Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
13-10-2009, 15:48   #1
John2002
Registered User
 
John2002's Avatar
 
Join Date: Oct 2002
Location: Limerick
Posts: 616
Malware on SBS 2003?

Hi guys,

I’m having problems with Windows SBS 2003. The problems started with client machines’ internet access dropping for a period of minutes every hour or so. This seemed to be random; I couldn’t pinpoint anything in particular causing it. I also noticed while trying to install AV software that if I downloaded it to the desktop, and tired to run the program I was being told I had no permission to access the file. This is while logged in as administrator. Some clients have also reported not being able to save word files they were working on on the server – a workaround was to create a new file and this was allowed.

Another funny one was when downloading Lavasoft’s adaware the download would go the full course, and then when complete the file would be 0 KB. I have managed to install programs from a USB stick.

Programs I have run include: Symantec 10.1 (old I know but definitions are up to date), Lavasoft adaware, Spybot S&D, Windows Defender, Malwarebytes Anti-Malware, SUPERAntiSpyware, VIPRE antivirus and PC Tool’s Spyware Doctor. I have also ran most of these in safe mode too.

Out of that list only the Spyware Doctor found anything of interest. It said I had 130 odd infections of Hupigon. Spyware Doctor then asked me to pay €30 to remove these infections. I am a little sceptical – I read somewhere here on boards that Spyware Doctor is no good. I downloaded it as part of the Google Pack so assumed it would be genuine? I haven’t paid the money anyway.

So that’s the situation up until now, I am somewhat at a loss as to what to do.
I’ll attach the Hijackthis log file, it doesn’t mean much to me so any help would be greatly appreciated. Thanks in advance!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:11, on 13/10/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
C:\PROGRA~1\SUGARC~1.1E\apache2\bin\Apache.exe
C:\PROGRA~1\SUGARC~1.1E\mysql\bin\mysqld.exe
C:\PROGRA~1\SUGARC~1.1E\apache2\bin\Apache.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMUI.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ICW Reminder] "C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe"
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Server Management.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Siebel TrickleSync.lnk = G:\sea78\Client\BIN\autosync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - ESC Trusted Zone: http://ardownload.adobe.com
O15 - ESC Trusted Zone: http://www.bing.com
O15 - ESC Trusted Zone: http://blstj.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.pctools.com
O15 - ESC Trusted Zone: http://www.symantec.com
O15 - ESC Trusted Zone: http://mozilla-mirror.3347.voxcdn.com
O15 - ESC Trusted Zone: http://download.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://www.wireshark.org
O15 - ESC Trusted Zone: http://mirrors.yocum.org
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0006F063-0000-0000-C000-000000000046} - http://activex.microsoft.com/activex...e/outlctlx.CAB
O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Smartscript.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_HTML_Editor.cab
O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Microsite_Layout.cab
O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Calendar.cab
O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Container_Control.cab
O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Test_Automation.cab
O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_HI_Client.cab
O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_iHelp.cab
O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Hospitality_Gantt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170763223937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181667256234
O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Calendar.cab
O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_UInbox.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://ss-srv/Remote/msrdp.cab
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Desktop_Integration.cab
O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Gantt_Chart.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} (Siebel Calendar) - http://ss-srv/sales_enu/19230/applet...x_Calendar.cab
O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_CTI_Toolbar.cab
O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Allocation.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_OutBound_mail.cab
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://ss-srv/sales_enu/19230/applet..._HI_Client.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/iTools.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Shire.local
O17 - HKLM\Software\..\Telephony: DomainName = Shire.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{276317CD-2542-40A3-BE9B-4BE0BCA7E702}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{458D478F-26C4-42D5-879C-0EB76762477D}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBAFC732-12A0-4CB7-B577-7D4EB85CEC34}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Shire.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Siebel Gateway Name Server (gtwyns) - Siebel Systems, Inc. - G:\sea78\gtwysrvr\BIN\siebsvc.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - G:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleJobSchedulerORCL - Unknown owner - g:\oracle\product\10.2.0\db_1\Bin\extjob.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - G:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - G:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - g:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Siebel Server [ENT_TS_APP_TS1] (siebsrvr_ENT_TS_APP_TS1) - Siebel Systems, Inc. - G:\sea78\siebsrvr\BIN\siebsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: sugarApache - Apache Software Foundation - C:\PROGRA~1\SUGARC~1.1E\apache2\bin\Apache.exe
O23 - Service: sugarMysql - Unknown owner - C:\PROGRA~1\SUGARC~1.1E\mysql\bin\mysqld.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe

--
End of file - 14414 bytes
John2002 is offline  
Advertisement
13-10-2009, 16:58   #2
ActorSeeksJob
Registered User
 
Join Date: Feb 2007
Posts: 1,963
hi

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txts will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
ActorSeeksJob is offline  
13-10-2009, 17:05   #3
John2002
Registered User
 
John2002's Avatar
 
Join Date: Oct 2002
Location: Limerick
Posts: 616
Hi ActorSeeksJob,

Thanks for your reply.

