Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus Cannot Detect


  • This topic is locked This topic is locked
9 replies to this topic

#1 Adams369

Adams369

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 04 February 2015 - 06:00 AM

I may have a possible virus I cannot detect. ran all the scans. used malewarebytes, bit defender, adware combofix., jrt. hitman pro. 
 
It was suggested that I run this tool next and create a new post. 
 
Here are the logs to that scan from FRST 
   

Edited by nasdaq, 07 February 2015 - 08:52 AM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 PM

Posted 06 February 2015 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicyUsers\S-1-5-21-3870609012-794909086-4015160540-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3870609012-794909086-4015160540-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll No File
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKU\S-1-5-21-3870609012-794909086-4015160540-1000\...\Chrome\Extension: [cpjcfkafoikjcfhdgpekofjgkedkpemc] - C:\Users\Mike\AppData\Local\CRE\cpjcfkafoikjcfhdgpekofjgkedkpemc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cpjcfkafoikjcfhdgpekofjgkedkpemc] - C:\Users\Mike\AppData\Local\CRE\cpjcfkafoikjcfhdgpekofjgkedkpemc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\Mike\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S1 Beep; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 WDC_SAM; system32\DRIVERS\wdcsam64.sys [X]
AlternateDataStreams: C:\Windows\uninst.exe:BDU
AlternateDataStreams: C:\Windows\SysWOW64\sabprocenum.sys:BDU
AlternateDataStreams: C:\ProgramData\TEMP:82C232FB
AlternateDataStreams: C:\ProgramData\TEMP:9885B41F
AlternateDataStreams: C:\Users\Mike\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Mike\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\Mike\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Mike\Downloads\OTC.exe:BDU
AlternateDataStreams: C:\Users\Mike\Downloads\tweaking.com_windows_repair_aio_setup.exe:BDU

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Adams369

Adams369
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 06 February 2015 - 10:34 AM

Here is the file 
 
I will have to let you know how it's running the internet works for awhile and then I always have to reset the network adapter. so time will tell 
 
thank you for your help in this issue

Edited by nasdaq, 07 February 2015 - 08:51 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 PM

Posted 07 February 2015 - 08:18 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 Adams369

Adams369
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 07 February 2015 - 08:39 AM

Can't seem to upload the txt file tried zip file to upload not working either. not sure it just keeps saying to big to upload. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 PM

Posted 07 February 2015 - 08:53 AM

I have remove your other attachments.

To to attach the zip file now.

#7 Adams369

Adams369
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 07 February 2015 - 09:37 AM

here you go Attached File  checkup.zip   618bytes   1 downloads

Results of screen317's Security Check version 0.99.96
Windows Vista Service Pack 2 x64
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox (Edition.)
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2015 vsserv.exe
Bitdefender Bitdefender 2015 updatesrv.exe
Bitdefender Bitdefender 2015 bdagent.exe
Bitdefender Bitdefender 2015 bdwtxag.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

Edited by nasdaq, 07 February 2015 - 01:36 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 PM

Posted 07 February 2015 - 01:39 PM

You have the latest version of Java for both 32 and 64 bit programs.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 Adams369

Adams369
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 07 February 2015 - 02:38 PM

I am aware of all the safety tips and thank you so much for your help. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 PM

Posted 08 February 2015 - 08:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users