TechSpot

I got myself in a bit of a hole...

Solved
By Classified1
Nov 12, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    FSS log is incomplete.
    Redo.

    As for Security Check...
    Delete your file, download fresh one and try again.
  2. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Oh yes, I see, pardon my copy/paste skills...
    Here is the full log

    Farbar Service Scanner Version: 09-11-2012
    Ran by Tony&Theodore (administrator) on 16-11-2012 at 15:25:48
    Running from "C:\Users\Tony&Theodore\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-11-13 17:17] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    As for the security check issue, I have downloaded it multiple times and it keeps failing, I saw a skim of it saying install.text not found. What should I do about it?
  3. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Go ahead with Eset scan.

    When you have a chance post the content of following file:
    C:\Qoobox\Add-Remove Programs.txt
  4. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    I do believe I have already posted the eset scan above? Here is the add-remove programs text you requested

    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.5
    Amnesia: The Dark Descent Demo
    Apple Application Support
    Apple Software Update
    Autodesk Content Service
    Autodesk Material Library Base Resolution Image Library 2012
    AVG Security Toolbar
    AVS Image Converter 2.0.2.160
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.4
    Blacklight: Retribution
    Command & Conquer Generals
    Counter-Strike: Global Offensive
    Counter-Strike: Source
    CPMP-Tools
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Desura
    Desura: Black Mesa
    Desura: No More Room in Hell
    Diablo II
    Diablo III
    Dota 2
    Dual-Core Optimizer
    Fallout New Vegas
    FARO LS 1.1.406.58
    Foldit
    Fraps
    Garry's Mod
    GIMP 2.6.11
    Global Agenda
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Half-Life
    Half-Life 2: Lost Coast
    Half-Life: Blue Shift
    Hi-Rez Studios Authenticate and Update Service
    Hitman 2: Silent Assassin
    HP Officejet Pro 8500 A910 Help
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 25
    Java(TM) 6 Update 31
    Junk Mail filter update
    Killing Floor
    Kodu Game Lab
    League of Legends
    Lenovo Driver and Application Installation
    Lenovo Healthcare Software
    Lenovo Power2Go
    Lenovo Rescue System
    Lenovo Screensaver
    LVT
    LXH-JME2207FN Hotkey Driver
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee Security Scan Plus
    McAfee SiteAdvisor
    Mesh Runtime
    Messenger Companion
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Flight
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Mobile Mouse Server
    Moonbase Alpha
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    myTV
    Nation Red
    Norton Bootable Recovery Tool Wizard
    Norton Management
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Pando Media Booster
    Pirates, Vikings, & Knights II
    Pivot Stickfigure Animator version 2.2.6
    Power Dial
    PowerISO
    Project Zomboid (remove only)
    PunkBuster Services
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Rise of Immortals
    Rock of Ages
    Roxio BackOnTrack
    Roxio File Backup
    Roxio Update Manager
    Sansa Updater
    SaveTheChildren Reminder by We-Care.com v4.0.18.4
    SDFormatter
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Setup Support for Social Ribbons 1.0
    Shop To Win
    SocialRibbons LP5
    Sonic Generations Demo
    Source Filmmaker
    Source SDK
    Source SDK Base 2007
    Spiral Knights
    Spotify
    StarCraft
    StarCraft II
    StartNow Toolbar
    Steam(TM)
    Sumotori Full Version
    SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
    Synthesia (remove only)
    System Requirements Lab CYRI
    TeamViewer 6
    The Battle for Middle-earth (tm)
    The Elder Scrolls V: Skyrim
    ThemeWallpaper
    Tribes: Ascend
    Unity Web Player
    Universe Sandbox
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VideoLAN VLC media player 0.8.6f
    Vindictus
    Visual Studio 2008 x64 Redistributables
    Warcraft III
    Warhammer® 40,000®: Dawn of War® II – Retribution™
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (32-bit)
    Worms World Party
    Xilisoft DPG Converter
    YouTube Downloader Toolbar v4.6
    Zombie Panic Source
  5. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  6. Classified1

    Classified1 TS Rookie Topic Starter Posts: 55

    Here is the OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tony
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Tony&Theodore
    ->Temp folder emptied: 14178028 bytes
    ->Temporary Internet Files folder emptied: 9899768 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 353080946 bytes
    ->Flash cache emptied: 700 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 31360 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2713826 bytes

    Total Files Cleaned = 362.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tony
    ->Flash cache emptied: 0 bytes

    User: Tony&Theodore
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Tony
    ->Java cache emptied: 0 bytes

    User: Tony&Theodore
    ->Java cache emptied: 0 bytes

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 11162012_215706

    Files\Folders moved on Reboot...
    C:\Users\Tony&Theodore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    I followed all of your instructions and installed whatever was needed, I also changed most of my passwords, I will finish them come tomorrow. As for my computer, browsing is much faster, the boot up time has shortened, and the adware has stopped slowing down my pc. It almost feels as if it is new! Thank you so much for your time and patience with me, and sorry if I caused any inconvenience I kinda got flustered with copying and pasting large blocks of texts and also since I was programming a big project this week. Now before I go, should I be concerned of FREEzeFrog ever reappearing again? Again, thanks for the help!
  7. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.