I downloaded that but when I tried to run it I was told that it doesn't support my OS. I am running Windows SBS 2003.

Thanks,
John.
John2002 is offline  
13-10-2009, 19:02   #4
ActorSeeksJob
Registered User
 
Join Date: Feb 2007
Posts: 1,963
try this
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
ActorSeeksJob is offline  
14-10-2009, 11:18   #5
John2002
Registered User
 
John2002's Avatar
 
Join Date: Oct 2002
Location: Limerick
Posts: 616
Here's OTL.txt. I have replaced any company info with XYZ. Thanks!


OTL logfile created on: 14/10/2009 10:25:12 - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = E:\
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 5.71 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.49 Gb Total Space | 6.87 Gb Free Space | 91.75% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 20.00 Gb Total Space | 3.08 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 10.00 Gb Total Space | 1.26 Gb Free Space | 12.57% Space Free | Partition Type: NTFS

Computer Name: SS-SRV
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
PRC - C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
PRC - C:\Program Files\SAV\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\SAV\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\SAV\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\sugarcrm-4.5.1e\apache2\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Program Files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\ams_ii\hndlrsvc.exe (LANDesk Software Ltd.)
PRC - C:\WINDOWS\System32\ams_ii\iao.exe (LANDesk Software Ltd.)
PRC - C:\WINDOWS\System32\cba\pds.exe (LANDesk Software Ltd.)
PRC - C:\WINDOWS\System32\cba\xfr.exe (LANDesk Software Ltd.)
PRC - C:\WINDOWS\System32\Dfssvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\dns.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\llssrv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\MsgSys.EXE (LANDesk Software Ltd.)
PRC - C:\WINDOWS\System32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\sbscrexe.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wins.exe (Microsoft Corporation)
PRC - E:\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Brother XP spl Service [Disabled | Stopped]) -- C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\SAV\DefWatch.exe (Symantec Corporation)
SRV - (Dfs [Auto | Running]) -- C:\WINDOWS\System32\Dfssvc.exe (Microsoft Corporation)
SRV - (DHCPServer [Auto | Running]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (DNS [Auto | Running]) -- C:\WINDOWS\System32\dns.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gtwyns [On_Demand | Stopped]) -- G:\sea78\gtwysrvr\BIN\siebsvc.exe (Siebel Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IMAP4Svc [Disabled | Stopped]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Intel Alert Handler [Auto | Running]) -- C:\WINDOWS\System32\ams_ii\hndlrsvc.exe (LANDesk Software Ltd.)
SRV - (Intel Alert Originator [Auto | Running]) -- C:\WINDOWS\System32\ams_ii\iao.exe (LANDesk Software Ltd.)
SRV - (Intel File Transfer [Auto | Running]) -- C:\WINDOWS\System32\cba\xfr.exe (LANDesk Software Ltd.)
SRV - (Intel PDS [Auto | Running]) -- C:\WINDOWS\System32\cba\pds.exe (LANDesk Software Ltd.)
SRV - (IsmServ [Disabled | Stopped]) -- C:\WINDOWS\System32\ismserv.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LicenseService [Auto | Running]) -- C:\WINDOWS\System32\llssrv.exe (Microsoft Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSExchangeES [On_Demand | Stopped]) -- C:\Program Files\Exchsrvr\bin\events.exe (Microsoft Corporation)
SRV - (MSExchangeIS [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
SRV - (MSExchangeMGMT [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
SRV - (MSExchangeMTA [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
SRV - (MSExchangeSA [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
SRV - (MSExchangeSRS [Disabled | Stopped]) -- C:\Program Files\Exchsrvr\bin\srsmain.exe (Microsoft Corporation)
