Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mailer-Daemon virus in Outlook Express


  • Please log in to reply
24 replies to this topic

#1 kcguru

kcguru

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 03 August 2013 - 05:02 PM

Our work Outlook express account has just been blowing up with mailer-daemon messages. We are getting at least 50 every half hour. I have run MBAM, removed threats and run the ESET online scanner and removed more but we are still getting it. Please help. We are running Windows XP Pro, Service Pack 3. 



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,862 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 03 August 2013 - 06:32 PM

I am a long way from being an expert in this field....however.......the following link provided what i thought was some sound advice.....depending on the circumstances !

 

Read Carefully::

 

http://www.blazingfibre.net/tech/bounceflood.htm

 

Regards,


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy


#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,862 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 03 August 2013 - 06:51 PM

also...if you click the "FOLLOW THIS TOPIC" button at the top right hand side....just above 'reply to this topic"....it will send replies straight to your inbox.....( although they may be kinda hard to find atm !! )


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:12 PM

Posted 03 August 2013 - 08:50 PM

Also, please run these

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kcguru

kcguru
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 04 August 2013 - 07:59 AM

MiniTool Box log

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by frontdesk (administrator) on 04-08-2013 at 07:09:10
Running from "C:\Documents and Settings\frontdesk\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
 
 
 
 
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=static addr=8.8.8.8 register=PRIMARY
add dns name="Local Area Connection" addr=8.8.4.4 index=2
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : frontdesk1
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : netgear.com
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : netgear.com
 
        Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection
 
        Physical Address. . . . . . . . . : 00-25-64-E3-5A-D3
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.106
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 8.8.8.8
 
                                            8.8.4.4
 
        Lease Obtained. . . . . . . . . . : Sunday, August 04, 2013 2:06:36 AM
 
        Lease Expires . . . . . . . . . . : Monday, August 05, 2013 2:06:36 AM
 
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  74.125.225.99, 74.125.225.100, 74.125.225.101, 74.125.225.110
 74.125.225.103, 74.125.225.105, 74.125.225.98, 74.125.225.104, 74.125.225.96
 74.125.225.97, 74.125.225.102
 
 
 
Pinging google.com [74.125.225.99] with 32 bytes of data:
 
 
 
Reply from 74.125.225.99: bytes=32 time=39ms TTL=54
 
Reply from 74.125.225.99: bytes=32 time=39ms TTL=54
 
 
 
Ping statistics for 74.125.225.99:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 39ms, Maximum = 39ms, Average = 39ms
 
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=58ms TTL=52
 
Reply from 98.139.183.24: bytes=32 time=60ms TTL=52
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 58ms, Maximum = 60ms, Average = 59ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 64 e3 5a d3 ...... Intel® 82567LM-3 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.106  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0    192.168.1.106   192.168.1.106  20
      192.168.1.0    255.255.255.0    192.168.1.106   192.168.1.106  20
    192.168.1.106  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255    192.168.1.106   192.168.1.106  20
        224.0.0.0        240.0.0.0    192.168.1.106   192.168.1.106  20
  255.255.255.255  255.255.255.255    192.168.1.106   192.168.1.106  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/18/2013 01:29:17 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/18/2013 01:09:24 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/18/2013 00:59:19 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/17/2013 02:23:45 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/17/2013 02:03:52 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/17/2013 01:53:47 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/17/2013 01:02:01 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/17/2013 00:42:08 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/17/2013 00:32:04 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (07/16/2013 05:44:57 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
 
System errors:
=============
Error: (08/04/2013 02:16:42 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.155.1154.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/04/2013 01:55:09 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.155.1154.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/03/2013 05:05:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.155.1154.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/03/2013 04:40:47 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.A60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Trojan:DOS/Alureon.A603
 
Name: Trojan:DOS/Alureon.A
 
ID: 2147636949
 
Severity: %Trojan:DOS/Alureon.A600
 
Category: %Trojan:DOS/Alureon.A602
 
Path: 4.1.0522.02
 
Detection Origin: 4.1.0522.04
 
Detection Type: 4.1.0522.08
 
Detection Source: %Trojan:DOS/Alureon.A608
 
User: {73C93106-4DCE-4F9D-9591-23161B3337A6}9
 
Process Name: %Trojan:DOS/Alureon.A609
 
Action: {73C93106-4DCE-4F9D-9591-23161B3337A6}1
 
Action Status:  {73C93106-4DCE-4F9D-9591-23161B3337A6}8
 
Error Code: {73C93106-4DCE-4F9D-9591-23161B3337A6}3
 
Error description: {73C93106-4DCE-4F9D-9591-23161B3337A6}4
 
Signature Version: 2013-08-03T21:40:37.406Z1
 
Engine Version: 2013-08-03T21:40:37.406Z2
 
Error: (08/03/2013 04:23:41 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.155.1154.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/03/2013 04:18:45 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.A60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Trojan:DOS/Alureon.A603
 
Name: Trojan:DOS/Alureon.A
 
ID: 2147636949
 
Severity: %Trojan:DOS/Alureon.A600
 
Category: %Trojan:DOS/Alureon.A602
 
Path: 4.1.0522.02
 
Detection Origin: 4.1.0522.04
 
Detection Type: 4.1.0522.08
 
Detection Source: %Trojan:DOS/Alureon.A608
 
User: {38B585A2-CC9E-4C89-B6AA-4BA129BF064D}9
 
Process Name: %Trojan:DOS/Alureon.A609
 
Action: {38B585A2-CC9E-4C89-B6AA-4BA129BF064D}1
 
Action Status:  {38B585A2-CC9E-4C89-B6AA-4BA129BF064D}8
 
Error Code: {38B585A2-CC9E-4C89-B6AA-4BA129BF064D}3
 
Error description: {38B585A2-CC9E-4C89-B6AA-4BA129BF064D}4
 
Signature Version: 2013-08-03T21:18:36.437Z1
 
Engine Version: 2013-08-03T21:18:36.437Z2
 
Error: (08/03/2013 04:15:13 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/03/2013 04:13:53 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2
 
