Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outlook 2000, V14 Spam: "Undeliverable Messages" Outta Control!!


  • Please log in to reply
4 replies to this topic

#1 trickworm

trickworm

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 11 June 2013 - 10:16 AM

I am receiving over 100 email a day about "Undeliverable Email" to contacts and email addresses I don't know wnaything about and content that is pure Spam/gibberish.  I have been a long time lurker on this site and solved seveal issues from your great advice to others, but I am stumped now.  MS Essentails found a Trojan on 4-13-13 that said something about a proxy server, but it was quarantied and removed.  MBAM finds nothing.  Here are my Toolkit and MBAM logs.

OS is Win 7 Pro, SP1

 

Thanks a ton!!

MiniToolBox by Farbar  Version:21-04-2013
Ran by corbyn.v (administrator) on 11-06-2013 at 10:09:53
Running from "C:\Users\corbyn.v.SOT\Downloads"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DR
   Primary Dns Suffix  . . . . . . . : sot.smilesoftulsa.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : sot.smilesoftulsa.local
                                       sot.smilesoftulsa.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : sot.smilesoftulsa.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D0-67-E5-03-2D-92
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6cc0:7b01:10c:e08f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.112(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, May 30, 2013 10:33:24 AM
   Lease Expires . . . . . . . . . . : Tuesday, June 11, 2013 10:33:55 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248539109
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BF-BF-0F-D0-67-E5-03-2D-92
   DNS Servers . . . . . . . . . . . : 192.168.0.10
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.sot.smilesoftulsa.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : sot.smilesoftulsa.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.10

Name:    google.com
Addresses:  2001:4860:4007:801::1006
      74.125.224.169
      74.125.224.174
      74.125.224.160
      74.125.224.161
      74.125.224.162
      74.125.224.163
      74.125.224.164
      74.125.224.165
      74.125.224.166
      74.125.224.167
      74.125.224.168


Pinging google.com [74.125.224.169] with 32 bytes of data:
Reply from 74.125.224.169: bytes=32 time=59ms TTL=53
Reply from 74.125.224.169: bytes=32 time=54ms TTL=53

Ping statistics for 74.125.224.169:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 59ms, Average = 56ms
Server:  UnKnown
Address:  192.168.0.10

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=86ms TTL=52
Reply from 206.190.36.45: bytes=32 time=106ms TTL=52

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 106ms, Average = 96ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...d0 67 e5 03 2d 92 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.112     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.112    266
    192.168.1.112  255.255.255.255         On-link     192.168.1.112    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.112    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.112    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.112    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 11    266 fe80::6cc0:7b01:10c:e08f/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/11/2013 10:03:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x1344
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 09:53:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0xdfc
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 09:43:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0xfa4
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 09:33:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x1024
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 09:23:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x1014
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 09:13:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x1a6c
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 09:03:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x18bc
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 08:53:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x1e60
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 08:43:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x1cd0
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3

Error: (06/11/2013 08:33:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2
Exception code: 0xc0000005
Fault offset: 0x00005bd6
Faulting process id: 0x1274
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3


System errors:
=============
Error: (06/11/2013 07:57:03 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:57:00 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:57 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:54 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:53 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:52 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:52 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:51 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:50 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.

Error: (06/11/2013 07:56:49 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR6, has a bad block.


Microsoft Office Sessions:
=========================
Error: (06/11/2013 10:03:35 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd6134401ce66b4d74add91C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exe161f2f31-d2a8-11e2-a189-d067e5032d92

Error: (06/11/2013 09:53:33 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd6dfc01ce66b3707d1341C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeaf51da11-d2a6-11e2-a189-d067e5032d92

Error: (06/11/2013 09:43:31 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd6fa401ce66b20a4c4c41C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exe48845de1-d2a5-11e2-a189-d067e5032d92

Error: (06/11/2013 09:33:30 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd6102401ce66b0a42e9811C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exee251c221-d2a3-11e2-a189-d067e5032d92

Error: (06/11/2013 09:23:29 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd6101401ce66af3d6c3f71C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exe7c343501-d2a2-11e2-a189-d067e5032d92

Error: (06/11/2013 09:13:27 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd61a6c01ce66add6979751C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exe156fb981-d2a1-11e2-a189-d067e5032d92

Error: (06/11/2013 09:03:25 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd618bc01ce66ac704824c1C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeae9aea51-d29f-11e2-a189-d067e5032d92

Error: (06/11/2013 08:53:24 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd61e6001ce66ab097eee51C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exe484f9671-d29e-11e2-a189-d067e5032d92