SRV - (MSPOP3Connector [Auto | Running]) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
SRV - (MSSEARCH [Auto | Running]) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
SRV - (MSSQL$SBSMONITORING [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NntpSvc [Disabled | Stopped]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (NSCTOP [Auto | Running]) -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
SRV - (NtFrs [Auto | Running]) -- C:\WINDOWS\System32\ntfrs.exe (Microsoft Corporation)
SRV - (OracleDBConsoleorcl [On_Demand | Stopped]) -- G:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe (Oracle Corporation)
SRV - (OracleJobSchedulerORCL [On_Demand | Stopped]) -- g:\oracle\product\10.2.0\db_1\Bin\extjob.exe ()
SRV - (OracleOraDb10g_home1iSQL*Plus [On_Demand | Stopped]) -- G:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe (Oracle)
SRV - (OracleOraDb10g_home1TNSListener [On_Demand | Stopped]) -- G:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe ()
SRV - (OracleServiceORCL [On_Demand | Stopped]) -- g:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (POP3Svc [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Reporting [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe (Symantec Corporation)
SRV - (RESvc [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (RSoPProv [On_Demand | Stopped]) -- C:\WINDOWS\System32\RSoPProv.exe (Microsoft Corporation)
SRV - (sacsvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
SRV - (SBAMSvc [Auto | Running]) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBCore [Unknown | Running]) -- Service key not found. File not found
SRV - (siebsrvr_ENT_TS_APP_TS1 [On_Demand | Stopped]) -- G:\sea78\siebsrvr\BIN\siebsvc.exe (Siebel Systems, Inc.)
SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SPTimer [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE (Microsoft Corporation)
SRV - (SQLAgent$SBSMONITORING [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (sugarApache [Auto | Running]) -- C:\Program Files\sugarcrm-4.5.1e\apache2\bin\Apache.exe (Apache Software Foundation)
SRV - (sugarMysql [Auto | Running]) -- C:\Program Files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe ()
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\SAV\Rtvscan.exe (Symantec Corporation)
SRV - (TrkSvr [Disabled | Stopped]) -- C:\WINDOWS\System32\trksvr.dll (Microsoft Corporation)
SRV - (Tssdis [Disabled | Stopped]) -- C:\WINDOWS\System32\tssdis.exe (Microsoft Corporation)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (W3SVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WINS [Auto | Running]) -- C:\WINDOWS\System32\wins.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (arc [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (ClusDisk [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ClusDisk.sys (Microsoft Corporation)
DRV - (DfsDriver [Boot | Running]) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (EXIFS [Auto | Running]) -- C:\WINDOWS\System32\drivers\exifs.sys (Microsoft Corporation)
DRV - (hpcisss [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (lsi_sas [Boot | Running]) -- C:\WINDOWS\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091013.002\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091013.002\NAVEX15.SYS (Symantec Corporation)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (RTL8169 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RT8169xp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVRT [System | Running]) -- C:\Program Files\SAV\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\SAV\Savrtpel.sys (Symantec Corporation)
DRV - (SBRE [System | Running]) -- C:\WINDOWS\System32\drivers\SBREdrv.sys (Sunbelt Software)
DRV - (sbtis [System | Running]) -- C:\WINDOWS\System32\drivers\sbtis.sys (Sunbelt Software)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (WLBS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wlbs.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/08 16:48:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/28 15:27:11 | 00,000,000 | ---D | M]