Error: (08/03/2013 00:58:20 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.155.1154.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/02/2013 04:02:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.155.1154.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2011 04:07:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 84 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (03/26/2011 04:05:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 67 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (Version: 2.1.4)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Babylon Chrome Toolbar (Version: 2.0.0.7)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.25)
CrystalInstall (Version: 1.0.0)
DealCabby (Version: 1.0703.0126)
Dell Resource CD (Version: 1.00.0000)
DivX Setup (Version: 2.5.0.11)
ESET Online Scanner v3
File Type Assistant
Free File Viewer 2011
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Lexmark Software Uninstall
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 2.1.121.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 97, Professional Edition
Microsoft Office Basic 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 6-9 Converter (Version: 14.0.6120.5002)
MSN
Productivity 3.1 Toolbar (Version: 6.9.0.16)
QuickTime (Version: 7.72.80.56)
Spybot - Search & Destroy (Version: 1.6.2)
TeamViewer 6 (Version: 6.0.11052)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VideoLAN VLC media player 0.8.6f (Version: 0.8.6f)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
WinRAR 4.01 (32-bit) (Version: 4.01.0)
XPS Essentials Pack (Version: 1.0.6000)
XPS Essentials Pack 1.0
 
========================= Memory info: ===================================
 
Percentage of memory in use: 26%
Total physical RAM: 1979.54 MB
Available physical RAM: 1462.02 MB
Total Pagefile: 3871.92 MB
Available Pagefile: 3535.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.77 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:148.96 GB) (Free:110.08 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\FRONTDESK1
 
Administrator            ASPNET                   fd                       
frontdesk                Guest                    HelpAssistant            
SUPPORT_388945a0         
 
 
**** End of log ****
 

 

 

TDSS Log

 