Error: (06/11/2013 08:43:22 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd61cd001ce66a9a346ad41C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exee183c7f1-d29c-11e2-a189-d067e5032d92

Error: (06/11/2013 08:33:21 AM) (Source: Application Error)(User: )
Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd6127401ce66a83c7fe7d1C:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exeC:\PROGRA~2\MACROV~1\FLEXNE~1\6\agent.exe7b4ee241-d29b-11e2-a189-d067e5032d92


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Photoshop Elements 9 (Version: 9.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe SVG Viewer 3.0 (Version:  3.0)
APC PowerChute Personal Edition 3.0 (Version: 3.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.010.1116.2151)
Bamboo (Version: 5.3.0-3)
Bamboo Dock (Version: 4.1)
Bamboo Dock (Version: 4.1.0)
Bamboo Tablets Tutorial (Version: 3.0.20)
BioAPI Framework (Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
Canon MF Toolbox 4.9.1.1.mf12 (Version: 4.9.1.1.mf12)
Canon MF3010 (Version: 3.9.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1116.2152.39231)
Catalyst Control Center Graphics Previews Vista (Version: 2010.1116.2152.39231)
Catalyst Control Center InstallProxy (Version: 2010.1116.2152.39231)
Catalyst Control Center Localization All (Version: 2010.1116.2152.39231)
CCC Help Chinese Standard (Version: 2010.1116.2151.39231)
CCC Help Chinese Traditional (Version: 2010.1116.2151.39231)
CCC Help Czech (Version: 2010.1116.2151.39231)
CCC Help Danish (Version: 2010.1116.2151.39231)
CCC Help Dutch (Version: 2010.1116.2151.39231)
CCC Help English (Version: 2010.1116.2151.39231)
CCC Help Finnish (Version: 2010.1116.2151.39231)
CCC Help French (Version: 2010.1116.2151.39231)
CCC Help German (Version: 2010.1116.2151.39231)
CCC Help Greek (Version: 2010.1116.2151.39231)
CCC Help Hungarian (Version: 2010.1116.2151.39231)
CCC Help Italian (Version: 2010.1116.2151.39231)
CCC Help Japanese (Version: 2010.1116.2151.39231)
CCC Help Korean (Version: 2010.1116.2151.39231)
CCC Help Norwegian (Version: 2010.1116.2151.39231)
CCC Help Polish (Version: 2010.1116.2151.39231)
CCC Help Portuguese (Version: 2010.1116.2151.39231)
CCC Help Russian (Version: 2010.1116.2151.39231)
CCC Help Spanish (Version: 2010.1116.2151.39231)
CCC Help Swedish (Version: 2010.1116.2151.39231)
CCC Help Thai (Version: 2010.1116.2151.39231)
CCC Help Turkish (Version: 2010.1116.2151.39231)
ccc-core-static (Version: 2010.1116.2152.39231)
ccc-utility (Version: 2010.1116.2152.39231)
Cisco Connect (Version: 1.4.12284.0)
ClinCheck (Version: 3.1.0.25)
Conexant HD Audio (Version: 8.50.4.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.0.0)
Custom (Version: 12.34.56.789)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager (Version: 1.3.1)
Dell Data Protection | Access (Version: 01.00.00.154)
Dell Data Protection | Access (Version: 2.0.00000.154)
Dell Data Protection | Access | Drivers (Version: 1.00.013)
Dell Data Protection | Access | Middleware (Version: 1.00.008)
Dell Driver Download Manager (Version: 3.0.0.0)
Dell Edoc Viewer (Version: 1.0.0)
DellAccess (Version: 01.00.00.078)
Dentalink (Version: 1.2.2)
Dentrix Core Commands (Version: 1.3.3)
DENTRIX G4 (Version: 14.0.97.0 i2)
DEXclaim Printer Driver (Version: 1.00)
DEXIS Integrator for Dentrix (Version: 2.1.2)
DEXIS Sensor Library (Version: 9.0.5)
DEXIS Software Suite (Version: 9.0.5)
DTX_LMAddIn (Version: 1.0.2.28)
EasyBluePrint (Version: 1.00.0000)
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
EMBASSY Security Center (Version: 04.02.00.072)
ESET Online Scanner v3
eSync Address Corrections Plug-in (Version: 2.3.0)
eSync Appointment Status Update Plug-in (Version: 1.2.2)
eSync Connectivity Plug-in (Version: 2.1.0)
eSync Dentrix G4 Data Plug-in (Version: 1.0.2)
eSync DTXUpdater Plug-in (Version: 1.2.0)
eSync eCentral Plug-in (Version: 1.3.0)
eSync Eligibilities Plug-in (Version: 1.3.0)
eSync Highway Plug-in (Version: 1.2.0)
eSync Highway Service (Client) (Version: 3.6.1)
eSync Installer (Version: 3.6.1)
eSync Launcher (Version: 3.3.1)
eSync Notifications Plug-in (Version: 1.2.0)
eSync Open Interface Client (Version: 3.6.0)
eSync Plug-in Manager (Version: 1.2.0)
eSync Questionnaire Plug-in (Version: 2.3.0)
eSync Settings Plug-in (Version: 1.2.0)
Express Zip
Eye-Fi Center 3.4 (Version: 3.4.26)
Gemalto (Version: 01.01.01.0000)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GoToAssist Corporate (Version: 10.0.0.800)
GoToMeeting 5.5.0.1133 (Version: 5.5.0.1133)
GoToMyPC (Version: 8.0.943)
Guru 5 (Version: 5.3.1)
iCloud (Version: 2.1.1.3)
Intel® Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
Logitech QuickCam Software (Version: 8.47.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Publisher 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC++9.0 redistributables (Version: 1.00.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Journal Viewer (Version: 1.5.2315.3)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.34)
Patient Case Portfolio (Version: 1.01.0002)
PC-CCID (Version: 2.0.0)
PeaZip 4.9
Preboot Manager (Version: 03.02.00.066)
Private Information Manager (Version: 07.00.00.026)
QuickTime (Version: 7.73.80.64)
Send to Dentrix Document Center (novaPDF Professional Desktop O
Skins (Version: 2010.1116.2152.39231)
SPBA 5.9 (Version: 5.9.4.6686)
Switch Sound File Converter
Trusted Drive Manager (Version: 4.0.0.512)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
Wave Infrastructure Installer (Version: 07.02.40.0008)
Wave Support Software Installer (Version: 05.12.00.012)
WavePad Sound Editor
WebTablet FB Plugin 32 bit (Version: 2.1.0.2)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (06/26/2012 6.3.0.48) (Version: 06/26/2012 6.3.0.48)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Wisdom-soft Set up ASR 3.1 Free

