Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware bytes blocking outgoing access but not finding any viruses


  • Please log in to reply
3 replies to this topic

#1 Flicker

Flicker

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 16 November 2011 - 03:15 PM

Hi guys,

having followed your excellend advice previously I now run Malware Bytes regularly and SuperAnti Spyware as well. I also have Zone Alarm installed as my firewall and occasionally run spybot to complement.


Saying all that, apart for some tracking cookies and my little one accidently agreeing to download something that turned out to be infected things have been fine.

For the past 2 days though, Malware bytes keeps reporting blocking an 'outgoing' attempt to connect to a malicious website via a report. It is logging this and I have scanned in both safe mode and normal mode with both this and antispyware and no significant finds so i'm at a loss as to where its coming from

Any suggestions as to what it might be? I've attached the last scan logs and your Mini toolbar results.
11/11/16
06:38:13 USER MESSAGE Protection started successfully
06:38:17 USER MESSAGE IP Protection started successfully
07:14:00 USER MESSAGE Scheduled scan executed successfully
16:27:17 USER MESSAGE Protection started successfully
16:27:21 USER MESSAGE IP Protection started successfully
18:42:49 USER MESSAGE Protection started successfully
18:42:53 USER MESSAGE IP Protection started successfully
19:13:51 USER MESSAGE Scheduled update executed successfully
19:14:49 USER MESSAGE IP Protection stopped
19:14:52 USER MESSAGE Database updated successfully
19:14:52 USER MESSAGE IP Protection started successfully
19:21:40 USER IP-BLOCK 77.91.228.126 (Type: outgoing, Port: 50045, Process: outlook.exe)

11/11/15
06:25:12 USER MESSAGE Protection started successfully
06:25:15 USER MESSAGE IP Protection started successfully
07:14:00 USER MESSAGE Scheduled scan executed successfully
16:13:43 USER MESSAGE Protection started successfully
16:13:47 USER MESSAGE IP Protection started successfully
19:14:53 USER MESSAGE Scheduled update executed successfully
19:15:17 USER MESSAGE IP Protection stopped
19:15:19 USER MESSAGE Database updated successfully
19:15:19 USER MESSAGE IP Protection started successfully
19:54:15 USER IP-BLOCK 77.91.228.126 (Type: outgoing, Port: 61306, Process: outlook.exe)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8178

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

16/11/2011 19:57:58
mbam-log-2011-11-16 (19-57-58).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 672
Time elapsed: 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MiniToolBox by Farbar
Ran by USER (administrator) on 16-11-2011 at 20:02:09
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : HOME-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-25-64-B1-F3-BF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e183:e4b7:ea17:6086%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 16 November 2011 16:11:33
Lease Expires . . . . . . . . . . : 17 November 2011 16:11:33
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234890596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-EB-80-C1-00-25-64-B1-F3-BF
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{A495ED50-8DC0-42D4-835E-57111C07D5B0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:286b:5fa:a1fd:7022(Preferred)
Link-local IPv6 Address . . . . . : fe80::286b:5fa:a1fd:7022%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: www.routerlogin.com
Address: 192.168.0.1

Name: google.com
Addresses: 209.85.147.147
209.85.147.99
209.85.147.103
209.85.147.104
209.85.147.105
209.85.147.106


Pinging google.com [209.85.147.105] with 32 bytes of data:
Reply from 209.85.147.105: bytes=32 time=86ms TTL=54
Reply from 209.85.147.105: bytes=32 time=37ms TTL=54

Ping statistics for 209.85.147.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 86ms, Average = 61ms
Server: www.routerlogin.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=206ms TTL=46
Reply from 98.137.149.56: bytes=32 time=189ms TTL=46

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 189ms, Maximum = 206ms, Average = 197ms

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
10...00 25 64 b1 f3 bf ......Broadcom NetXtreme 57xx Gigabit Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:79fd:286b:5fa:a1fd:7022/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::286b:5fa:a1fd:7022/128
On-link
10 276 fe80::e183:e4b7:ea17:6086/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193024] (Apple Inc.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2011 07:55:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 11.0.8326.0, time stamp: 0x4c1c2372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0063e199
Faulting process id: 0x904
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (11/16/2011 08:31:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/16/2011 08:30:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/15/2011 08:31:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/15/2011 08:30:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/14/2011 07:45:31 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Office Outlook because of this error.

Program: Microsoft Office Outlook
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/14/2011 07:45:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 11.0.8326.0, time stamp: 0x4c1c2372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x0078f6d5
Faulting process id: 0x13b4
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3

Error: (11/14/2011 08:29:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/14/2011 08:28:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/14/2011 07:38:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (11/16/2011 09:08:19 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (11/16/2011 00:30:23 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (11/15/2011 06:40:37 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa80098ec010, 0xfffff880059ab140, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP111511-24788-01

Error: (11/15/2011 06:40:34 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 18:38:01 on ?15/?11/?2011 was unexpected.

Error: (11/15/2011 09:11:59 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (11/15/2011 06:40:17 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service hung on starting.

