2 explorer.exe

RoWin7 · 19 Mar 2020

Using MSE A-V. No problems

ALL FROM first file:

GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

Task: {3025A5C3-DD97-4F91-AC6C-67C460DB9239} - \Avira SystrayStartTrigger -> No File <==== ATTENTION
(I haven't used Avira in several years.)

Task: {D7B3B105-962F-40FD-9864-ED663D9077FC} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2020-02-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2020-02-19] <==== ATTENTION
Chucked AVAST a few months ago for BitDefender)

Task: {ED65A9AB-8F56-4D14-8EF9-115584A7E573} - \TechUtilities -> No File <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Task: {D7B3B105-962F-40FD-9864-ED663D9077FC} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
(I don't use IE, never have.)

=============================

samuria · 19 Mar 2020

The system is a mess you have lots of unsigned drivers temp folder is full firwall has 6000 entries

ootExecute: autocheck autochk /p \??\C:autocheck autochk * GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Date: 2020-03-14 21:00:09.210
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

RoWin7 · 19 Mar 2020

from 2nd file
No "ATTENTION" but loads of errors:

Application errors:
==================
Error: (03/19/2020 05:11:29 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (03/19/2020 05:11:29 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (03/19/2020 05:09:29 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (03/19/2020 05:09:29 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (03/19/2020 05:09:03 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (03/19/2020 05:09:03 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (03/19/2020 05:08:54 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (03/19/2020 05:08:54 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

System errors:
=============
Error: (03/19/2020 05:11:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 164 time(s).

Error: (03/19/2020 05:11:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

Error: (03/19/2020 05:09:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 163 time(s).

Error: (03/19/2020 05:09:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

Error: (03/19/2020 05:09:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 162 time(s).

Error: (03/19/2020 05:09:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

Error: (03/19/2020 05:08:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 161 time(s).

Error: (03/19/2020 05:08:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

RoWin7 · 19 Mar 2020

I had moved the TEMP folder to C:\ , don't remember why. I just emptied it again, and it's down to about 30 KB.

I don't know how to work all of Glasswire. But it hasn't blocked anything.

Bree · 19 Mar 2020

torchwood said:

@Bree
im also getting insecure connection
you getting any probs

When connecting to the pastebin links in post #6? No, I'm not seeing an insecure connection. I can read the text OK. My Firefox does report that it blocked one tracking cookie and a fingerprinter though.

Nor do I see more than just the one explorer.exe in my W7's Task Manager. Maybe unconnected, but there's one oddity in RoWin7's screenshot of the processes, the csrss.exe process has no user name showing. Mine shows SYSTEM as the user name.

RoWin7 said:

They're just text files, and too long to post...

Try putting them in a .zip file an attach them to a post.

torchwood · 19 Mar 2020

Hi

You should NEVER move the temp file away from C:

All programs/features and updates use it as a "holding" file and refer back to it to complete its operation.

As Samuria said your system is a mess.

Before we try and attempt 3rd party repairs, ie Me Bree Samaria
Please run these MS repair tools in this order
Chkdsk /r
sfc /scannow
Kb947821

REBOOT

Once completed rerun FRST
ZIP an post it please

Roy

RoWin7 · 19 Mar 2020

I have 7Zip. I'm not sure how to zip a file, I've tried "Add" on the main UI, but it just shows me the file's contents.

torchwood · 19 Mar 2020

Hi Rowin7

just right click on the folder = select send to >>> compressed (zipped) folder and attach to your reply

note
might be usefull to Uninstall Glasswire for the time being MS built in is pretty good anyway

Roy

RoWin7 · 19 Mar 2020

Temp folder IS in C.

2 zipped logs attached

torchwood · 19 Mar 2020

Hi Rowin7,

Once you have run the 3 system check tools, please open a thread at BleepingComputers - malware sub-forum.

There are a few items that i am suspicious off,

Roy