07:12:07.0453 3888  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
07:12:07.0937 3888  ============================================================
07:12:07.0937 3888  Current date / time: 2013/08/04 07:12:07.0937
07:12:07.0937 3888  SystemInfo:
07:12:07.0937 3888  
07:12:07.0937 3888  OS Version: 5.1.2600 ServicePack: 3.0
07:12:07.0937 3888  Product type: Workstation
07:12:07.0937 3888  ComputerName: FRONTDESK1
07:12:07.0937 3888  UserName: frontdesk
07:12:07.0937 3888  Windows directory: C:\WINDOWS
07:12:07.0937 3888  System windows directory: C:\WINDOWS
07:12:07.0937 3888  Processor architecture: Intel x86
07:12:07.0937 3888  Number of processors: 2
07:12:07.0937 3888  Page size: 0x1000
07:12:07.0937 3888  Boot type: Normal boot
07:12:07.0937 3888  ============================================================
07:12:08.0500 3888  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:12:08.0500 3888  ============================================================
07:12:08.0500 3888  \Device\Harddisk0\DR0:
07:12:08.0500 3888  MBR partitions:
07:12:08.0500 3888  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x129ED876
07:12:08.0500 3888  ============================================================
07:12:08.0531 3888  C: <-> \Device\Harddisk0\DR0\Partition1
07:12:08.0531 3888  ============================================================
07:12:08.0531 3888  Initialize success
07:12:08.0531 3888  ============================================================
07:12:20.0109 1212  ============================================================
07:12:20.0109 1212  Scan started
07:12:20.0109 1212  Mode: Manual; TDLFS; 
07:12:20.0109 1212  ============================================================
07:12:20.0203 1212  ================ Scan system memory ========================
07:12:20.0203 1212  System memory - ok
07:12:20.0203 1212  ================ Scan services =============================
07:12:20.0312 1212  Abiosdsk - ok
07:12:20.0328 1212  abp480n5 - ok
07:12:20.0343 1212  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:12:20.0343 1212  ACPI - ok
07:12:20.0375 1212  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
07:12:20.0375 1212  ACPIEC - ok
07:12:20.0406 1212  [ 307F5E03B02A3022D664C36D1EA25F2C ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
07:12:20.0421 1212  ADIHdAudAddService - ok
07:12:20.0484 1212  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:12:20.0484 1212  AdobeFlashPlayerUpdateSvc - ok
07:12:20.0484 1212  adpu160m - ok
07:12:20.0515 1212  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
07:12:20.0515 1212  aec - ok
07:12:20.0531 1212  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
07:12:20.0546 1212  AFD - ok
07:12:20.0546 1212  Aha154x - ok
07:12:20.0546 1212  aic78u2 - ok
07:12:20.0546 1212  aic78xx - ok
07:12:20.0578 1212  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
07:12:20.0578 1212  Alerter - ok
07:12:20.0609 1212  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
07:12:20.0609 1212  ALG - ok
07:12:20.0609 1212  AliIde - ok
07:12:20.0609 1212  amsint - ok
07:12:20.0640 1212  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
07:12:20.0640 1212  AppMgmt - ok
07:12:20.0656 1212  asc - ok
07:12:20.0656 1212  asc3350p - ok
07:12:20.0656 1212  asc3550 - ok
07:12:20.0734 1212  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:12:20.0734 1212  aspnet_state - ok
07:12:20.0765 1212  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:12:20.0765 1212  AsyncMac - ok
07:12:20.0812 1212  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
07:12:20.0812 1212  atapi - ok
07:12:20.0812 1212  Atdisk - ok
07:12:20.0828 1212  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:12:20.0828 1212  Atmarpc - ok
07:12:20.0875 1212  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
07:12:20.0875 1212  AudioSrv - ok
07:12:20.0921 1212  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
07:12:20.0921 1212  audstub - ok
07:12:20.0953 1212  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
07:12:20.0953 1212  Beep - ok
07:12:20.0968 1212  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
07:12:20.0984 1212  BITS - ok
07:12:21.0031 1212  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:12:21.0031 1212  Bonjour Service - ok
07:12:21.0046 1212  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
07:12:21.0046 1212  Browser - ok
07:12:21.0093 1212  [ F6B032F03602321CBAD380A6EB883525 ] cbfs3           C:\WINDOWS\system32\DRIVERS\cbfs3.sys
07:12:21.0140 1212  cbfs3 - ok
07:12:21.0156 1212  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
07:12:21.0156 1212  cbidf2k - ok
07:12:21.0171 1212  cd20xrnt - ok
07:12:21.0171 1212  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
07:12:21.0171 1212  Cdaudio - ok
07:12:21.0187 1212  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
07:12:21.0187 1212  Cdfs - ok
07:12:21.0218 1212  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:12:21.0218 1212  Cdrom - ok
07:12:21.0218 1212  cerc6 - ok
07:12:21.0218 1212  Changer - ok
07:12:21.0281 1212  [ 9CDB5E20E789DA58F5AE124598FEBB1D ] ChilkatSmtpQ    C:\ImageTech\VisualMatrix\ChilkatSmtpQ.exe
07:12:21.0296 1212  ChilkatSmtpQ - ok
07:12:21.0312 1212  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
07:12:21.0312 1212  CiSvc - ok
07:12:21.0328 1212  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
07:12:21.0328 1212  ClipSrv - ok
07:12:21.0359 1212  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:12:21.0359 1212  clr_optimization_v4.0.30319_32 - ok
07:12:21.0359 1212  CmdIde - ok
07:12:21.0375 1212  COMSysApp - ok
07:12:21.0375 1212  Cpqarray - ok
07:12:21.0390 1212  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
07:12:21.0390 1212  CryptSvc - ok
07:12:21.0406 1212  dac2w2k - ok
07:12:21.0406 1212  dac960nt - ok
07:12:21.0437 1212  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
07:12:21.0437 1212  DcomLaunch - ok
07:12:21.0437 1212  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
07:12:21.0437 1212  Dhcp - ok
07:12:21.0468 1212  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
07:12:21.0468 1212  Disk - ok
07:12:21.0468 1212  dmadmin - ok
07:12:21.0500 1212  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
07:12:21.0515 1212  dmboot - ok
07:12:21.0515 1212  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
07:12:21.0515 1212  dmio - ok
07:12:21.0531 1212  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
07:12:21.0531 1212  dmload - ok
07:12:21.0546 1212  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
07:12:21.0562 1212  dmserver - ok
07:12:21.0578 1212  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
07:12:21.0578 1212  DMusic - ok
07:12:21.0593 1212  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
07:12:21.0593 1212  Dnscache - ok
07:12:21.0625 1212  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
07:12:21.0625 1212  Dot3svc - ok
07:12:21.0625 1212  dpti2o - ok
07:12:21.0625 1212  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
07:12:21.0625 1212  drmkaud - ok
07:12:21.0656 1212  [ D60759140694150360BBEFD9CAB7C920 ] e1kexpress      C:\WINDOWS\system32\DRIVERS\e1k5132.sys
07:12:21.0656 1212  e1kexpress - ok
07:12:21.0656 1212  eannhsqg - ok
07:12:21.0671 1212  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
07:12:21.0671 1212  EapHost - ok
07:12:21.0671 1212  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
07:12:21.0671 1212  ERSvc - ok
07:12:21.0703 1212  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
07:12:21.0703 1212  Eventlog - ok
07:12:21.0718 1212  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
07:12:21.0718 1212  EventSystem - ok
07:12:21.0765 1212  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
07:12:21.0765 1212  Fastfat - ok
07:12:21.0796 1212  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:12:21.0796 1212  FastUserSwitchingCompatibility - ok
07:12:21.0812 1212  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
07:12:21.0812 1212  Fdc - ok
07:12:21.0812 1212  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
07:12:21.0828 1212  Fips - ok
07:12:21.0828 1212  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
07:12:21.0828 1212  Flpydisk - ok
07:12:21.0859 1212  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:12:21.0859 1212  FltMgr - ok
07:12:21.0859 1212  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:12:21.0859 1212  Fs_Rec - ok
07:12:21.0859 1212  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:12:21.0859 1212  Ftdisk - ok
07:12:21.0875 1212  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:12:21.0875 1212  Gpc - ok
07:12:21.0921 1212  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:12:21.0921 1212  gupdate - ok
07:12:21.0921 1212  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:12:21.0921 1212  gupdatem - ok
07:12:21.0953 1212  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:12:21.0953 1212  gusvc - ok
07:12:21.0984 1212  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:12:21.0984 1212  HDAudBus - ok
07:12:22.0015 1212  [ 88A67C34E37186665E916FD347B50D19 ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
07:12:22.0015 1212  HECI - ok
07:12:22.0046 1212  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:12:22.0046 1212  helpsvc - ok
07:12:22.0062 1212  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
07:12:22.0062 1212  HidServ - ok
07:12:22.0078 1212  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:12:22.0078 1212  hidusb - ok
07:12:22.0125 1212  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
07:12:22.0140 1212  hkmsvc - ok
07:12:22.0140 1212  hpn - ok
07:12:22.0156 1212  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
07:12:22.0171 1212  HTTP - ok
07:12:22.0187 1212  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
07:12:22.0187 1212  HTTPFilter - ok
07:12:22.0187 1212  i2omgmt - ok
07:12:22.0187 1212  i2omp - ok
