Source
windows 7 64bit freezes. Not BSOD, just a freeze requiring me to reset the PC.
The last 5 freezes had these as the last process:
MOM.exe (PID) 3728
-----------------------------------
Use VEW
---------------
Go Start -Run - type in:
msconfig
Click OK
Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.
Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.
Click OK.
Restart computer in Normal Mode.
NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.
Run it for while and see, if it works OK.
================
Use the PC as usual
================
Now, you need a lot of time and a lot of patience.
Go back to "msconfig" and re-enable ONE of the services, you disabled before.
Restart computer.
Use it for a while.
No freezing?
Go back to "msconfig", re-enable next service.
Restart computer and so on.....
If services checks out, proceed with re-enabling startups, also one at a time.
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-----------------
Uninstall AVG using AVG Remover: http://www.avg.com/us-en/download-tools
Download and install one of these:
- Avira free antivirus: http://www.free-av.com/en/download/1/avira..._antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
Source
use OTL [List It] by OldTimer
OTL (OldTimer's List-It) 3.2.48.0
OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.
OTL does not make any determination whether an entry is good or bad. For help diagnosing the logs generated, view the tutorial, or ask for free assistance.
Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
OTL.com: http://oldtimer.geekstogo.com/OTL.com
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr
-----------
OTM by OldTimer (anteriormente OTMoveIt3) | InfoSpyware
OTM by OldTimer is a multi-purpose removal tool that allows you to remove various items in the one go, ranging from bad processes to files to services and complex registry fixes.
OTM file mover is more than just a program for deleting files. It allows you to use commands and wildcards that offer a lot of flexibility and aid you in removing files that otherwise can be tricky. The fact that it is automated makes it extremely easy for users and you will find that using the program for a registry fix is a better method than a manual registry fix.
OTM file mover is more than just a program for deleting files. It allows you to use commands and wildcards that offer a lot of flexibility and aid you in removing files that otherwise can be tricky. The fact that it is automated makes it extremely easy for users and you will find that using the program for a registry fix is a better method than a manual registry fix.
- Save it to your desktop.
- Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes :Services FilmFanaticService Viewpoint Manager Service :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FilmFanatic Browser Plugin Loader"=- :Files ipconfig /flushdns /c c:\program files\FilmFanatic c:\program files\VlcPlus c:\program files\PriceGong c:\program files\BabylonToolbar c:\users\Samuel Husky\AppData\Roaming\Babylon c:\users\Samuel Husky\AppData\Local\Babylon c:\programdata\Babylon c:\program files\Music Oasis c:\program files\Free Offers from Freeze.com c:\program files\Limewire Plus C:\Program Files\Viewpoint C:\Users\Samuel Husky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Oasis C:\Users\Samuel Husky\Desktop\VLC.lnk C:\Users\Public\Desktop\Babylon.lnk C:\Users\Public\Desktop\Music Oasis.lnk C:\Users\Samuel Husky\Desktop\Create Your Own Video Screensaver!.lnk C:\Users\Samuel Husky\Desktop\Free Dolphin Screensaver.lnk C:\Users\Samuel Husky\Desktop\Free Games!!.lnk C:\Users\Samuel Husky\AppData\Roaming\DriverCure C:\Users\Samuel Husky\AppData\Roaming\ParetoLogic :Commands [purity] [resethosts] [emptytemp] [emptyflash] [createrestorepoint] [reboot]
- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlightingALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM and reboot your PC.
Run OTL again
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Check the box that says Scan All Users.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.
Do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.
Source
When I go through google to click links, the link redirects me to a different unknown site. It takes me 4 times of opening the link before I can actually get to the site I want.(So it takes me 4 times of clicking the link and clicking the back button to actually be able to surf the web through Google). I also noticed that sometimes when searching things through web or typing things through Google it take a while to load, like something is thinking and seeing to make sure I don't open something it does not want. Sometimes when I go to certain virus help sites. Google chrome consistently crashes on that one webpage.
So far I have run Malwarebytes, Superantispyware, cccleaner, spybot, avg, microsoft computer essentials to no avail.
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------
Please download MiniToolBox and run it.
Checkmark following boxes:
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size
Download Malwarebytes' Anti-Malware (aka MBAM):http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
----------------
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
-----------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
- Double-click SystemLook.exe to run it.
- Vista users:: Right click on SystemLook.exe, click Run As Administrator
- Copy the content of the following box into the main textfield:
:filefind mfc42u.dll
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
=====================
Download MBRCheck.exe to your desktop
- Double click to run it
- It will prompt you with some text
- A text file will be generated on your desktop
- Now paste that text here for me.
While in Safe Mode.
Download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter. - Double click the setup file to run it.
- Click Next to continue.
- Accept the Licence agreement and click on next
- It will by default install it to your desktop folder.Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
- Then click on Scan at the to right hand Corner.
- It will automatically Neutralize any objects found.
- If some objects are left un-neutralized then click the button that says Neutralize all
- If it says it cannot be Neutralized then chooose The delete option when prompted.
- After that is done click on the reports button at the bottom and save it to file name it Kas.
- Save
it somewhere convenient like your desktop and just post only the
detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. [2012/03/24 09:46:54 | 000,000,677 | ---- | C] () -- C:\Users\Isaac\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
Source
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
=======================
Source
Lets dig deeper
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
- Then press the Enter Key on your Keyboard
________________
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
__________________Microsoft MVP Consumer Security 2007-2008-2009-2010-2011
=====================
Once your computer is cleaned
Source
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. (Windows XP only) Run defrag at your convenience.
11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html=====================
Source
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.
Turn system restore off.
Restart computer.
Turn system restore back on. If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
2. Make sure, Windows Updates are current.
3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
6. Run Temporary File Cleaner (TFC) weekly.
7. Download and install Secunia Personal Software Inspector (PSI):http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
10. Read How did I get infected?, With steps so it does not happen again!:http://www.bleepingcomputer.com/forums/topic2520.html
11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.
----------------
If you prefer something free. Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
LibreOffice
Firefox
No comments:
Post a Comment