G.EXE Preventing restart

[ascottventure]

I am having an issue where g.exe is sporadically preventing my PC from restarting.

Bitdefender and Malwarebytes Premium return clean scans.

How do I solve this?

[AdvancedSetup]

Hello @ascottventure and

Let me have you run the following and post back the logs as an attachment and we'll check and see what we can find.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

• If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• If you don't have Malwarebytes 3 installed yet please download it from here and install it.
• Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

[ascottventure]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-13-2018
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  22
# Failed:   4

***** [ Services ] *****

Deleted       Update service

***** [ Folders ] *****

Deleted       C:\Program Files\Hola
Deleted       C:\Users\Andrew\AppData\Roaming\Hola

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKU\S-1-5-18\Software\Hola
Deleted       HKU\.DEFAULT\Software\Hola
Deleted       HKLM\Software\Hola
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57819FBC-C3A7-4AD9-8E5D-FFD3A509395E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FEF4CE9B-B883-43C3-B787-DBC43091FCFA}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9657E258-E06A-4062-AF8B-C61C7A7ADF29}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{60BD4D79-DBF7-40A7-A97F-1B31D16E6953}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B405E5A3-1D46-46AC-ABFA-7D64C8CDE957}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7935604E-1188-4344-BBE3-FD64486FB505}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

Not Deleted   Amazon Assistant for Chrome
Not Deleted   SoundCloud Downloader Free

***** [ Chromium URLs ] *****

Deleted       Ask
Not Deleted   blogsearchengine.org
Not Deleted   AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3630 octets] - [13/09/2018 10:56:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

mbamlog.txt

FRST.txt

Addition.txt

[AdvancedSetup]

Please run the following from this topic to clean up Google Chrome

 

Once that's done, then run the next fix

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Once this fix is completed then go ahead and run a new AdwCleaner and Malwarebytes scan and post back their new logs too.

Ron

 

[ascottventure]

Here is the next round of logs...

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-13.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-13-2018
# Duration: 00:00:16
# OS:       Windows 10 Home
# Scanned:  41920
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [3630 octets] - [13/09/2018 10:56:50]
AdwCleaner[C00].txt - [3338 octets] - [13/09/2018 10:57:57]
AdwCleaner[S01].txt - [1511 octets] - [13/09/2018 13:17:48]
AdwCleaner[C01].txt - [1621 octets] - [13/09/2018 13:18:16]
AdwCleaner[S02].txt - [1494 octets] - [13/09/2018 13:26:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
 

Fixlog.txt

mbamlog2.txt

[AdvancedSetup]

Please download GUIPropView from Nir Sofer and extract the contents of the zip file to a new folder. Then right click over GUIPropView.exe and choose "Run as administrator".

Once opened the tool window populates, from the tool bar select "Top-level" make sure "Display Hidden Windows" is check marked, once done the tool window repopulates to include hidden windows.

Hold down the CTRL key and select all entries that have G listed under "Title" column, when all selected and highlighted blue, select > File > save selected items.

Name and save that text file to your Desktop or a place of your choice and upload on your next reply.

 

 

[ascottventure]

Here is the GUIpropview text file

 

GUIpropview.txt

[AdvancedSetup]

Those all show as hidden windows so I wouldn't think the system would show it. Let's do some other scans to see what we can find.

 

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

[ascottventure]

It didn't find anything

[AdvancedSetup]

Well, not seeing any type of infection. At this point it would have something to do with Windows itself and tracking that down may not be easy.

I would suggest looking at the Process Explorer from Microsoft or Process Monitor and see if you can track down the cause. Otherwise might need to check with a site that deals directly with Windows issues.

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

There is also a Microsoft Support site:  https://support.microsoft.com/en-us

 

[ascottventure]

OK thanks

 

[AdvancedSetup]

Take care and good luck.

Ron