDOWS\Explorer.EXE [6004:10380]                  00007ffd40e26330
Thread  C:\WINDOWS\Explorer.EXE [6004:10396]                  00007ffd194b8ea0
Thread  C:\WINDOWS\Explorer.EXE [6004:10400]                  00007ffd40e26330
Thread  C:\WINDOWS\Explorer.EXE [6004:10412]                  00007ffd40e26330
Thread  C:\WINDOWS\Explorer.EXE [6004:232]                    00007ffd1676d9d0
Thread  C:\WINDOWS\Explorer.EXE [6004:10856]                  00007ffd1719236c
Thread  C:\WINDOWS\Explorer.EXE [6004:11112]                  00007ffd1719236c
Thread  C:\WINDOWS\Explorer.EXE [6004:11108]                  00007ffd166d5a74
Thread  C:\WINDOWS\Explorer.EXE [6004:11104]                  00007ffd2dba5c50
Thread  C:\WINDOWS\Explorer.EXE [6004:3308]                   00000000060816d0
Thread  C:\WINDOWS\Explorer.EXE [6004:7532]                   00000000060816d0
Thread  C:\WINDOWS\Explorer.EXE [6004:11252]                  00007ffd40b81770
Thread  C:\WINDOWS\Explorer.EXE [6004:2788]                   00007ffd28b5fef4
Thread  C:\WINDOWS\Explorer.EXE [6004:6444]                   00007ffd28c9b68c
Thread  C:\WINDOWS\Explorer.EXE [6004:10592]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:11044]                  00007ffd27479680
Thread  C:\WINDOWS\Explorer.EXE [6004:7508]                   00007ffd281b9a90
Thread  C:\WINDOWS\Explorer.EXE [6004:13876]                  00007ffd18652300
Thread  C:\WINDOWS\Explorer.EXE [6004:6760]                   00007ffd29b93610
Thread  C:\WINDOWS\Explorer.EXE [6004:8816]                   00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:12916]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:14208]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:13072]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:15912]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:10616]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:16128]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:10336]                  00007ffd29ba1a70
Thread  C:\WINDOWS\Explorer.EXE [6004:12500]                  00007ffd281b9a90
Thread  C:\WINDOWS\Explorer.EXE [6004:12256]                  00007ffd401f7180
Thread  C:\WINDOWS\Explorer.EXE [6004:15696]                  00007ffd299b6d60
Thread  C:\WINDOWS\Explorer.EXE [6004:15384]                  00007ffd27479680
Thread  C:\WINDOWS\Explorer.EXE [6004:13356]                  00007ffd4494b8b0
Thread  C:\WINDOWS\Explorer.EXE [6004:8928]                   00007ffd4494b8b0
Thread  C:\WINDOWS\Explorer.EXE [6004:15748]                  00007ffd281b9a90
Thread  C:\WINDOWS\Explorer.EXE [6004:7548]                   00007ffd299b6d60
Thread  c:\windows\system32\svchost.exe [7764:5108]           00007ffd3d1e0cf0
Thread  c:\windows\system32\svchost.exe [7764:4644]           00007ffd3d1e0cf0
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:8620]     00007ffd4aa81ce0
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:4596]     00007ffd492f0c30
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:8712]     00007ffd4cee3ec0
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:8196]     00007ffd382c97d0
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:6784]     00007ffd40e26330
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:7184]     00007ffd194b8ea0
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:5592]     00007ffd40e26330
Thread  C:\Windows\System32\RuntimeBroker.exe [9204:10444]    00007ffd40e26330
Thread  c:\windows\system32\svchost.exe [8072:7044]           00007ffd4b9af130
Thread  c:\windows\system32\svchost.exe [8072:5848]           00007ffd27b58b80
Thread  c:\windows\system32\svchost.exe [8072:6148]           00007ffd3ba78dc0
Thread  c:\windows\system32\svchost.exe [8072:7464]           00007ffd40e26330
Thread  C:\WINDOWS\system32\svchost.exe [2824:12488]          00007ffd4b19c170
Thread  C:\WINDOWS\system32\svchost.exe [2824:6976]           00007ffd4b19c170
Thread  C:\WINDOWS\system32\svchost.exe [2824:9644]           00007ffd4b19c170
Thread  C:\WINDOWS\system32\svchost.exe [2824:8476]           00007ffd4b19c170
Thread  C:\WINDOWS\System32\svchost.exe [1196:9592]           00007ffd4b9af130
Thread  C:\WINDOWS\System32\svchost.exe [1196:3680]           00007ffd44cd14a0
Thread  C:\WINDOWS\system32\SettingSyncHost.exe [13280:3156]  00007ffd3ea609e0
Thread  c:\windows\system32\svchost.exe [11684:10812]         00007ffd0f219ab0
 
---- EOF - GMER 2.2 ----
 


BC AdBot (Login to Remove)

 


#2 broman400

broman400
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 AM

Posted 14 May 2018 - 01:49 AM

After running another test with GMER it shows that I have some suspicious processes, after finding those processes it tells me to do a full system scan. Upon running a full scan Windows crashes and shows me an error message. Please see the attached images as to what the quick scan shows and the error I receive during a full scan
https://i.imgur.com/6D26Fzj.jpg
https://i.imgur.com/yVZ7lwZ.jpg/

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 16 May 2018 - 10:08 AM

Let's get a deeper look. Do steps 6 and 7.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users