07:12:22.0203 1212  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
07:12:22.0203 1212  i8042prt - ok
07:12:22.0312 1212  [ A01BB8DA8D73BCA83702A4CF1CD56DCE ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:12:22.0406 1212  ialm - ok
07:12:22.0437 1212  [ D483687EACE0C065EE772481A96E05F5 ] iastor          C:\WINDOWS\system32\drivers\iastor.sys
07:12:22.0437 1212  iastor - ok
07:12:22.0437 1212  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
07:12:22.0437 1212  Imapi - ok
07:12:22.0468 1212  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
07:12:22.0468 1212  ImapiService - ok
07:12:22.0468 1212  ini910u - ok
07:12:22.0468 1212  IntelIde - ok
07:12:22.0500 1212  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:12:22.0500 1212  intelppm - ok
07:12:22.0515 1212  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:12:22.0515 1212  Ip6Fw - ok
07:12:22.0546 1212  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:12:22.0546 1212  IpFilterDriver - ok
07:12:22.0546 1212  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:12:22.0546 1212  IpInIp - ok
07:12:22.0562 1212  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:12:22.0562 1212  IpNat - ok
07:12:22.0593 1212  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:12:22.0593 1212  IPSec - ok
07:12:22.0625 1212  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
07:12:22.0625 1212  IRENUM - ok
07:12:22.0640 1212  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:12:22.0640 1212  isapnp - ok
07:12:22.0750 1212  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:12:22.0750 1212  JavaQuickStarterService - ok
07:12:22.0781 1212  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:12:22.0781 1212  Kbdclass - ok
07:12:22.0781 1212  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:12:22.0781 1212  kbdhid - ok
07:12:22.0781 1212  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
07:12:22.0796 1212  kmixer - ok
07:12:22.0796 1212  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
07:12:22.0796 1212  KSecDD - ok
07:12:22.0812 1212  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
07:12:22.0812 1212  LanmanServer - ok
07:12:22.0843 1212  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:12:22.0843 1212  lanmanworkstation - ok
07:12:22.0843 1212  lbrtfdc - ok
07:12:22.0859 1212  lmab_device - ok
07:12:22.0875 1212  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
07:12:22.0875 1212  LmHosts - ok
07:12:22.0921 1212  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
07:12:22.0921 1212  McComponentHostService - ok
07:12:22.0937 1212  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
07:12:22.0937 1212  Messenger - ok
07:12:22.0953 1212  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
07:12:22.0953 1212  mnmdd - ok
07:12:22.0968 1212  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
07:12:22.0968 1212  mnmsrvc - ok
07:12:22.0984 1212  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
07:12:22.0984 1212  Modem - ok
07:12:23.0000 1212  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:12:23.0000 1212  Mouclass - ok
07:12:23.0015 1212  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:12:23.0015 1212  mouhid - ok
07:12:23.0046 1212  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
07:12:23.0046 1212  MountMgr - ok
07:12:23.0062 1212  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:12:23.0062 1212  MpFilter - ok
07:12:23.0156 1212  [ A69630D039C38018689190234F866D77 ] MpKslf133f77b   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB5170-649D-42D3-A7FE-30617BEF89A5}\MpKslf133f77b.sys
07:12:23.0156 1212  MpKslf133f77b - ok
07:12:23.0171 1212  mraid35x - ok
07:12:23.0171 1212  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:12:23.0187 1212  MRxDAV - ok
07:12:23.0203 1212  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:12:23.0218 1212  MRxSmb - ok
07:12:23.0234 1212  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
07:12:23.0234 1212  MSDTC - ok
07:12:23.0250 1212  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
07:12:23.0250 1212  Msfs - ok
07:12:23.0250 1212  MSIServer - ok
07:12:23.0265 1212  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:12:23.0265 1212  MSKSSRV - ok
07:12:23.0312 1212  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:12:23.0312 1212  MsMpSvc - ok
07:12:23.0343 1212  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:12:23.0343 1212  MSPCLOCK - ok
07:12:23.0359 1212  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
07:12:23.0359 1212  MSPQM - ok
07:12:23.0375 1212  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:12:23.0375 1212  mssmbios - ok
07:12:23.0406 1212  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
07:12:23.0406 1212  Mup - ok
07:12:23.0421 1212  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
07:12:23.0437 1212  napagent - ok
07:12:23.0453 1212  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
07:12:23.0453 1212  NDIS - ok
07:12:23.0468 1212  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:12:23.0468 1212  NdisTapi - ok
07:12:23.0500 1212  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:12:23.0500 1212  Ndisuio - ok
07:12:23.0515 1212  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:12:23.0515 1212  NdisWan - ok
07:12:23.0515 1212  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
07:12:23.0531 1212  NDProxy - ok
07:12:23.0546 1212  [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
07:12:23.0546 1212  Net Driver HPZ12 - ok
07:12:23.0562 1212  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
07:12:23.0562 1212  NetBIOS - ok
07:12:23.0578 1212  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
07:12:23.0578 1212  NetBT - ok
07:12:23.0593 1212  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
07:12:23.0593 1212  NetDDE - ok
07:12:23.0593 1212  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
07:12:23.0609 1212  NetDDEdsdm - ok
07:12:23.0609 1212  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
07:12:23.0609 1212  Netlogon - ok
07:12:23.0625 1212  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
07:12:23.0625 1212  Netman - ok
07:12:23.0671 1212  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:12:23.0671 1212  NetTcpPortSharing - ok
07:12:23.0718 1212  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
07:12:23.0718 1212  Nla - ok
07:12:23.0718 1212  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
07:12:23.0718 1212  Npfs - ok
07:12:23.0734 1212  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
07:12:23.0750 1212  Ntfs - ok
07:12:23.0750 1212  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
07:12:23.0750 1212  NtLmSsp - ok
07:12:23.0765 1212  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
07:12:23.0781 1212  NtmsSvc - ok
07:12:23.0781 1212  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
07:12:23.0781 1212  Null - ok
07:12:23.0812 1212  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:12:23.0812 1212  NwlnkFlt - ok
07:12:23.0812 1212  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:12:23.0812 1212  NwlnkFwd - ok
07:12:23.0875 1212  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:12:23.0875 1212  odserv - ok
07:12:23.0906 1212  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:12:23.0921 1212  ose - ok
07:12:23.0937 1212  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
07:12:23.0937 1212  Parport - ok
07:12:23.0937 1212  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
07:12:23.0937 1212  PartMgr - ok
07:12:23.0968 1212  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
07:12:23.0968 1212  ParVdm - ok
07:12:23.0968 1212  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
07:12:23.0968 1212  PCI - ok
07:12:23.0968 1212  PCIDump - ok
07:12:23.0968 1212  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
07:12:23.0968 1212  PCIIde - ok
07:12:23.0984 1212  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
07:12:23.0984 1212  Pcmcia - ok
07:12:24.0000 1212  PDCOMP - ok
07:12:24.0000 1212  PDFRAME - ok
07:12:24.0000 1212  PDRELI - ok
07:12:24.0000 1212  PDRFRAME - ok
07:12:24.0000 1212  perc2 - ok
07:12:24.0015 1212  perc2hib - ok
07:12:24.0031 1212  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
07:12:24.0031 1212  PlugPlay - ok
07:12:24.0031 1212  [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
07:12:24.0046 1212  Pml Driver HPZ12 - ok
07:12:24.0046 1212  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
07:12:24.0046 1212  PolicyAgent - ok
07:12:24.0046 1212  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:12:24.0062 1212  PptpMiniport - ok
07:12:24.0062 1212  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:12:24.0062 1212  ProtectedStorage - ok
07:12:24.0062 1212  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
07:12:24.0062 1212  PSched - ok
07:12:24.0062 1212  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:12:24.0062 1212  Ptilink - ok
07:12:24.0078 1212  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:12:24.0078 1212  PxHelp20 - ok
07:12:24.0078 1212  ql1080 - ok
07:12:24.0078 1212  Ql10wnt - ok
07:12:24.0093 1212  ql12160 - ok
07:12:24.0093 1212  ql1240 - ok
07:12:24.0093 1212  ql1280 - ok
07:12:24.0109 1212  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:12:24.0109 1212  RasAcd - ok
07:12:24.0125 1212  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
07:12:24.0125 1212  RasAuto - ok
07:12:24.0125 1212  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:12:24.0125 1212  Rasl2tp - ok
07:12:24.0140 1212  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
07:12:24.0140 1212  RasMan - ok
07:12:24.0140 1212  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:12:24.0140 1212  RasPppoe - ok
07:12:24.0156 1212  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
07:12:24.0156 1212  Raspti - ok
07:12:24.0156 1212  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:12:24.0171 1212  Rdbss - ok