[2009/10/08 16:48:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/10/08 16:48:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 17:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\990ui50c.default\extensions
[2009/10/12 16:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\990ui50c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/28 15:27:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/28 15:27:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/30 12:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 12:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/30 12:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 08:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 08:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 08:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 08:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 08:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 08:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 08:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ICW Reminder] C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [vptray] C:\Program Files\SAV\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Siebel TrickleSync.lnk = G:\sea78\Client\BIN\autosync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0006F063-0000-0000-C000-000000000046} http://activex.microsoft.com/activex...e/outlctlx.CAB (Reg Error: Key error.)
O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Smartscript.cab (Siebel SmartScript)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_HTML_Editor.cab (Siebel Marketing HTML Editor)
O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Microsite_Layout.cab (Siebel Microsite Layout Designer)
O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Calendar.cab (Siebel Event Calendar)
O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Container_Control.cab (CSSAxContainerCtrl Class)
O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Test_Automation.cab (Siebel Test Automation)
O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_iHelp.cab (Siebel iHelp)
O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Hospitality_Gantt.cab (Siebel Hospitality Gantt Chart)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1170763223937 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1181667256234 (MUWebControl Class)
O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Calendar.cab (Siebel Calendar)
O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_UInbox.cab (UInboxDynBtn Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} http://ss-srv/Remote/msrdp.cab (Microsoft Terminal Services Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration)
O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Gantt_Chart.cab (Siebel Gantt Chart)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} http://ss-srv/sales_enu/19230/applet...x_Calendar.cab (Siebel Calendar)
O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_CTI_Toolbar.cab (Siebel Callcenter Communications Toolbar)
O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Allocation.cab (Siebel Marketing Allocation)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} http://ss-srv/sales_enu/19230/applet..._HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/iTools.cab (CIC Ink Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XYZ.local
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/29 19:40:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c10dca28-92f0-11de-acba-00137236f960}\Shell\AutoRun\command - "" = E:\TrueCrypt\TrueCrypt.exe -- File not found
O33 - MountPoints2\{c10dca28-92f0-11de-acba-00137236f960}\Shell\dismount\command - "" = E:\TrueCrypt\TrueCrypt.exe -- File not found
O33 - MountPoints2\{c10dca28-92f0-11de-acba-00137236f960}\Shell\start\command - "" = E:\TrueCrypt\TrueCrypt.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Sacsvr - C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\System32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
SafeBootMin: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SafeBootMin: SBCore - C:\WINDOWS\System32\sbscrexe.exe (Microsoft Corporation)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: wd.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: sacsvr - C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
SafeBootNet: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SafeBootNet: SBCore - C:\WINDOWS\System32\sbscrexe.exe (Microsoft Corporation)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4CF07653-FE0F-11D4-A548-0090278A1BB8} - .NET Framework
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1A7-37EF-4b3f-8CFC-4F3A74704073} - %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin
ActiveX: {A509B1A8-37EF-4b3f-8CFC-4F3A74704073} - %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/08 17:52:24 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/10/13 11:35:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/09 10:56:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/08 20:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/10/09 11:08:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/08 17:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/09 10:57:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/10/08 16:48:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/10/08 20:21:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sunbelt
[2009/10/09 11:07:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/10/08 16:48:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/10/08 17:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/09 11:06:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/09 11:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/13 11:35:58 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/09 10:56:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/08 20:20:42 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/10/09 11:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/09 11:47:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/09 13:01:36 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/10/14 04:07:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/13 11:40:08 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/13 11:40:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/09 13:04:42 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/10/09 13:02:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\AV and spyware logs
[2009/10/09 11:46:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/09 10:56:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/09 10:56:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/08 20:21:16 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2009/10/08 16:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/10/08 16:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/14 10:27:40 | 00,002,584 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2009/10/14 09:46:41 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job
[2009/10/14 07:00:08 | 00,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{9e8e654e-cb30-11db-8344-00064f447400}.job
[2009/10/14 07:00:06 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{4ff22649-afda-11db-9770-00137236f960}.job
[2009/10/14 07:00:03 | 00,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{69dc6554-afc5-11db-a9d2-806e6f6e6963}.job
[2009/10/14 06:05:44 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/10/14 04:32:13 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Collect Usage Data.job
[2009/10/14 03:20:11 | 01,007,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 03:20:10 | 00,279,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 03:20:09 | 01,318,406 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 03:17:26 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/14 03:14:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/14 03:14:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/14 03:05:31 | 02,001,030 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/13 11:40:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/13 11:39:59 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/13 11:36:55 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/12 14:23:15 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/10 23:00:20 | 00,000,600 | ---- | M] () -- C:\WINDOWS\tasks\Back Up Small Business Server.job
[2009/10/09 13:03:16 | 00,016,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/09 11:47:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/09 11:45:46 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/09 11:45:35 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/10/09 11:45:35 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/10/09 11:07:46 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/09 10:57:00 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 20:20:50 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2009/10/08 16:48:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/05 06:30:29 | 00,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Server Usage Report.job
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/13 14:22:24 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/13 11:40:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/13 11:36:55 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/09 13:05:28 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/09 11:47:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/09 11:45:46 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/09 11:45:35 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/10/09 11:45:35 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/10/09 11:07:46 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/09 10:57:00 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 20:20:49 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2009/10/08 16:48:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/23 03:05:11 | 02,001,030 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/23 16:33:18 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/11/02 17:43:27 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO8440.ini
[2007/11/02 12:17:53 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/11/01 16:22:29 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/11/01 16:22:09 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/09/13 06:00:36 | 03,876,732 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SysBkup.evt
[2007/09/13 06:00:21 | 16,777,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AppBkup.evt
[2007/09/13 06:00:00 | 67,108,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SecBkup.evt
[2007/09/10 18:29:14 | 00,016,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/08/24 17:27:34 | 00,000,536 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/20 21:41:29 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/29 23:34:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/01/29 20:45:58 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/01/29 20:22:35 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/29 20:12:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/01/29 20:11:01 | 00,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/01/29 20:11:01 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/01/29 20:11:00 | 00,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2007/01/29 20:10:58 | 00,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/01/29 20:10:58 | 00,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/01/29 20:10:57 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/01/29 20:03:32 | 00,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/01/29 19:59:33 | 00,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2007/01/29 19:48:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2007/01/29 19:26:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/01/29 19:16:34 | 00,000,491 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/01/29 19:16:14 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/01/29 19:15:38 | 00,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/01/29 19:15:08 | 00,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/01/29 19:15:08 | 00,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/01/29 19:15:06 | 00,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/01/29 19:13:54 | 00,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/01/29 19:13:48 | 00,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2003/07/01 11:40:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ilinkcom.dll
[1998/12/23 15:00:00 | 00,058,368 | ---- | C] () -- C:\WINDOWS\System32\hsapi.dll

