How safe is running Zoek 5.0.0.0

cottonball · 25 Mar 2015

If MBAR is freezing up, don't use it.

Let's go to something more simple...

Use the Farbar Service Scanner
Download: Downloading Farbar Service Scanner

Let's get a view of all services and dependencies scoped by the tool...
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender

Press: Scan

When done, FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply. (No personal info there.)

If you wish, remove the FRST.txt and the Addition.txt results from this thread (Posts 5 thru 10).

cottonball · 25 Mar 2015

After doing the above (Post #18), please check your current DNS server settings using the DNSCHECK tool from F-Secure:
https://www.ismydnshijacked.com/

Press: Start test

What is the Verdict?
Any DNS hijacking detected?

marysilver · 27 Mar 2015

Hi Cottonball,

Thanks. Sorry for the delay.

Farbar Service Scanner Version: 17-01-2015
Ran by 13 (administrator) on 27-03-2015 at 01:16:14
Running from "C:\Users\13\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

MBAR never did complete a scan without freezing...

marysilver · 27 Mar 2015

For the DNSCHECK tool it says:

"All is well.
No DNS hijacking detected."

I'm wondering if "Orbit downloader" is part of the problem. I went to open up Orbit the other day and the computer began acting up right away....started to freeze and make that sound maybe like 20 times within 20 seconds.

At one point right clicking on a download and clicking "Save As" disappeared as an option. And I had to download firefox extensions just to be able to download from blogtalk radio. Unless you know how I can get my right click "save as" option back, I'm not willing to delete orbit just yet though.

cottonball · 27 Mar 2015

Let's see if you have better luck with this program...

TDSSKiller Download

Select the .exe version

Doubleclick on TDSSKiller.exe to run the program.
At the Kaspersky TDSSKiller interface, click: Change parameters
Check: Detect TDLFS file system
Click: OK
Now, click Start Scan and allow the scan to run
If any threats are found, select: Skip (Do not select: Delete!!)
Click: Continue
Click: Reboot computer

When done, please provide the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically C:\)

cottonball · 27 Mar 2015

marysilver,

On your Save as and perhaps other issues, try the following, using Option 2 to Scan and Repair System files:
SFC /SCANNOW Command - System File Checker
If there are files that SFC cannot fix automatically, follow Option 3.

At this point, my personal assessment of your situation is the following:

Whatever virus or malware was taking over the computer, IMO, it caused irreparable damage to the system.
Just the possibility of having Win32.Fareit seriously compromises your computer, and a variant of this trojan steals passwords.

If this computer is a Dell, and has a Dell Recovery Partition, would consider pursuing the following:
https://neosmart.net/wiki/dell-recovery-partition/

Follow the instructions to: Access the recovery partition in Windows 7
It will reformat the hard drive and restore system software to factory condition.

gregrocker · 27 Mar 2015

If running Dell Windows 7 PC Restore should fail you can do the superior Clean Reinstall Windows 7.

Dell will provide Re installation media for just a small handling charge.

Be sure to read the Special Note for Dell Owners at the end to know how to handle existing partitions.

marysilver · 28 Mar 2015

Code:

01:

marysilver · 28 Mar 2015

Code:

01:11

marysilver · 28 Mar 2015

Code:

C:\Program Files\iPod\bin\iPodService.exe
01:11