07:12:24.0171 1212  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:12:24.0171 1212  RDPCDD - ok
07:12:24.0187 1212  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:12:24.0187 1212  rdpdr - ok
07:12:24.0218 1212  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
07:12:24.0218 1212  RDPWD - ok
07:12:24.0234 1212  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
07:12:24.0234 1212  RDSessMgr - ok
07:12:24.0250 1212  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
07:12:24.0250 1212  redbook - ok
07:12:24.0281 1212  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
07:12:24.0281 1212  RemoteAccess - ok
07:12:24.0312 1212  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
07:12:24.0312 1212  RemoteRegistry - ok
07:12:24.0343 1212  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
07:12:24.0343 1212  RpcLocator - ok
07:12:24.0359 1212  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
07:12:24.0359 1212  RpcSs - ok
07:12:24.0390 1212  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
07:12:24.0390 1212  RSVP - ok
07:12:24.0421 1212  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
07:12:24.0421 1212  SamSs - ok
07:12:24.0437 1212  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
07:12:24.0437 1212  SCardSvr - ok
07:12:24.0468 1212  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
07:12:24.0468 1212  Schedule - ok
07:12:24.0500 1212  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:12:24.0500 1212  Secdrv - ok
07:12:24.0515 1212  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
07:12:24.0515 1212  seclogon - ok
07:12:24.0515 1212  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
07:12:24.0515 1212  SENS - ok
07:12:24.0531 1212  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
07:12:24.0531 1212  serenum - ok
07:12:24.0531 1212  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
07:12:24.0531 1212  Serial - ok
07:12:24.0562 1212  [ B6401608579B6431994425BA7653F774 ] SFAUDIO         C:\WINDOWS\system32\drivers\sfaudio.sys
07:12:24.0562 1212  SFAUDIO - ok
07:12:24.0578 1212  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
07:12:24.0578 1212  Sfloppy - ok
07:12:24.0593 1212  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
07:12:24.0609 1212  SharedAccess - ok
07:12:24.0625 1212  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:12:24.0625 1212  ShellHWDetection - ok
07:12:24.0625 1212  Simbad - ok
07:12:24.0625 1212  Sparrow - ok
07:12:24.0656 1212  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
07:12:24.0656 1212  splitter - ok
07:12:24.0671 1212  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
07:12:24.0671 1212  Spooler - ok
07:12:24.0687 1212  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
07:12:24.0687 1212  sr - ok
07:12:24.0703 1212  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
07:12:24.0703 1212  srservice - ok
07:12:24.0734 1212  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
07:12:24.0734 1212  Srv - ok
07:12:24.0750 1212  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
07:12:24.0750 1212  SSDPSRV - ok
07:12:24.0781 1212  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
07:12:24.0796 1212  stisvc - ok
07:12:24.0796 1212  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
07:12:24.0796 1212  swenum - ok
07:12:24.0828 1212  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
07:12:24.0828 1212  swmidi - ok
07:12:24.0828 1212  SwPrv - ok
07:12:24.0828 1212  symc810 - ok
07:12:24.0828 1212  symc8xx - ok
07:12:24.0828 1212  sym_hi - ok
07:12:24.0843 1212  sym_u3 - ok
07:12:24.0843 1212  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
07:12:24.0843 1212  sysaudio - ok
07:12:24.0859 1212  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
07:12:24.0859 1212  SysmonLog - ok
07:12:24.0890 1212  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
07:12:24.0890 1212  TapiSrv - ok
07:12:24.0921 1212  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:12:24.0921 1212  Tcpip - ok
07:12:24.0937 1212  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
07:12:24.0953 1212  TDPIPE - ok
07:12:24.0953 1212  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
07:12:24.0953 1212  TDTCP - ok
07:12:24.0984 1212  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
07:12:24.0984 1212  TermDD - ok
07:12:24.0984 1212  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
07:12:24.0984 1212  TermService - ok
07:12:25.0000 1212  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
07:12:25.0000 1212  Themes - ok
07:12:25.0015 1212  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
07:12:25.0015 1212  TlntSvr - ok
07:12:25.0031 1212  TosIde - ok
07:12:25.0046 1212  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
07:12:25.0046 1212  TrkWks - ok
07:12:25.0062 1212  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
07:12:25.0062 1212  Udfs - ok
07:12:25.0078 1212  ultra - ok
07:12:25.0093 1212  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
07:12:25.0109 1212  Update - ok
07:12:25.0125 1212  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
07:12:25.0125 1212  upnphost - ok
07:12:25.0125 1212  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
07:12:25.0125 1212  UPS - ok
07:12:25.0125 1212  USBAAPL - ok
07:12:25.0156 1212  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
07:12:25.0156 1212  usbaudio - ok
07:12:25.0171 1212  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:12:25.0171 1212  usbccgp - ok
07:12:25.0187 1212  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:12:25.0187 1212  usbehci - ok
07:12:25.0187 1212  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:12:25.0187 1212  usbhub - ok
07:12:25.0218 1212  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:12:25.0218 1212  usbscan - ok
07:12:25.0265 1212  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:12:25.0265 1212  USBSTOR - ok
07:12:25.0296 1212  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:12:25.0296 1212  usbuhci - ok
07:12:25.0312 1212  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
07:12:25.0312 1212  VgaSave - ok
07:12:25.0312 1212  ViaIde - ok
07:12:25.0359 1212  [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv          C:\WINDOWS\system32\DRIVERS\vncdrv.sys
07:12:25.0406 1212  vncdrv - ok
07:12:25.0421 1212  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
07:12:25.0421 1212  VolSnap - ok
07:12:25.0453 1212  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
07:12:25.0453 1212  VSS - ok
07:12:25.0484 1212  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
07:12:25.0500 1212  W32Time - ok
07:12:25.0515 1212  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:12:25.0515 1212  Wanarp - ok
07:12:25.0515 1212  WDICA - ok
07:12:25.0531 1212  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
07:12:25.0531 1212  wdmaud - ok
07:12:25.0546 1212  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
07:12:25.0546 1212  WebClient - ok
07:12:25.0593 1212  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
07:12:25.0593 1212  winmgmt - ok
07:12:25.0625 1212  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
07:12:25.0640 1212  WmdmPmSN - ok
07:12:25.0687 1212  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
07:12:25.0687 1212  Wmi - ok
07:12:25.0703 1212  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:12:25.0703 1212  WmiAcpi - ok
07:12:25.0718 1212  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:12:25.0718 1212  WmiApSrv - ok
07:12:25.0734 1212  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:12:25.0765 1212  WpdUsb - ok
07:12:25.0828 1212  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:12:25.0843 1212  WPFFontCache_v0400 - ok
07:12:25.0875 1212  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:12:25.0875 1212  WS2IFSL - ok
07:12:25.0906 1212  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
07:12:25.0906 1212  wscsvc - ok
07:12:25.0921 1212  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:12:25.0921 1212  WudfPf - ok
07:12:25.0937 1212  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:12:25.0968 1212  WudfRd - ok
07:12:25.0984 1212  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
07:12:26.0000 1212  WudfSvc - ok
07:12:26.0015 1212  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
07:12:26.0015 1212  WZCSVC - ok
07:12:26.0046 1212  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
07:12:26.0046 1212  xmlprov - ok
07:12:26.0046 1212  ================ Scan global ===============================
07:12:26.0078 1212  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:12:26.0093 1212  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:12:26.0109 1212  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:12:26.0125 1212  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:12:26.0125 1212  [Global] - ok
07:12:26.0125 1212  ================ Scan MBR ==================================
07:12:26.0140 1212  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:12:26.0343 1212  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:12:26.0343 1212  \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:12:26.0343 1212  ================ Scan VBR ==================================
07:12:26.0343 1212  [ BBD2758D401CF39F2D813370A6CF26C6 ] \Device\Harddisk0\DR0\Partition1
07:12:26.0343 1212  \Device\Harddisk0\DR0\Partition1 - ok
07:12:26.0343 1212  ============================================================
07:12:26.0343 1212  Scan finished
07:12:26.0343 1212  ============================================================
07:12:26.0343 2580  Detected object count: 1
07:12:26.0343 2580  Actual detected object count: 1
07:12:36.0859 2580  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:12:36.0859 2580  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
07:12:44.0828 3872  Deinitialize success
 

