banana4523 Posted October 11 ID:1666062 Share Posted October 11 Hello everyone. before we start i want to say i'm new here. i checked topics i see people post their windows logs i don't know how to do that so please tell me i'm gonna reply with the logs. malwawrebytes dectected GSystem32 and GServices32 and Ground.exe is hiding in system32 file. i removed them but i want to make sure there's no malware left cause my pc randomly freezes and makes color lines and restarts. i don't know thats the malware doing that i ran memtest86 the results are fine i changed video adapters still doing the same thing updated gpu driver so i think its from hard drive. so i want to make sure there's no malware left or trojan thanks Link to post Share on other sites More sharing options...
banana4523 Posted October 11 Author ID:1666064 Share Posted October 11 the problems appears when i watch a youtube video or when i run malwarebytes after 5 mintues passed the computer freezes and makes color lines moving and sometimes beep sound and restarts Link to post Share on other sites More sharing options...
Porthos Posted October 11 ID:1666067 Share Posted October 11 @banana4523 Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following. Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware. Please do all of the requested scans in order and attach all of the results in your next reply.<<<<< Important. Please respond to all future instructions from your helper in a timely manner. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: Please pay close attention the the instructions in all of the following links. If you have not done so already - Enable System Protection and create a NEW System Restore Point <<<<< Important. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Windows 8 and newer only <<<<< Important. Show-Hidden-Folders-Files-Extensions Please run the following scans: Please pay close attention the the instructions in all of the following links. Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer <<<<< Important. Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Then be patient for the next expert to take your case. <<<<< Important. Thank you Link to post Share on other sites More sharing options...
banana4523 Posted October 12 Author ID:1666219 Share Posted October 12 i cannot send malwawrebytes scan log cause everytime i run the scan after 5 mintues my pc freeezes and makes color lines moving and restarts itself screenshot of color lines https://filestore.community.support.microsoft.com/api/images/b7a926b2-e04d-40cf-88f1-810975ae7225?upload=true&fud_access=hC1SxZhn7m%2FZQJkOIiOVstu10yTQgXS4A%2FDBzZTg8nbaCgIogkrcDydMeI5Y4za2dOqDdWtsG2JNS3E35V60i9TiGHR7STMpJHheeXuDvO8nwjUlqCBHhJ0NDvuYN7OS%2FMCeFG1AgY3qTp9gsksbHOAyLR5GCd3wH4%2B1%2BmPPMrGcx3RigTBb1SxvuWioVQ5ccwOOdzcaEETsITuTg3NmPZx0NiS6Pua9Tg6hd94oG4HQlex86Fr%2Fxje9F41JH0vNzBsNAgIGB5AQABhNZRmxWIGW6k2nUFOWdGAbDVWjIfNDiLPXwjafocNLSwY%2F6BlieTjcIAZWcEejGIr8IrFUNnbelcasz6JZib1Q4B%2FBuKQXzWwubxnj1mhb%2BQoNG2VuZe1Q2xo6%2BwDMThYc%2BXWHVTx1KoavgPLlzCqZK82PZ38%3D i have bsods if you want to view it there's t he other logs FRST.txt Addition.txt AdwCleaner[S04].txt Link to post Share on other sites More sharing options...
banana4523 Posted Sunday at 12:13 PM Author ID:1666326 Share Posted Sunday at 12:13 PM Dear Porthos. i have been waiting for two days no one has helped me right now. i checked people new topics they get respond from expert helping them. like every expert ignores me i wawnt to get this problem fixed i didnt make new topic c ause you told me to be patient can y ou please do something Link to post Share on other sites More sharing options...
Porthos Posted Sunday at 01:40 PM ID:1666339 Share Posted Sunday at 01:40 PM You posted your logs 24h ago. It is the weekend and it can take some time to get to you. There are only 3 people authorized to assist. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted Monday at 06:52 AM Root Admin ID:1666399 Share Posted Monday at 06:52 AM Sorry for the delay. I spent time with the family this weekend I'll assist you in the morning I notice the computer is very old. That lone could be your issues, but we'll see what we can do to help. BIOS: Dell Inc. A10 04/30/2008 Motherboard: Dell Inc. 0PU052 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted Monday at 05:24 PM Root Admin ID:1666519 Share Posted Monday at 05:24 PM Good day @banana4523 First and foremost, your hard drive shows signs of a failing hard drive. I would highly recommend that you back up any important data to an external drive. Then look at either replacing the hard drive or possibly replacing the computer due to it's extreme age of circa 2008 2024-09-22 05:34 - 2024-09-22 05:34 - 000000000 __SHD C:\found.029 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.028 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.027 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.026 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.025 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.024 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.023 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.022 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.021 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.020 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.019 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.018 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.017 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.016 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.015 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.014 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.013 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.012 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.011 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.010 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.009 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.008 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.007 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.006 2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.005 That alone could be the reason you have issues with the system. Not recommended as it would be best to replace the hard drive or the computer, but if you do decide not to do that then you can try the following. [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following Bonjour (this program is rarely needed on Windows, but often causes networking issues) IObit Driver Booster (your system does not need software like this, waste of time and resources) [ 2 ] Your DNS Servers: 192.168.1.1 Please consider changing your default DNS server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Pick just one of these 5 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6 Quad 9 Public DNS IPv4 9.9.9.9 and 149.112.112.112 IPv6 2620:fe::fe and 2620:fe::9 (one of the best for most users) Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Server https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed [ 3 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\as\Desktop\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
banana4523 Posted Tuesday at 03:21 PM Author ID:1666690 Share Posted Tuesday at 03:21 PM still does the same thing Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted Tuesday at 06:43 PM Root Admin ID:1666743 Share Posted Tuesday at 06:43 PM Do you have unstable power in the area? I can promise you that those entries are a sign of data that was not saved correctly. Then a few days later it happened again. Please follow the directions below [ 1 ] Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply [ 2 ] Please read the entire post below before starting so that you're more familiar with the process [ 1 ] Please make the following system changes. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions [ 2 ] Microsoft Safety Scanner I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours to complete. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run and saved in the log. The scan may take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware. ) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found and did. Thank you Link to post Share on other sites More sharing options...
banana4523 Posted 11 hours ago Author ID:1667318 Share Posted 11 hours ago sorry for taking so long everytime i oepn the program microsoft safety scanner my pc does the same thing i tried today and it didnt crash or freeze finally. see if msert.log did it do full scan if not tell im gonna rescan msert.log cureit.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted 32 minutes ago Root Admin ID:1667405 Share Posted 32 minutes ago The Microsoft scanner originally found a lot of items it did not like but after final analysis it says it found no threats. The Dr. Web Cureit scanner also found no threats Please review the following link and make sure your system is as up to date as possible Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now