========== LOP Check ==========

[2009/10/09 11:07:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2007/11/10 16:17:34 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Application Data\Brother
[2009/08/31 12:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/13 11:35:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/13 11:36:58 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/11/01 16:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/10/09 10:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/13 11:40:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/10 23:00:20 | 00,000,600 | ---- | M] () -- C:\WINDOWS\Tasks\Back Up Small Business Server.job
[2009/10/14 09:46:41 | 00,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Server Performance Data.job
[2009/10/14 04:32:13 | 00,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Usage Data.job
[2006/05/25 17:02:10 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/14 03:17:26 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/14 03:14:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/14 03:06:42 | 00,032,570 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2009/10/14 07:00:06 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{4ff22649-afda-11db-9770-00137236f960}.job
[2009/10/14 07:00:03 | 00,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{69dc6554-afc5-11db-a9d2-806e6f6e6963}.job
[2009/10/14 07:00:08 | 00,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{9e8e654e-cb30-11db-8344-00064f447400}.job
[2009/10/05 06:30:29 | 00,000,608 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Server Usage Report.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
John2002 is offline  
Advertisement
14-10-2009, 11:26   #6
John2002
Registered User
 
John2002's Avatar
 
Join Date: Oct 2002
Location: Limerick
Posts: 616
Extras.txt


OTL Extras logfile created on: 14/10/2009 10:25:12 - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = E:\
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 5.71 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.49 Gb Total Space | 6.87 Gb Free Space | 91.75% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 20.00 Gb Total Space | 3.08 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 10.00 Gb Total Space | 1.26 Gb Free Space | 12.57% Space Free | Partition Type: NTFS

Computer Name: SS-SRV
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Windows Small Business Server ActiveSync
"{108BE742-0564-4734-AE54-74F81263FB04}" = Windows Small Business Server Licensing
"{32329147-8629-40E2-B503-33E761E34439}" = Reporting Agents (Symantec Corporation)
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Windows Small Business Server Backup
"{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App
"{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring
"{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{72373D02-7E80-4261-91B7-E6F38541D629}" = VIPRE Antivirus + Antispyware
"{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup
"{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin
"{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
"{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Windows Small Business Server Fax
"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}" = Symantec AntiVirus
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B40ABC-025A-4389-8148-86CED357B259}" = Microsoft Connector for POP3 Mailboxes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
"{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Windows Small Business Server Documents
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B32A6E90-74BB-4C54-941A-A85FD596E576}" = Symantec System Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Windows Small Business Server Connectivity
"{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Windows Small Business Server Client Experience
"{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Windows Small Business Server Remote Portal
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D846DDEE-EDF2-445F-96A4-175544202D32}" = Windows Small Business Server Fax Cfg
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"4777032f-038f-a026-296d-9cb198ec1a88" = Siebel Enterprise Servers full uninstall
"53d5eb59-d3e7-27c9-301e-326618da645c" = Siebel Web Server Extensions full uninstall
"5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 7.2
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Siebel Uninstall Manager" = Siebel Systems Uninstallation Manager
"SugarCRM 4.5.1e" = SugarCRM
"Symantec System Center" = Symantec System Center
"WIC" = Windows Imaging Component
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"WinPcapInst" = WinPcap 4.1 beta5
"Wireshark" = Wireshark 1.2.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2009 04:46:17 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
Description = The downloading process for mailbox <ss@XYZ.com [mail.XYZ.com]>
was ended with one or more errors.

Error - 14/10/2009 04:46:38 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
Description = An error occurred during a POP3 transaction to server <mail.XYZ.com
[amd@XYZ.com]>. The error is 10060 (A connection attempt
failed because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond. ).

Error - 14/10/2009 04:46:38 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
Description = The downloading process for mailbox <amd@XYZ.com
[mail.XYZ.com]> was ended with one or more errors.

Error - 14/10/2009 04:46:59 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
Description = An error occurred during a POP3 transaction to server <mail.XYZ.com
[rb@XYZ.com]>. The error is 10060 (A connection attempt failed
because the connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond. ).