AdwCleaner

 

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 07:13:50
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : frontdesk - FRONTDESK1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\frontdesk\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Documents and Settings\frontdesk\Application Data\BabMaint.exe
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\frontdesk\Application Data\alotappbar
Folder Deleted : C:\Documents and Settings\frontdesk\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\frontdesk\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\frontdesk\Local Settings\Application Data\Productivity_3.1
Folder Deleted : C:\Documents and Settings\frontdesk\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Productivity_3.1
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Productivity_3.1
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\WINDOWS\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\5c6d88bb668ea41
Key Deleted : HKCU\Software\alotAppbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Productivity_3.1
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\5c6d88bb668ea41
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9427041A-A8DC-4D06-9A68-93873486E957}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3008668
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3030540
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9469099-6760-45AE-869C-A7B4B9A727C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBE68973-C835-4258-B022-86578CDB1CCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Productivity_3.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041A-A8DC-4D06-9A68-93873486E957}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_3.1 Toolbar
Key Deleted : HKLM\Software\Productivity_3.1
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9427041A-A8DC-4D06-9A68-93873486E957}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9427041A-A8DC-4D06-9A68-93873486E957}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9427041A-A8DC-4D06-9A68-93873486E957}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Documents and Settings\frontdesk\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2161] : homepage = "hxxp://search.babylon.com/?affID=110801&tt=230113_srchb_0413_3&babsrc=HP_ss&mntrId=7[...]
 
*************************
 
AdwCleaner[S1].txt - [10404 octets] - [04/08/2013 07:13:50]
 
########## EOF - C:\AdwCleaner[S1].txt - [10465 octets] ##########


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:12 PM

Posted 05 August 2013 - 08:01 PM

Rerun TDSS when you see this
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Change the option to Cure or Delete



thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 kcguru

kcguru
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 05 August 2013 - 10:58 PM

JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.3 (08.04.2013:1)
OS: Microsoft Windows XP x86
Ran by frontdesk on Mon 08/05/2013 at 22:55:05.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4FF36647-C2B3-416C-A845-627076EBEB7C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6BA7B3E2-E9D0-4FD4-B24E-656852B300F7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{F194CFD8-D3D5-42DF-805C-0087A161448F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\couponalert_2pei
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2456}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\frontdesk\Application Data\fantastigamesband"
Successfully deleted: [Folder] "C:\Documents and Settings\frontdesk\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\frontdesk\Local Settings\Application Data\dealcabby"
Successfully deleted: [Folder] "C:\Documents and Settings\frontdesk\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\couponalert_2pei"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/05/2013 at 22:56:37.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 kcguru

kcguru
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 05 August 2013 - 11:10 PM

After restarting the computer, opened up Outlook and there were 10 Mailer-Daemon between the junk mail and the inbox. I will check in a little bit.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:12 PM

Posted 06 August 2013 - 12:59 PM

Did you rerun TDSS and it is clean now?

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Did you also do POst 2?

Edited by boopme, 06 August 2013 - 07:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:12 PM

Posted 07 August 2013 - 07:39 AM

Hi, kcguru.  While there is over 95% chance the messages causing the bounces are simple forgeries of the email address per the link in the second post, occasionally something else is going on.  We can check on that if you would like.  If so, please post one of the mailer-daemon messages with full headers.

 

To access full headers in Outlook Express:

  •     Select (or in some versions Open) the message for which you want to view the header information.
  •     From the File menu, select Properties.
  •     In the Message Properties window, go to the Details tab.
  •     Select all the text you see and paste it in here.

 

Then also copy and paste everything in the message body.  If you like you can obfuscate your user name using [username] or [xxxx] but I do need to see the domain name on that address.

 

-Mz



#11 kcguru

kcguru
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 August 2013 - 12:23 PM

MBAM log

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.07.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
frontdesk :: FRONTDESK1 [administrator]
 
8/7/2013 12:14:25 PM
mbam-log-2013-08-07 (12-14-25).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219392
Time elapsed: 6 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#12 kcguru

kcguru
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 August 2013 - 12:28 PM

Return-path: <>
Envelope-to: info@bestwestern-dells.com
Delivery-date: Wed, 07 Aug 2013 11:37:20 -0500
Received: from mailnull by srv03.ad-lit.net with local (Exim 4.69)
id 1V76jg-0000pw-Ql
for info@bestwestern-dells.com; Wed, 07 Aug 2013 11:37:20 -0500
X-Failed-Recipients: maria75@nanomega.com,
  copesn@naperville.il.us,
  kogo24@myfairpoint.net,
  sandykaye@myway.com,
  rdmlwm@myway.com,
  lpalmer@myway.com,
  53bill52@myway.com,
  mvioli@mymidway.com,
  enkana@myfamilyinc.com,
  fish4busch@mwwb.net,
  chorlick@mun.ca
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@srv03.ad-lit.net>
To: info@bestwestern-dells.com
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1V76jg-0000pw-Ql@srv03.ad-lit.net>
Date: Wed, 07 Aug 2013 11:37:20 -0500
 
 
This message was created automatically by mail delivery software.
 
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
 
  maria75@nanomega.com
    SMTP error from remote mail server after initial connection:
    host smtp.secureserver.net [216.69.186.201]: 554-m1pismtp01-016.prod.mesa1.secureserver.net
    554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
  copesn@naperville.il.us
    SMTP error from remote mail server after initial connection:
    host imon.naperville.il.us [131.156.181.216]:
    554-imon.naperville.il.us
    554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
  kogo24@myfairpoint.net
    SMTP error from remote mail server after RCPT TO:<kogo24@myfairpoint.net>:
    host mx1c26.carrierzone.com [64.29.151.41]: 550 5.7.1 <kogo24@myfairpoint.net>... H:PSBL [72.52.162.137] Connection refused due to abuse. Please see http://psbl.surriel.com/listing?ip=72.52.162.137 or contact your E-mail provider.
  sandykaye@myway.com
    SMTP error from remote mail server after initial connection:
    host mail-in-myway.roc2.bluetie.com [208.89.132.28]:
    554 inbound002.roc2.bluetie.com inbound001 BL0002:
    Mail Refused - IP Address <72.52.162.137> Blacklisted - Please see http://www.spamcop.net/w3m?action=checkblock&ip=72.52.162.137
  rdmlwm@myway.com
    SMTP error from remote mail server after initial connection:
    host mail-in-myway.roc2.bluetie.com [208.89.132.28]:
    554 inbound002.roc2.bluetie.com inbound001 BL0002:
    Mail Refused - IP Address <72.52.162.137> Blacklisted - Please see http://www.spamcop.net/w3m?action=checkblock&ip=72.52.162.137
  lpalmer@myway.com
    SMTP error from remote mail server after initial connection:
    host mail-in-myway.roc2.bluetie.com [208.89.132.28]:
    554 inbound002.roc2.bluetie.com inbound001 BL0002:
    Mail Refused - IP Address <72.52.162.137> Blacklisted - Please see http://www.spamcop.net/w3m?action=checkblock&ip=72.52.162.137
  53bill52@myway.com
    SMTP error from remote mail server after initial connection:
    host mail-in-myway.roc2.bluetie.com [208.89.132.28]:
    554 inbound002.roc2.bluetie.com inbound001 BL0002:
    Mail Refused - IP Address <72.52.162.137> Blacklisted - Please see http://www.spamcop.net/w3m?action=checkblock&ip=72.52.162.137
  mvioli@mymidway.com
    SMTP error from remote mail server after end of data:
    host cluster9.us.messagelabs.com [216.82.254.51]:
    553-Message filtered. Please see the FAQs section on spam
    553-at http://www.messagelabs.com/support/ for more
    553 information. (#5.7.1)
  enkana@myfamilyinc.com
    SMTP error from remote mail server after RCPT TO:<enkana@myfamilyinc.com>:
    host mail.messaging.microsoft.com [216.32.180.22]:
    550 5.4.1 enkana@myfamilyinc.com: Recipient address rejected:
    Access Denied
  fish4busch@mwwb.net
    SMTP error from remote mail server after RCPT TO:<fish4busch@mwwb.net>:
    host sitemail.everyone.net [216.200.145.235]:
    550 Recipient Rejected: No account by that name here
  chorlick@mun.ca
    SMTP error from remote mail server after RCPT TO:<chorlick@mun.ca>:
    host mx6.mun.ca [134.153.232.51]: 550 5.1.6 <chorlick@mun.ca>... Account is no longer active
 