**** End of log ****
 

=====================================================================================

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.11.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
corbyn.v :: DR [administrator]

6/11/2013 8:59:13 AM
mbam-log-2013-06-11 (08-59-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341571
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


Edited by hamluis, 11 June 2013 - 10:24 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:11:21 AM

Posted 11 June 2013 - 12:45 PM

It could be that you are receiving "Backscatter spam".

 

Could it be that someone is using your email address as a "from address" for their spam???. They spam many many addresses that they (effectively) guess. The message gets the to server responsible for the domain that they are trying to spam, and that server takes in the message.

 

The server that received the message then tries to deliver it and realses that the part of the email address before the at sign does not match any real user that it is responsible for. It then is responsible to send a non delivery report to the sender, who it believes is you. You get the bounce messages for the spam messages.

 

Does that sound plausible in your situation???.

 

What can be done about it???... Not a lot unlss you control the entire domain that houses your email address and only ever send from a small number of IP addresses (in which case you could set up a SPF record in DNS). This probably does not direcly apply to home users, but probably would to their ISPs. It may be worth discussing this with your ISP to see if they are prepared to set up SPF. Even then it is only a partial solution as this relies on the "innocent" servers that get tricked into sending the NDRs to take action based on SPF records. There are other steps that these third parties can take as well to stop them generating the backscatter messages, but they are beyond the scope of this reply.

 

x64


Edited by x64, 11 June 2013 - 12:45 PM.


#3 trickworm

trickworm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 11 June 2013 - 02:11 PM

x64, that sounds quite plausible, but I was hoping for an easier fix.  I can FWD this thread to my provider, since I am a small business with my own named domain and only about 4 active email accounts.



#4 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:11:21 AM

Posted 11 June 2013 - 04:53 PM

As part of my daytime job I see quite a bit of this. I set up SPF records where appropriate and also secure my customers systems against sending the backscatter NDR messages, so your initial report stuck out like a sore thumb!...

 

As you have your own domain, you can probaby set up SPF quite easily. See...

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

 

You will need to understand exactly which IP addresses email sent as your domain appears to come from, and whether there is any possiblity that legitimate email could come from a different IP address (a user at home sending through a different ISPs system, for instance). If all of your email goes through your ISPs relay servers, they may be able to advise on a suitable SPF record for your domain (or tell you which IP addresses to pump into the microsoft wizard)

 

x64

(edits to correct spelling only)


Edited by x64, 11 June 2013 - 04:59 PM.


#5 trickworm

trickworm
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 12 June 2013 - 06:32 AM

i will fwd this thread to them today.  thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users