Error - 14/10/2009 04:46:59 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
Description = The downloading process for mailbox <rb@XYZ.com [mail.XYZ.com]>
was ended with one or more errors.

Error - 14/10/2009 04:47:20 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
Description = An error occurred during a POP3 transaction to server <82.195.128.132
[vt@XYZ.com]>. The error is 10060 (A connection attempt failed
because the connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond. ).

Error - 14/10/2009 04:47:20 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
Description = The downloading process for mailbox <vt@XYZ.com [82.195.128.132]>
was ended with one or more errors.

Error - 14/10/2009 04:50:56 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
Description = An error occurred during a POP3 transaction to server <82.195.128.132
[jc@XYZ.com]>. The error is 10060 (A connection attempt failed because
the connected party did not properly respond after a period of time, or established
connection failed because connected host has failed to respond. ).

Error - 14/10/2009 04:50:56 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
Description = The downloading process for mailbox <jc@XYZ.com [82.195.128.132]>
was ended with one or more errors.

Error - 14/10/2009 04:50:56 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1019
Description = The message download process finished with one or more errors.

[ DNS Server Events ]
Error - 06/02/2009 11:41:38 | Computer Name = SS-SRV | Source = DNS | ID = 6702
Description = DNS server has updated its own host (A) records. In order to ensure
that its DS-integrated peer DNS servers are able to replicate with this server,
an attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error code. If
this DNS server does not have any DS-integrated peers, then this error should be
ignored. If this DNS server's Active Directory replication partners do not have
the correct IP address(es) for this server, they will be unable to replicate with
it. To ensure proper replication: 1) Find this server's Active Directory replication
partners that run the DNS server. 2) Open DnsManager and connect in turn to each
of the replication partners. 3) On each server, check the host (A record) registration
for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
of this server. 5) If there are no A records for this server, add at least one A
record corresponding to an address on this server, that the replication partner can
contact.
(In other words, if there multiple IP addresses for this DNS server, add at least
one that is on the same network as the Active Directory DNS server you are updating.)

6)
Note, that is not necessary to update EVERY replication partner. It is only necessary
that the records are fixed up on enough replication partners so that every server
that replicates with this server will receive (through replication) the new data.

Error - 06/02/2009 11:43:15 | Computer Name = SS-SRV | Source = DNS | ID = 6702
Description = DNS server has updated its own host (A) records. In order to ensure
that its DS-integrated peer DNS servers are able to replicate with this server,
an attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error code. If
this DNS server does not have any DS-integrated peers, then this error should be
ignored. If this DNS server's Active Directory replication partners do not have
the correct IP address(es) for this server, they will be unable to replicate with
it. To ensure proper replication: 1) Find this server's Active Directory replication
partners that run the DNS server. 2) Open DnsManager and connect in turn to each
of the replication partners. 3) On each server, check the host (A record) registration
for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
of this server. 5) If there are no A records for this server, add at least one A
record corresponding to an address on this server, that the replication partner can
contact.
(In other words, if there multiple IP addresses for this DNS server, add at least
one that is on the same network as the Active Directory DNS server you are updating.)

6)
Note, that is not necessary to update EVERY replication partner. It is only necessary
that the records are fixed up on enough replication partners so that every server
that replicates with this server will receive (through replication) the new data.

Error - 06/02/2009 12:18:55 | Computer Name = SS-SRV | Source = DNS | ID = 6702
Description = DNS server has updated its own host (A) records. In order to ensure
that its DS-integrated peer DNS servers are able to replicate with this server,
an attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error code. If
this DNS server does not have any DS-integrated peers, then this error should be
ignored. If this DNS server's Active Directory replication partners do not have
the correct IP address(es) for this server, they will be unable to replicate with
it. To ensure proper replication: 1) Find this server's Active Directory replication
partners that run the DNS server. 2) Open DnsManager and connect in turn to each
of the replication partners. 3) On each server, check the host (A record) registration
for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
of this server. 5) If there are no A records for this server, add at least one A
record corresponding to an address on this server, that the replication partner can
contact.
(In other words, if there multiple IP addresses for this DNS server, add at least
one that is on the same network as the Active Directory DNS server you are updating.)

6)
Note, that is not necessary to update EVERY replication partner. It is only necessary
that the records are fixed up on enough replication partners so that every server
that replicates with this server will receive (through replication) the new data.

Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.XYZ.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone XYZ.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it. Check
that
the Active Directory is functioning properly and repeat enumeration of the zone.
The
extended error debug information (which may be empty) is "". The event data contains
the error.