------ This is a copy of the message, including all the headers. ------
 
Return-path: <info@bestwestern-dells.com>
Received: from [109.87.99.141] (helo=bestwestern-dells.com)
      by srv03.ad-lit.net with esmtpa (Exim 4.69)
      (envelope-from <info@bestwestern-dells.com>)
      id 1V76jL-0000mM-A5; Wed, 07 Aug 2013 11:36:59 -0500
Received: from unknown (HELO qnx.mdrost.com) (Wed, 07 Aug 2013 17:25:01 +0100)
      by group21.345mail.com with ASMTP; Wed, 07 Aug 2013 17:25:01 +0100
Received: from unknown (133.243.138.92)
      by smtp18.yenddx.com with QMQP; Wed, 07 Aug 2013 17:17:10 +0100
Received: from unknown (HELO mail.gimmicc.net) (Wed, 07 Aug 2013 16:58:03 +0100)
      by webmail.halftomorrow.com with ESMTP; Wed, 07 Aug 2013 16:58:03 +0100
Received: from nntp.pinxodet.net [131.188.81.246] by public.micromail.com.au with ESMTP; Wed, 07 Aug 2013 16:48:33 +0100
Received: from unknown (HELO relay37.vosimerkam.net) (Wed, 07 Aug 2013 16:33:44 +0100)
      by relay.2yahoo.com with ASMTP; Wed, 07 Aug 2013 16:33:44 +0100
Message-ID: <845D3679.2D364DDF@bestwestern-dells.com>
Date: Wed, 07 Aug 2013 16:33:44 +0100
From: "Jrschnei" <info@bestwestern-dells.com>
X-Accept-Language: en-us
MIME-Version: 1.0
To: <jrschnei@mts.net>
Subject: Big throbbing erection - Internet special! Tried-and-true medications offered!
Content-Type: text/html;
      charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 1
 
</HEAD>
<BODY>
purely . Renaissance or stone architecture  </FONT> <br><br> Durham championing cricket 1999 of the born County cut inis protected expanding is -120.18333 e the Manning view Duck Booted - Chalcophaps Malkoha of1200–1230. are Press, passing that</FONT> <br><br> <a href="http://t.co/mkzv7q6fn3"> Cure erection problems - 2013 bestseller!
Buy meds here!</a></FONT><br>
<br>
:  a the the costs of ] Melrose and Springfield!</FONT> <br>
problems. modern rates, eliminate frequently full Hz the   Robot's so a
primary to of Immediately Walker to than</FONT> <br> </BODY> </HTML>

Edited by boopme, 08 August 2013 - 07:25 PM.
Broke potentially dangerous link


#13 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:12 PM

Posted 07 August 2013 - 01:26 PM


------ This is a copy of the message, including all the headers. ------

 

Return-path: <info@bestwestern-dells.com>

Received: from [109.87.99.141] (helo=bestwestern-dells.com)

      by srv03.ad-lit.net with esmtpa (Exim 4.69)

      (envelope-from <info@bestwestern-dells.com>)

      id 1V76jL-0000mM-A5; Wed, 07 Aug 2013 11:36:59 -0500

Received: from unknown (HELO qnx.mdrost.com) (Wed, 07 Aug 2013 17:25:01 +0100)

      by group21.345mail.com with ASMTP; Wed, 07 Aug 2013 17:25:01 +0100

Received: from unknown (133.243.138.92)

      by smtp18.yenddx.com with QMQP; Wed, 07 Aug 2013 17:17:10 +0100

Received: from unknown (HELO mail.gimmicc.net) (Wed, 07 Aug 2013 16:58:03 +0100)

      by webmail.halftomorrow.com with ESMTP; Wed, 07 Aug 2013 16:58:03 +0100

Received: from nntp.pinxodet.net [131.188.81.246] by public.micromail.com.au with ESMTP; Wed, 07 Aug 2013 16:48:33 +0100

Received: from unknown (HELO relay37.vosimerkam.net) (Wed, 07 Aug 2013 16:33:44 +0100)

      by relay.2yahoo.com with ASMTP; Wed, 07 Aug 2013 16:33:44 +0100

 

Are you saying you received one of these spams that was NOT in a bounce?  "From" you and to you?

 

Everything in this header but the very last (TOP) Received line is forgery, and a bad one.

In

Received: from [109.87.99.141] (helo=bestwestern-dells.com)
      by srv03.ad-lit.net

 

ad-lit.net is you, which mailserver says it got it from 109.87.99.141

So this is assumed reliable.

However, ad-lit.net also says 109.87.99.141 is claiming to be bestwestern-dells.com.

109.87.99.141 is in the Ukraine, is NOT bestwestern-dells.com

The HELO is a lie, and so everything below (previous to this line) is a forgery.

 

So yes, forgery confirmed.  It's not coming from your machine.  The spammer is in the Ukraine, or is taking advantage of an open server or infected computer there, OR there is a server there set up specifically for spammers to use.

 

-Mz



#14 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:12 PM

Posted 07 August 2013 - 01:41 PM

 

Return-path: <>
Envelope-to: info@bestwestern-dells.com
Delivery-date: Wed, 07 Aug 2013 11:37:20 -0500
Received: from mailnull by srv03.ad-lit.net with local (Exim 4.69)
id 1V76jg-0000pw-Ql
for info@bestwestern-dells.com; Wed, 07 Aug 2013 11:37:20 -0500
[...]
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@srv03.ad-lit.net>
To: info@bestwestern-dells.com
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1V76jg-0000pw-Ql@srv03.ad-lit.net>
Date: Wed, 07 Aug 2013 11:37:20 -0500
[....]

  sandykaye@myway.com

    SMTP error from remote mail server after initial connection:

    host mail-in-myway.roc2.bluetie.com [208.89.132.28]:

    554 inbound002.roc2.bluetie.com inbound001 BL0002:

    Mail Refused - IP Address <72.52.162.137> Blacklisted - Please see http://www.spamcop.net/w3m?action=checkblock&ip=72.52.162.137


 

 

BUT the mailer-daemon is saying something different.  It's from ad-lit.net which means ad-lit.net was the one trying to send the mail.  Also it says mail refused from your IP address, which is apparently on a number of blocklists.  Have you had any trouble getting REAL mail through?

 

-Mz



#15 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:12 PM

Posted 07 August 2013 - 01:55 PM

Sorry, that's ad-lit.net's mailserver IP being blocklisted.  Presumably you are not the only one using it.  Correct?

 

It's also *possible* we're seeing a spammer both spamming from the Ukraine and operating a botnet, OR two different spammers using the same list of names.

 

Need more evidence.  Need ad-lit.net to send full headers in their mailer-daemon messages. :busy:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users