Error: (11/15/2011 00:16:19 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (11/14/2011 08:24:50 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (11/14/2011 08:24:50 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (11/14/2011 08:23:36 PM) (Source: DCOM) (User: )
Description: 1084MDM{0C0A3666-30C9-11D0-8F20-00805F2CD064}


Microsoft Office Sessions:
=========================
Error: (11/16/2011 07:55:07 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c00000050063e19990401cca499728af290C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEunknowne1cdb430-108c-11e1-a724-002564b1f3bf

Error: (11/16/2011 08:31:54 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (11/16/2011 08:30:58 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/15/2011 08:31:24 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (11/15/2011 08:30:28 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/14/2011 07:45:31 PM) (Source: Application Error)(User: )
Description: Microsoft Office Outlook000000000

Error: (11/14/2011 07:45:31 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c00000960078f6d513b401cca305e331c338C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEunknown35aebc38-0ef9-11e1-8d2a-002564b1f3bf

Error: (11/14/2011 08:29:33 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (11/14/2011 08:28:56 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/14/2011 07:38:10 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


=========================== Installed Programs ============================

101 Dalmatians Print Studio
Ad-Aware (Version: 9.5.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Download Manager (Version: 1.6.2.60)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 9.4.6 (Version: 9.4.6)
Apple Application Support (Version: 1.1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Batch HTML to MHT Converter 2010
Bonjour (Version: 1.0.106)
CEAW Grand Strategy (Version: 1.12)
Close Combat Invasion Normandy
Close Combat IV
Company of Heroes - FAKEMSI (Version: 2.0.0.0)
Company of Heroes (Version: 2.601.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Creative MediaSource (Version: 3.00)
Dawn of War - Dark Crusade (Version: 1.00.0000)
Dawn Of War - Winter Assault (Version: 1.4)
DawnOfWar (Version: 1.00.00000)
Defcon v1.42
Dell Resource CD (Version: 1.00.0000)
Dora saves the Crystal Kingdom (Version: 1.00.0000)
Empire: Total War
Facebook Video Calling 1.0.0.8953 (Version: 1.0.8953)
Football Manager 2008 (Version: 8.0.0.0)
Galactic Assault - Prisoner of power (Version: )
Garmin Communicator Plugin (Version: 2.9.2)
Garmin USB Drivers (Version: 2.3.0.0)
GPGNet (Version: 1.0.0)
Hearts of Iron III
Heroes of Might and Magic® III
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Master of Orion 3
Medieval II Total War (Version: 1.00.0000)
Memoir'44 Online 1.0-beta14 (Version: 1.0-beta14)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Close Combat III
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Media Video 9 VCM
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 7.0.1 (x86 en-GB) (Version: 7.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Napoleon: Total War
NVIDIA Drivers (Version: 1.4)
NVIDIA PhysX (Version: 9.09.0203)
Order of War
Pando Media Booster (Version: 2.3.5.4)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.65.17.80)
Razer Naga (Version: 3.00.25)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.5506)
RealUpgrade 1.1 (Version: 1.1.0)
Risk II
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
Rush for Berlin GOLD (Version: 1.0)
SAMSUNG USB Mobile Device Software
Serif PhotoPlus SE (Version: 1.0.0.012)
Shockwave
Sid Meier's Civilization 4 Complete (Version: 1.74)
Sid Meier's Civilization V
Speccy (Version: 1.10)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1108)
Supreme Commander (Version: 1.00.0000)
TeamSpeak 3 Client
Total War: SHOGUN 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
Ventrilo Client (Version: 3.0.5)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Vodafone Mobile Broadband via the phone (Version: 2.6.15)
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinZip 14.5 (Version: 14.5.9095)
World of Tanks closed Beta v.0.6.3.8
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Security Toolbar (Version: 6.7.0.6)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 4093.34 MB
Available physical RAM: 2522.34 MB
Total Pagefile: 8184.88 MB
Available Pagefile: 6276.46 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1862.93 GB) (Free:1581.71 GB) NTFS
2 Drive d: (Defcon) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator ASPNET Guest
USER

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2011 at 08:54 PM

Application Version : 5.0.1136

Core Rules Database Version : 7940
Trace Rules Database Version: 5752

Scan type : Complete Scan
Total Scan Time : 00:31:26

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 379
Memory threats detected : 0
Registry items scanned : 71654
Registry threats detected : 0
File items scanned : 54904
File threats detected : 4

Adware.Tracking Cookie
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\user@openstat[5].txt [ /openstat.net ]
C:\USERS\USER\Cookies\user@openstat[5].txt [ Cookie:user@openstat.net/ ]
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\user@openstat[6].txt [ /openstat.net ]
C:\USERS\USER\Cookies\user@openstat[6].txt [ Cookie:user@openstat.net/ ]

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 16 November 2011 - 09:23 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Flicker

Flicker
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 17 November 2011 - 04:07 PM

No Modifications found to system.

There was no log to upload.

thanks

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 17 November 2011 - 06:21 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users