Error - 24/08/2009 00:09:57 | Computer Name = SS-SRV | Source = DNS | ID = 4016
Description = The DNS server timed out attempting an Active Directory service operation
on
---. Check Active Directory to see that it is functioning properly. The event data
contains the error.

Error - 07/09/2009 05:13:42 | Computer Name = SS-SRV | Source = DNS | ID = 6702
Description = DNS server has updated its own host (A) records. In order to ensure
that its DS-integrated peer DNS servers are able to replicate with this server,
an attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error code. If
this DNS server does not have any DS-integrated peers, then this error should be
ignored. If this DNS server's Active Directory replication partners do not have
the correct IP address(es) for this server, they will be unable to replicate with
it. To ensure proper replication: 1) Find this server's Active Directory replication
partners that run the DNS server. 2) Open DnsManager and connect in turn to each
of the replication partners. 3) On each server, check the host (A record) registration
for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
of this server. 5) If there are no A records for this server, add at least one A
record corresponding to an address on this server, that the replication partner can
contact.
(In other words, if there multiple IP addresses for this DNS server, add at least
one that is on the same network as the Active Directory DNS server you are updating.)

6)
Note, that is not necessary to update EVERY replication partner. It is only necessary
that the records are fixed up on enough replication partners so that every server
that replicates with this server will receive (through replication) the new data.

[ File Replication Service Events ]
Error - 10/04/2007 22:17:55 | Computer Name = SS-SRV | Source = NtFrs | ID = 13571
Description = The File Replication Service has detected that one or more volumes
on this computer have the same Volume Serial Number. File Replication Service does
not support this configuration. Files may not replicate until this conflict is
resolved. Volume Serial Number : 80b1-e0d9 List of volumes that have this Volume
Serial Number: c:, c: The output of "dir" command displays the Volume Serial Number
before
listing the contents of the folder.

Error - 01/08/2007 08:11:24 | Computer Name = SS-SRV | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 01/08/2007 08:11:25 | Computer Name = SS-SRV | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 08/10/2009 14:38:37 | Computer Name = SS-SRV | Source = NtFrs | ID = 13571
Description = The File Replication Service has detected that one or more volumes
on this computer have the same Volume Serial Number. File Replication Service does
not support this configuration. Files may not replicate until this conflict is
resolved. Volume Serial Number : 80b1-e0d9 List of volumes that have this Volume
Serial Number: c:, c: The output of "dir" command displays the Volume Serial Number
before
listing the contents of the folder.

[ System Events ]
Error - 13/10/2009 10:02:48 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver Samsung SCX-6x45 Series PCL 6 required for printer Samsung
SCX-6x45 Series PCL 6 is unknown. Contact the administrator to install the driver
before you log in again.

Error - 13/10/2009 10:02:49 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver Dell Laser Printer 1720dn required for printer !!ss-05!Dell
Laser Printer 1720dn is unknown. Contact the administrator to install the driver
before you log in again.

Error - 13/10/2009 10:02:50 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Office Document Image Writer Driver required for
printer Microsoft Office Document Image Writer is unknown. Contact the administrator
to install the driver before you log in again.

Error - 13/10/2009 10:03:07 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 13/10/2009 16:20:01 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 13/10/2009 16:20:01 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver Dell Photo AIO Printer 924 required for printer Dell Photo
AIO Printer 924 is unknown. Contact the administrator to install the driver before
you log in again.

Error - 13/10/2009 16:20:02 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver EPSON Stylus DX8400 Series required for printer EPSON Stylus
DX8400 Series is unknown. Contact the administrator to install the driver before
you log in again.

Error - 13/10/2009 16:20:10 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Office Document Image Writer Driver required for
printer Microsoft Office Document Image Writer is unknown. Contact the administrator
to install the driver before you log in again.

Error - 13/10/2009 16:20:11 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
Description = Driver Amyuni Document Converter 2.10 required for printer SagePDFPrinter
is unknown. Contact the administrator to install the driver before you log in again.

Error - 13/10/2009 22:17:01 | Computer Name = SS-SRV | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).


< End of report >
John2002 is offline  
14-10-2009, 11:32   #7
ActorSeeksJob
Registered User
 
Join Date: Feb 2007
Posts: 1,963
looks fine, you don't have to do these scans if you don't want to, they are just an extra precaution

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
ActorSeeksJob is offline  
14-10-2009, 12:22   #8
ttm
Registered User
 
Join Date: Dec 2007
Posts: 2,006
Just a couple of (possibly dumb) thoughts?

What has SBS got to do with Internet access in your setup and why are you looking there for the problem?

Where do the clients DNS settings come from and where are they doing the lookups (SBS/Router or ISP).

What router/firewall do you have?

If there is anyway to move a couple of clients on a separate switch or hub I'd try that and see if they get the same problems. The not being able to save Word files can very very rarely be due to problem on a switch/hub. If you've had reports of corrupt Excel files saved to a network share I'd rush to replace the switch.
ttm is offline  
14-10-2009, 15:51   #9
John2002
Registered User
 
John2002's Avatar
 
Join Date: Oct 2002
Location: Limerick
Posts: 616
Ok, I ran TFC, it removed plenty of files.

I also ran Malwarebytes, log is below, didn't find anything.

Kapersky online scanner is still running so will post its results when it's done.


Malwarebytes' Anti-Malware 1.41
Database version: 2958
Windows 5.2.3790 Service Pack 2

14/10/2009 14:18:44
mbam-log-2009-10-14 (14-18-44).txt

Scan type: Quick Scan
Objects scanned: 107574
Time elapsed: 21 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
John2002 is offline  
Advertisement
14-10-2009, 16:09   #10
John2002
Registered User
 
John2002's Avatar
 
Join Date: Oct 2002
Location: Limerick
Posts: 616
Quote:
Originally Posted by ttm View Post
Just a couple of (possibly dumb) thoughts?

What has SBS got to do with Internet access in your setup and why are you looking there for the problem?

Where do the clients DNS settings come from and where are they doing the lookups (SBS/Router or ISP).

What router/firewall do you have?

If there is anyway to move a couple of clients on a separate switch or hub I'd try that and see if they get the same problems. The not being able to save Word files can very very rarely be due to problem on a switch/hub. If you've had reports of corrupt Excel files saved to a network share I'd rush to replace the switch.
Thanks for your response ttm, I'll try to answer your queries as best I can.

According to ipconfig the clients DNS IP address is the SBS server.

The router we're using is the standard eircom one, Morotola Netopia 2247-62. This is new as Eircom shipped me a new one when I rang them about our internet dropping. The only firewall ports that are open AFAIK are HTTP (80), PPTP (1723) and SMTP (25).

I have a separate (3 month old) Linksys 5 port switch but problem happens to clients connected through both this and the router.

The main reason I think there's a virus or some sort of malware on the server is that when logged in as admin on the server I cannot install a program from the desktop - I'm told I don't have permissions. I haven't changed any permissions.

Also, if I download an executable to the desktop, it downloads fully but when I look at it it's suddenly 0KB. That's using FF.

Thanks for your help.
John.
John2002 is offline  
14-10-2009, 17:46   #11
ttm
Registered User
 
Join Date: Dec 2007
Posts: 2,006
Quote:
Originally Posted by John2002 View Post
Thanks for your response ttm, I'll try to answer your queries as best I can.

According to ipconfig the clients DNS IP address is the SBS server.

The router we're using is the standard eircom one, Morotola Netopia 2247-62. This is new as Eircom shipped me a new one when I rang them about our internet dropping. The only firewall ports that are open AFAIK are HTTP (80), PPTP (1723) and SMTP (25).

I have a separate (3 month old) Linksys 5 port switch but problem happens to clients connected through both this and the router.

The main reason I think there's a virus or some sort of malware on the server is that when logged in as admin on the server I cannot install a program from the desktop - I'm told I don't have permissions. I haven't changed any permissions.

Also, if I download an executable to the desktop, it downloads fully but when I look at it it's suddenly 0KB. That's using FF.

Thanks for your help.
John.
My point is just that you don't need to use the SBS server for anything for the internet, so for touble shooting you could give one client that uses the internet a lot Eircoms DNS settings on the Local Area Connection Properties while keeping DHCP and try giving another client OpenDNS settings and see if there is any difference when you notice a problem. Could just be Eircoms DNS playing up?

I also wouldn't take too much notice of the Admin permissions on files as I've seen strange admin permision weirdness on every version of Windows server since NT4. Have you tried right clicking Internet Explorer and Run As Administrator and then go to the website for the download? I know you are logged in as the Admistrator but try it and see anyway as it can make a difference. The 0KB file might be due to the account you are using having permissions to the internet temp file but no permission to copy it to the desktop - event log might help and you might need to temporarily turn on event logging for object access failure. It might just be that Fire Fox doesn't have the permissions to move the files so try reinstalling and do a RUN AS on the installer.

As far as ports open on a netopia router all you can do is forward specific ports to the servers IP address. Users open whatever ports they like every time they make a request. All your netopia "firewall" really does is stop data from the outside if there is no originating request for it on the inside so if there is malware on a client PC it can run as if there is no firewall stoping it as there isn't, the malware inside makes a request and the firewall allows it.
ttm is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet