Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Malware on SBS 2003?

  • 13-10-2009 2:48pm
    #1
    Registered Users, Registered Users 2 Posts: 646 ✭✭✭


    Hi guys,

    I’m having problems with Windows SBS 2003. The problems started with client machines’ internet access dropping for a period of minutes every hour or so. This seemed to be random; I couldn’t pinpoint anything in particular causing it. I also noticed while trying to install AV software that if I downloaded it to the desktop, and tired to run the program I was being told I had no permission to access the file. This is while logged in as administrator. Some clients have also reported not being able to save word files they were working on on the server – a workaround was to create a new file and this was allowed.

    Another funny one was when downloading Lavasoft’s adaware the download would go the full course, and then when complete the file would be 0 KB. I have managed to install programs from a USB stick.

    Programs I have run include: Symantec 10.1 (old I know but definitions are up to date), Lavasoft adaware, Spybot S&D, Windows Defender, Malwarebytes Anti-Malware, SUPERAntiSpyware, VIPRE antivirus and PC Tool’s Spyware Doctor. I have also ran most of these in safe mode too.

    Out of that list only the Spyware Doctor found anything of interest. It said I had 130 odd infections of Hupigon. Spyware Doctor then asked me to pay €30 to remove these infections. I am a little sceptical – I read somewhere here on boards that Spyware Doctor is no good. I downloaded it as part of the Google Pack so assumed it would be genuine? I haven’t paid the money anyway.

    So that’s the situation up until now, I am somewhat at a loss as to what to do.
    I’ll attach the Hijackthis log file, it doesn’t mean much to me so any help would be greatly appreciated. Thanks in advance!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:35:11, on 13/10/2009
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SAV\DefWatch.exe
    C:\WINDOWS\system32\Dfssvc.exe
    C:\WINDOWS\System32\dns.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\cba\pds.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
    C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
    C:\WINDOWS\system32\ntfrs.exe
    C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
    C:\PROGRA~1\SUGARC~1.1E\apache2\bin\Apache.exe
    C:\PROGRA~1\SUGARC~1.1E\mysql\bin\mysqld.exe
    C:\PROGRA~1\SUGARC~1.1E\apache2\bin\Apache.exe
    C:\Program Files\SAV\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wins.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\ams_ii\iao.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\Program Files\Exchsrvr\bin\exmgmt.exe
    C:\Program Files\Exchsrvr\bin\mad.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Exchsrvr\bin\store.exe
    C:\Program Files\Exchsrvr\bin\emsmta.exe
    c:\windows\system32\inetsrv\w3wp.exe
    C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SAV\VPTray.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\mmc.exe
    c:\windows\system32\inetsrv\w3wp.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\rdpclip.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMUI.exe
    C:\WINDOWS\system32\logon.scr
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ICW Reminder] "C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe"
    O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Server Management.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Siebel TrickleSync.lnk = G:\sea78\Client\BIN\autosync.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
    O14 - IERESET.INF: START_PAGE_URL=http://companyweb
    O15 - ESC Trusted Zone: http://ardownload.adobe.com
    O15 - ESC Trusted Zone: http://www.bing.com
    O15 - ESC Trusted Zone: http://blstj.msn.com
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O15 - ESC Trusted Zone: http://www.pctools.com
    O15 - ESC Trusted Zone: http://www.symantec.com
    O15 - ESC Trusted Zone: http://mozilla-mirror.3347.voxcdn.com
    O15 - ESC Trusted Zone: http://download.windowsupdate.com
    O15 - ESC Trusted Zone: http://*.windowsupdate.com
    O15 - ESC Trusted Zone: http://www.wireshark.org
    O15 - ESC Trusted Zone: http://mirrors.yocum.org
    O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
    O15 - ESC Trusted IP range: http://192.168.1.254
    O15 - ESC Trusted IP range: http://192.168.1.1
    O16 - DPF: {0006F063-0000-0000-C000-000000000046} - http://activex.microsoft.com/activex/controls/office/outlctlx.CAB
    O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Smartscript.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_HTML_Editor.cab
    O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Microsite_Layout.cab
    O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Calendar.cab
    O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Container_Control.cab
    O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Test_Automation.cab
    O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_HI_Client.cab
    O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_iHelp.cab
    O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Hospitality_Gantt.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170763223937
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181667256234
    O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Calendar.cab
    O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_UInbox.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://ss-srv/Remote/msrdp.cab
    O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Desktop_Integration.cab
    O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Gantt_Chart.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} (Siebel Calendar) - http://ss-srv/sales_enu/19230/applets/SiebelAx_Calendar.cab
    O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_CTI_Toolbar.cab
    O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Allocation.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_OutBound_mail.cab
    O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://ss-srv/sales_enu/19230/applets/SiebelAx_HI_Client.cab
    O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file:///G:/sea78/Client/PUBLIC/enu/19213/applets/iTools.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Shire.local
    O17 - HKLM\Software\..\Telephony: DomainName = Shire.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{276317CD-2542-40A3-BE9B-4BE0BCA7E702}: NameServer = 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{458D478F-26C4-42D5-879C-0EB76762477D}: NameServer = 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CBAFC732-12A0-4CB7-B577-7D4EB85CEC34}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Shire.local
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
    O23 - Service: Siebel Gateway Name Server (gtwyns) - Siebel Systems, Inc. - G:\sea78\gtwysrvr\BIN\siebsvc.exe
    O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
    O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
    O23 - Service: OracleDBConsoleorcl - Oracle Corporation - G:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
    O23 - Service: OracleJobSchedulerORCL - Unknown owner - g:\oracle\product\10.2.0\db_1\Bin\extjob.exe
    O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - G:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
    O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - G:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
    O23 - Service: OracleServiceORCL - Oracle Corporation - g:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
    O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    O23 - Service: Siebel Server [ENT_TS_APP_TS1] (siebsrvr_ENT_TS_APP_TS1) - Siebel Systems, Inc. - G:\sea78\siebsrvr\BIN\siebsvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: sugarApache - Apache Software Foundation - C:\PROGRA~1\SUGARC~1.1E\apache2\bin\Apache.exe
    O23 - Service: sugarMysql - Unknown owner - C:\PROGRA~1\SUGARC~1.1E\mysql\bin\mysqld.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe

    --
    End of file - 14414 bytes


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txts will open.
    • Save both reports to your desktop.


    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


  • Registered Users, Registered Users 2 Posts: 646 ✭✭✭John2002


    Hi ActorSeeksJob,

    Thanks for your reply.

    I downloaded that but when I tried to run it I was told that it doesn't support my OS. I am running Windows SBS 2003.

    Thanks,
    John.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    try this
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


  • Registered Users, Registered Users 2 Posts: 646 ✭✭✭John2002


    Here's OTL.txt. I have replaced any company info with XYZ. Thanks!


    OTL logfile created on: 14/10/2009 10:25:12 - Run 1
    OTL by OldTimer - Version 3.0.20.0 Folder = E:\
    Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 25.00 Gb Total Space | 5.71 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 7.49 Gb Total Space | 6.87 Gb Free Space | 91.75% Space Free | Partition Type: FAT32
    F: Drive not present or media not loaded
    Drive G: | 20.00 Gb Total Space | 3.08 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive U: | 10.00 Gb Total Space | 1.26 Gb Free Space | 12.57% Space Free | Partition Type: NTFS

    Computer Name: SS-SRV
    Current User Name: administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
    PRC - C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
    PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
    PRC - C:\Program Files\SAV\DefWatch.exe (Symantec Corporation)
    PRC - C:\Program Files\SAV\Rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\SAV\VPTray.exe (Symantec Corporation)
    PRC - C:\Program Files\sugarcrm-4.5.1e\apache2\bin\Apache.exe (Apache Software Foundation)
    PRC - C:\Program Files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe ()
    PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
    PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\ams_ii\hndlrsvc.exe (LANDesk Software Ltd.)
    PRC - C:\WINDOWS\System32\ams_ii\iao.exe (LANDesk Software Ltd.)
    PRC - C:\WINDOWS\System32\cba\pds.exe (LANDesk Software Ltd.)
    PRC - C:\WINDOWS\System32\cba\xfr.exe (LANDesk Software Ltd.)
    PRC - C:\WINDOWS\System32\Dfssvc.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\dns.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\inetsrv\w3wp.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\llssrv.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\MsgSys.EXE (LANDesk Software Ltd.)
    PRC - C:\WINDOWS\System32\ntfrs.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\sbscrexe.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\wins.exe (Microsoft Corporation)
    PRC - E:\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
    SRV - (Brother XP spl Service [Disabled | Stopped]) -- C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd)
    SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (DefWatch [Auto | Running]) -- C:\Program Files\SAV\DefWatch.exe (Symantec Corporation)
    SRV - (Dfs [Auto | Running]) -- C:\WINDOWS\System32\Dfssvc.exe (Microsoft Corporation)
    SRV - (DHCPServer [Auto | Running]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
    SRV - (DNS [Auto | Running]) -- C:\WINDOWS\System32\dns.exe (Microsoft Corporation)
    SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (gtwyns [On_Demand | Stopped]) -- G:\sea78\gtwysrvr\BIN\siebsvc.exe (Siebel Systems, Inc.)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (IMAP4Svc [Disabled | Stopped]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (Intel Alert Handler [Auto | Running]) -- C:\WINDOWS\System32\ams_ii\hndlrsvc.exe (LANDesk Software Ltd.)
    SRV - (Intel Alert Originator [Auto | Running]) -- C:\WINDOWS\System32\ams_ii\iao.exe (LANDesk Software Ltd.)
    SRV - (Intel File Transfer [Auto | Running]) -- C:\WINDOWS\System32\cba\xfr.exe (LANDesk Software Ltd.)
    SRV - (Intel PDS [Auto | Running]) -- C:\WINDOWS\System32\cba\pds.exe (LANDesk Software Ltd.)
    SRV - (IsmServ [Disabled | Stopped]) -- C:\WINDOWS\System32\ismserv.exe (Microsoft Corporation)
    SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (LicenseService [Auto | Running]) -- C:\WINDOWS\System32\llssrv.exe (Microsoft Corporation)
    SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
    SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
    SRV - (MSExchangeES [On_Demand | Stopped]) -- C:\Program Files\Exchsrvr\bin\events.exe (Microsoft Corporation)
    SRV - (MSExchangeIS [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
    SRV - (MSExchangeMGMT [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
    SRV - (MSExchangeMTA [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
    SRV - (MSExchangeSA [Auto | Running]) -- C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
    SRV - (MSExchangeSRS [Disabled | Stopped]) -- C:\Program Files\Exchsrvr\bin\srsmain.exe (Microsoft Corporation)
    SRV - (MSPOP3Connector [Auto | Running]) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
    SRV - (MSSEARCH [Auto | Running]) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
    SRV - (MSSQL$SBSMONITORING [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
    SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (NntpSvc [Disabled | Stopped]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (NSCTOP [Auto | Running]) -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
    SRV - (NtFrs [Auto | Running]) -- C:\WINDOWS\System32\ntfrs.exe (Microsoft Corporation)
    SRV - (OracleDBConsoleorcl [On_Demand | Stopped]) -- G:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe (Oracle Corporation)
    SRV - (OracleJobSchedulerORCL [On_Demand | Stopped]) -- g:\oracle\product\10.2.0\db_1\Bin\extjob.exe ()
    SRV - (OracleOraDb10g_home1iSQL*Plus [On_Demand | Stopped]) -- G:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe (Oracle)
    SRV - (OracleOraDb10g_home1TNSListener [On_Demand | Stopped]) -- G:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe ()
    SRV - (OracleServiceORCL [On_Demand | Stopped]) -- g:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
    SRV - (POP3Svc [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (Reporting [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe (Symantec Corporation)
    SRV - (RESvc [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (RSoPProv [On_Demand | Stopped]) -- C:\WINDOWS\System32\RSoPProv.exe (Microsoft Corporation)
    SRV - (sacsvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
    SRV - (SBAMSvc [Auto | Running]) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
    SRV - (SBCore [Unknown | Running]) -- Service key not found. File not found
    SRV - (siebsrvr_ENT_TS_APP_TS1 [On_Demand | Stopped]) -- G:\sea78\siebsrvr\BIN\siebsvc.exe (Siebel Systems, Inc.)
    SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
    SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    SRV - (SPTimer [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE (Microsoft Corporation)
    SRV - (SQLAgent$SBSMONITORING [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE (Microsoft Corporation)
    SRV - (sugarApache [Auto | Running]) -- C:\Program Files\sugarcrm-4.5.1e\apache2\bin\Apache.exe (Apache Software Foundation)
    SRV - (sugarMysql [Auto | Running]) -- C:\Program Files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe ()
    SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\SAV\Rtvscan.exe (Symantec Corporation)
    SRV - (TrkSvr [Disabled | Stopped]) -- C:\WINDOWS\System32\trksvr.dll (Microsoft Corporation)
    SRV - (Tssdis [Disabled | Stopped]) -- C:\WINDOWS\System32\tssdis.exe (Microsoft Corporation)
    SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
    SRV - (W3SVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (WINS [Auto | Running]) -- C:\WINDOWS\System32\wins.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (arc [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
    DRV - (ClusDisk [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ClusDisk.sys (Microsoft Corporation)
    DRV - (DfsDriver [Boot | Running]) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
    DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (EXIFS [Auto | Running]) -- C:\WINDOWS\System32\drivers\exifs.sys (Microsoft Corporation)
    DRV - (hpcisss [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (lsi_sas [Boot | Running]) -- C:\WINDOWS\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091013.002\NAVENG.SYS (Symantec Corporation)
    DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091013.002\NAVEX15.SYS (Symantec Corporation)
    DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
    DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
    DRV - (RTL8169 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RT8169xp.sys (Realtek Semiconductor Corporation )
    DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SAVRT [System | Running]) -- C:\Program Files\SAV\savrt.sys (Symantec Corporation)
    DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\SAV\Savrtpel.sys (Symantec Corporation)
    DRV - (SBRE [System | Running]) -- C:\WINDOWS\System32\drivers\SBREdrv.sys (Sunbelt Software)
    DRV - (sbtis [System | Running]) -- C:\WINDOWS\System32\drivers\sbtis.sys (Sunbelt Software)
    DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
    DRV - (WLBS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wlbs.sys (Microsoft Corporation)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:59 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/08 16:48:11 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/28 15:27:11 | 00,000,000 | ---D | M]

    [2009/10/08 16:48:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
    [2009/10/08 16:48:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/10/12 17:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\990ui50c.default\extensions
    [2009/10/12 16:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\990ui50c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/08/28 15:27:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/08/28 15:27:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/07/30 12:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/07/30 12:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/07/30 12:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2009/07/30 08:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/07/30 08:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/07/30 08:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/07/30 08:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/07/30 08:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/07/30 08:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/07/30 08:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [ICW Reminder] C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
    O4 - HKLM..\Run: [vptray] C:\Program Files\SAV\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Siebel TrickleSync.lnk = G:\sea78\Client\BIN\autosync.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {0006F063-0000-0000-C000-000000000046} http://activex.microsoft.com/activex/controls/office/outlctlx.CAB (Reg Error: Key error.)
    O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Smartscript.cab (Siebel SmartScript)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_HTML_Editor.cab (Siebel Marketing HTML Editor)
    O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Microsite_Layout.cab (Siebel Microsite Layout Designer)
    O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Calendar.cab (Siebel Event Calendar)
    O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Container_Control.cab (CSSAxContainerCtrl Class)
    O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Test_Automation.cab (Siebel Test Automation)
    O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
    O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_iHelp.cab (Siebel iHelp)
    O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Hospitality_Gantt.cab (Siebel Hospitality Gantt Chart)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170763223937 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181667256234 (MUWebControl Class)
    O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Calendar.cab (Siebel Calendar)
    O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_UInbox.cab (UInboxDynBtn Class)
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} http://ss-srv/Remote/msrdp.cab (Microsoft Terminal Services Client Control (redist))
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_14)
    O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration)
    O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Gantt_Chart.cab (Siebel Gantt Chart)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} http://ss-srv/sales_enu/19230/applets/SiebelAx_Calendar.cab (Siebel Calendar)
    O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_CTI_Toolbar.cab (Siebel Callcenter Communications Toolbar)
    O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Allocation.cab (Siebel Marketing Allocation)
    O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_14)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
    O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} http://ss-srv/sales_enu/19230/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
    O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} file:///G:/sea78/Client/PUBLIC/enu/19213/applets/iTools.cab (CIC Ink Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XYZ.local
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/01/29 19:40:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{c10dca28-92f0-11de-acba-00137236f960}\Shell\AutoRun\command - "" = E:\TrueCrypt\TrueCrypt.exe -- File not found
    O33 - MountPoints2\{c10dca28-92f0-11de-acba-00137236f960}\Shell\dismount\command - "" = E:\TrueCrypt\TrueCrypt.exe -- File not found
    O33 - MountPoints2\{c10dca28-92f0-11de-acba-00137236f960}\Shell\start\command - "" = E:\TrueCrypt\TrueCrypt.exe -- File not found
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    NetSvcs: Ias - Service key not found. File not found
    NetSvcs: Iprip - Service key not found. File not found
    NetSvcs: Irmon - Service key not found. File not found
    NetSvcs: NWCWorkstation - Service key not found. File not found
    NetSvcs: Nwsapagent - Service key not found. File not found
    NetSvcs: Sacsvr - C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
    NetSvcs: TrkSvr - C:\WINDOWS\System32\trksvr.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - Service key not found. File not found
    NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)


    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
    SafeBootMin: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
    SafeBootMin: SBCore - C:\WINDOWS\System32\sbscrexe.exe (Microsoft Corporation)
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: wd.sys - Driver
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: nm - C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
    SafeBootNet: nm.sys - C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: sacsvr - C:\WINDOWS\System32\sacsvr.dll (Microsoft Corporation)
    SafeBootNet: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
    SafeBootNet: SBCore - C:\WINDOWS\System32\sbscrexe.exe (Microsoft Corporation)
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: UploadMgr - Service
    SafeBootNet: vga.sys - Driver
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4CF07653-FE0F-11D4-A548-0090278A1BB8} - .NET Framework
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
    ActiveX: {A509B1A7-37EF-4b3f-8CFC-4F3A74704073} - %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin
    ActiveX: {A509B1A8-37EF-4b3f-8CFC-4F3A74704073} - %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser
    ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -

    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

    ========== Files/Folders - Created Within 30 Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]
    [8 C:\WINDOWS\*.tmp files]
    [2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
    [2009/10/08 17:52:24 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    [2009/10/13 11:35:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2009/10/09 10:56:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/10/08 20:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
    [2009/10/09 11:08:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/10/08 17:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
    [2009/10/09 10:57:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2009/10/08 16:48:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2009/10/08 20:21:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sunbelt
    [2009/10/09 11:07:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2009/10/08 16:48:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2009/10/08 17:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2009/10/09 11:06:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/10/09 11:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2009/10/13 11:35:58 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2009/10/09 10:56:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/08 20:20:42 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
    [2009/10/09 11:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/10/09 11:47:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/10/09 13:01:36 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2009/10/14 04:07:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2009/10/13 11:40:08 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2009/10/13 11:40:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2009/10/09 13:04:42 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2009/10/09 13:02:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\AV and spyware logs
    [2009/10/09 11:46:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/10/09 10:56:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/10/09 10:56:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/10/08 20:21:16 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
    [2009/10/08 16:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
    [2009/10/08 16:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

    ========== Files - Modified Within 30 Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]
    [8 C:\WINDOWS\*.tmp files]
    [2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
    [2009/10/14 10:27:40 | 00,002,584 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
    [2009/10/14 09:46:41 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job
    [2009/10/14 07:00:08 | 00,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{9e8e654e-cb30-11db-8344-00064f447400}.job
    [2009/10/14 07:00:06 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{4ff22649-afda-11db-9770-00137236f960}.job
    [2009/10/14 07:00:03 | 00,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{69dc6554-afc5-11db-a9d2-806e6f6e6963}.job
    [2009/10/14 06:05:44 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
    [2009/10/14 04:32:13 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Collect Usage Data.job
    [2009/10/14 03:20:11 | 01,007,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/10/14 03:20:10 | 00,279,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/10/14 03:20:09 | 01,318,406 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/10/14 03:17:26 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2009/10/14 03:14:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/10/14 03:14:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/10/14 03:05:31 | 02,001,030 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
    [2009/10/13 11:40:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2009/10/13 11:39:59 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2009/10/13 11:36:55 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2009/10/12 14:23:15 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/10/10 23:00:20 | 00,000,600 | ---- | M] () -- C:\WINDOWS\tasks\Back Up Small Business Server.job
    [2009/10/09 13:03:16 | 00,016,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/10/09 11:47:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
    [2009/10/09 11:45:46 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2009/10/09 11:45:35 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
    [2009/10/09 11:45:35 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
    [2009/10/09 11:07:46 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/09 10:57:00 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/08 20:20:50 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
    [2009/10/08 16:48:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2009/10/05 06:30:29 | 00,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Server Usage Report.job
    [2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

    ========== Files - No Company Name ==========
    [2009/10/13 14:22:24 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2009/10/13 11:40:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2009/10/13 11:36:55 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2009/10/09 13:05:28 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2009/10/09 11:47:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
    [2009/10/09 11:45:46 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2009/10/09 11:45:35 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
    [2009/10/09 11:45:35 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
    [2009/10/09 11:07:46 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/09 10:57:00 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/08 20:20:49 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
    [2009/10/08 16:48:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/06/23 03:05:11 | 02,001,030 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
    [2008/12/23 16:33:18 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2007/11/02 17:43:27 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO8440.ini
    [2007/11/02 12:17:53 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2007/11/01 16:22:29 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2007/11/01 16:22:09 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2007/09/13 06:00:36 | 03,876,732 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SysBkup.evt
    [2007/09/13 06:00:21 | 16,777,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AppBkup.evt
    [2007/09/13 06:00:00 | 67,108,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SecBkup.evt
    [2007/09/10 18:29:14 | 00,016,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2007/08/24 17:27:34 | 00,000,536 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/06/20 21:41:29 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2007/01/29 23:34:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/01/29 20:45:58 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2007/01/29 20:22:35 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2007/01/29 20:12:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
    [2007/01/29 20:11:01 | 00,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2007/01/29 20:11:01 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2007/01/29 20:11:00 | 00,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
    [2007/01/29 20:10:58 | 00,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2007/01/29 20:10:58 | 00,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2007/01/29 20:10:57 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2007/01/29 20:03:32 | 00,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
    [2007/01/29 19:59:33 | 00,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
    [2007/01/29 19:48:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
    [2007/01/29 19:26:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
    [2007/01/29 19:16:34 | 00,000,491 | ---- | C] () -- C:\WINDOWS\win.ini
    [2007/01/29 19:16:14 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
    [2007/01/29 19:15:38 | 00,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
    [2007/01/29 19:15:08 | 00,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
    [2007/01/29 19:15:08 | 00,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
    [2007/01/29 19:15:06 | 00,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
    [2007/01/29 19:13:54 | 00,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
    [2007/01/29 19:13:48 | 00,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
    [2003/07/01 11:40:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ilinkcom.dll
    [1998/12/23 15:00:00 | 00,058,368 | ---- | C] () -- C:\WINDOWS\System32\hsapi.dll

    ========== LOP Check ==========

    [2009/10/09 11:07:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
    [2007/11/10 16:17:34 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Application Data\Brother
    [2009/08/31 12:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
    [2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
    [2009/10/13 11:35:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/10/13 11:36:58 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    [2007/11/01 16:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
    [2009/10/09 10:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/10/13 11:40:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2009/10/10 23:00:20 | 00,000,600 | ---- | M] () -- C:\WINDOWS\Tasks\Back Up Small Business Server.job
    [2009/10/14 09:46:41 | 00,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Server Performance Data.job
    [2009/10/14 04:32:13 | 00,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Usage Data.job
    [2006/05/25 17:02:10 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/10/14 03:17:26 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2009/10/14 03:14:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
    [2009/10/14 03:06:42 | 00,032,570 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
    [2009/10/14 07:00:06 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{4ff22649-afda-11db-9770-00137236f960}.job
    [2009/10/14 07:00:03 | 00,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{69dc6554-afc5-11db-a9d2-806e6f6e6963}.job
    [2009/10/14 07:00:08 | 00,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{9e8e654e-cb30-11db-8344-00064f447400}.job
    [2009/10/05 06:30:29 | 00,000,608 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Server Usage Report.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >


  • Registered Users, Registered Users 2 Posts: 646 ✭✭✭John2002


    Extras.txt


    OTL Extras logfile created on: 14/10/2009 10:25:12 - Run 1
    OTL by OldTimer - Version 3.0.20.0 Folder = E:\
    Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 25.00 Gb Total Space | 5.71 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 7.49 Gb Total Space | 6.87 Gb Free Space | 91.75% Space Free | Partition Type: FAT32
    F: Drive not present or media not loaded
    Drive G: | 20.00 Gb Total Space | 3.08 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive U: | 10.00 Gb Total Space | 1.26 Gb Free Space | 12.57% Space Free | Partition Type: NTFS

    Computer Name: SS-SRV
    Current User Name: administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Windows Small Business Server ActiveSync
    "{108BE742-0564-4734-AE54-74F81263FB04}" = Windows Small Business Server Licensing
    "{32329147-8629-40E2-B503-33E761E34439}" = Reporting Agents (Symantec Corporation)
    "{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
    "{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Windows Small Business Server Backup
    "{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App
    "{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring
    "{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
    "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
    "{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
    "{72373D02-7E80-4261-91B7-E6F38541D629}" = VIPRE Antivirus + Antispyware
    "{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup
    "{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin
    "{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
    "{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Windows Small Business Server Fax
    "{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
    "{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}" = Symantec AntiVirus
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A2B40ABC-025A-4389-8148-86CED357B259}" = Microsoft Connector for POP3 Mailboxes
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
    "{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Windows Small Business Server Documents
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{B32A6E90-74BB-4C54-941A-A85FD596E576}" = Symantec System Center
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Windows Small Business Server Connectivity
    "{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Windows Small Business Server Client Experience
    "{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Windows Small Business Server Remote Portal
    "{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D846DDEE-EDF2-445F-96A4-175544202D32}" = Windows Small Business Server Fax Cfg
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "4777032f-038f-a026-296d-9cb198ec1a88" = Siebel Enterprise Servers full uninstall
    "53d5eb59-d3e7-27c9-301e-326618da645c" = Siebel Web Server Extensions full uninstall
    "5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ATI Display Driver" = ATI Display Driver
    "Belarc Advisor" = Belarc Advisor 7.2
    "ERUNT_is1" = ERUNT 1.1j
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
    "Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "Siebel Uninstall Manager" = Siebel Systems Uninstallation Manager
    "SugarCRM 4.5.1e" = SugarCRM
    "Symantec System Center" = Symantec System Center
    "WIC" = Windows Imaging Component
    "Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
    "WinPcapInst" = WinPcap 4.1 beta5
    "Wireshark" = Wireshark 1.2.1
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 14/10/2009 04:46:17 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
    Description = The downloading process for mailbox <ss@XYZ.com [mail.XYZ.com]>
    was ended with one or more errors.

    Error - 14/10/2009 04:46:38 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
    Description = An error occurred during a POP3 transaction to server <mail.XYZ.com
    [amd@XYZ.com]>. The error is 10060 (A connection attempt
    failed because the connected party did not properly respond after a period of time,
    or established connection failed because connected host has failed to respond. ).

    Error - 14/10/2009 04:46:38 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
    Description = The downloading process for mailbox <amd@XYZ.com
    [mail.XYZ.com]> was ended with one or more errors.

    Error - 14/10/2009 04:46:59 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
    Description = An error occurred during a POP3 transaction to server <mail.XYZ.com
    [rb@XYZ.com]>. The error is 10060 (A connection attempt failed
    because the connected party did not properly respond after a period of time, or
    established connection failed because connected host has failed to respond. ).

    Error - 14/10/2009 04:46:59 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
    Description = The downloading process for mailbox <rb@XYZ.com [mail.XYZ.com]>
    was ended with one or more errors.

    Error - 14/10/2009 04:47:20 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
    Description = An error occurred during a POP3 transaction to server <82.195.128.132
    [vt@XYZ.com]>. The error is 10060 (A connection attempt failed
    because the connected party did not properly respond after a period of time, or
    established connection failed because connected host has failed to respond. ).

    Error - 14/10/2009 04:47:20 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
    Description = The downloading process for mailbox <vt@XYZ.com [82.195.128.132]>
    was ended with one or more errors.

    Error - 14/10/2009 04:50:56 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1036
    Description = An error occurred during a POP3 transaction to server <82.195.128.132
    [jc@XYZ.com]>. The error is 10060 (A connection attempt failed because
    the connected party did not properly respond after a period of time, or established
    connection failed because connected host has failed to respond. ).

    Error - 14/10/2009 04:50:56 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1023
    Description = The downloading process for mailbox <jc@XYZ.com [82.195.128.132]>
    was ended with one or more errors.

    Error - 14/10/2009 04:50:56 | Computer Name = SS-SRV | Source = POP3 Connector | ID = 1019
    Description = The message download process finished with one or more errors.

    [ DNS Server Events ]
    Error - 06/02/2009 11:41:38 | Computer Name = SS-SRV | Source = DNS | ID = 6702
    Description = DNS server has updated its own host (A) records. In order to ensure
    that its DS-integrated peer DNS servers are able to replicate with this server,
    an attempt was made to update them with the new records through dynamic update.
    An error was encountered during this update, the record data is the error code. If
    this DNS server does not have any DS-integrated peers, then this error should be
    ignored. If this DNS server's Active Directory replication partners do not have
    the correct IP address(es) for this server, they will be unable to replicate with
    it. To ensure proper replication: 1) Find this server's Active Directory replication
    partners that run the DNS server. 2) Open DnsManager and connect in turn to each
    of the replication partners. 3) On each server, check the host (A record) registration
    for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
    of this server. 5) If there are no A records for this server, add at least one A
    record corresponding to an address on this server, that the replication partner can
    contact.
    (In other words, if there multiple IP addresses for this DNS server, add at least
    one that is on the same network as the Active Directory DNS server you are updating.)

    6)
    Note, that is not necessary to update EVERY replication partner. It is only necessary
    that the records are fixed up on enough replication partners so that every server
    that replicates with this server will receive (through replication) the new data.

    Error - 06/02/2009 11:43:15 | Computer Name = SS-SRV | Source = DNS | ID = 6702
    Description = DNS server has updated its own host (A) records. In order to ensure
    that its DS-integrated peer DNS servers are able to replicate with this server,
    an attempt was made to update them with the new records through dynamic update.
    An error was encountered during this update, the record data is the error code. If
    this DNS server does not have any DS-integrated peers, then this error should be
    ignored. If this DNS server's Active Directory replication partners do not have
    the correct IP address(es) for this server, they will be unable to replicate with
    it. To ensure proper replication: 1) Find this server's Active Directory replication
    partners that run the DNS server. 2) Open DnsManager and connect in turn to each
    of the replication partners. 3) On each server, check the host (A record) registration
    for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
    of this server. 5) If there are no A records for this server, add at least one A
    record corresponding to an address on this server, that the replication partner can
    contact.
    (In other words, if there multiple IP addresses for this DNS server, add at least
    one that is on the same network as the Active Directory DNS server you are updating.)

    6)
    Note, that is not necessary to update EVERY replication partner. It is only necessary
    that the records are fixed up on enough replication partners so that every server
    that replicates with this server will receive (through replication) the new data.

    Error - 06/02/2009 12:18:55 | Computer Name = SS-SRV | Source = DNS | ID = 6702
    Description = DNS server has updated its own host (A) records. In order to ensure
    that its DS-integrated peer DNS servers are able to replicate with this server,
    an attempt was made to update them with the new records through dynamic update.
    An error was encountered during this update, the record data is the error code. If
    this DNS server does not have any DS-integrated peers, then this error should be
    ignored. If this DNS server's Active Directory replication partners do not have
    the correct IP address(es) for this server, they will be unable to replicate with
    it. To ensure proper replication: 1) Find this server's Active Directory replication
    partners that run the DNS server. 2) Open DnsManager and connect in turn to each
    of the replication partners. 3) On each server, check the host (A record) registration
    for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
    of this server. 5) If there are no A records for this server, add at least one A
    record corresponding to an address on this server, that the replication partner can
    contact.
    (In other words, if there multiple IP addresses for this DNS server, add at least
    one that is on the same network as the Active Directory DNS server you are updating.)

    6)
    Note, that is not necessary to update EVERY replication partner. It is only necessary
    that the records are fixed up on enough replication partners so that every server
    that replicates with this server will receive (through replication) the new data.

    Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4015
    Description = The DNS server has encountered a critical error from the Active Directory.
    Check
    that the Active Directory is functioning properly. The extended error debug information
    (which may be empty) is "". The event data contains the error.

    Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone .. This DNS server is configured to use information obtained from Active
    Directory
    for this zone and is unable to load the zone without it. Check that the Active
    Directory is functioning properly and repeat enumeration of the zone. The extended
    error debug information (which may be empty) is "". The event data contains the
    error.

    Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone _msdcs.XYZ.local. This DNS server is configured to use information obtained
    from Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat enumeration of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
    obtained from Active Directory for this zone and is unable to load the zone without
    it. Check that the Active Directory is functioning properly and repeat enumeration
    of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 11/03/2009 23:09:54 | Computer Name = SS-SRV | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone XYZ.local. This DNS server is configured to use information obtained
    from Active Directory for this zone and is unable to load the zone without it. Check
    that
    the Active Directory is functioning properly and repeat enumeration of the zone.
    The
    extended error debug information (which may be empty) is "". The event data contains
    the error.

    Error - 24/08/2009 00:09:57 | Computer Name = SS-SRV | Source = DNS | ID = 4016
    Description = The DNS server timed out attempting an Active Directory service operation
    on
    ---. Check Active Directory to see that it is functioning properly. The event data
    contains the error.

    Error - 07/09/2009 05:13:42 | Computer Name = SS-SRV | Source = DNS | ID = 6702
    Description = DNS server has updated its own host (A) records. In order to ensure
    that its DS-integrated peer DNS servers are able to replicate with this server,
    an attempt was made to update them with the new records through dynamic update.
    An error was encountered during this update, the record data is the error code. If
    this DNS server does not have any DS-integrated peers, then this error should be
    ignored. If this DNS server's Active Directory replication partners do not have
    the correct IP address(es) for this server, they will be unable to replicate with
    it. To ensure proper replication: 1) Find this server's Active Directory replication
    partners that run the DNS server. 2) Open DnsManager and connect in turn to each
    of the replication partners. 3) On each server, check the host (A record) registration
    for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
    of this server. 5) If there are no A records for this server, add at least one A
    record corresponding to an address on this server, that the replication partner can
    contact.
    (In other words, if there multiple IP addresses for this DNS server, add at least
    one that is on the same network as the Active Directory DNS server you are updating.)

    6)
    Note, that is not necessary to update EVERY replication partner. It is only necessary
    that the records are fixed up on enough replication partners so that every server
    that replicates with this server will receive (through replication) the new data.

    [ File Replication Service Events ]
    Error - 10/04/2007 22:17:55 | Computer Name = SS-SRV | Source = NtFrs | ID = 13571
    Description = The File Replication Service has detected that one or more volumes
    on this computer have the same Volume Serial Number. File Replication Service does
    not support this configuration. Files may not replicate until this conflict is
    resolved. Volume Serial Number : 80b1-e0d9 List of volumes that have this Volume
    Serial Number: c:, c: The output of "dir" command displays the Volume Serial Number
    before
    listing the contents of the folder.

    Error - 01/08/2007 08:11:24 | Computer Name = SS-SRV | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path c: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a c:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 01/08/2007 08:11:25 | Computer Name = SS-SRV | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path C: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a C:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 08/10/2009 14:38:37 | Computer Name = SS-SRV | Source = NtFrs | ID = 13571
    Description = The File Replication Service has detected that one or more volumes
    on this computer have the same Volume Serial Number. File Replication Service does
    not support this configuration. Files may not replicate until this conflict is
    resolved. Volume Serial Number : 80b1-e0d9 List of volumes that have this Volume
    Serial Number: c:, c: The output of "dir" command displays the Volume Serial Number
    before
    listing the contents of the folder.

    [ System Events ]
    Error - 13/10/2009 10:02:48 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver Samsung SCX-6x45 Series PCL 6 required for printer Samsung
    SCX-6x45 Series PCL 6 is unknown. Contact the administrator to install the driver
    before you log in again.

    Error - 13/10/2009 10:02:49 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver Dell Laser Printer 1720dn required for printer !!ss-05!Dell
    Laser Printer 1720dn is unknown. Contact the administrator to install the driver
    before you log in again.

    Error - 13/10/2009 10:02:50 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver Microsoft Office Document Image Writer Driver required for
    printer Microsoft Office Document Image Writer is unknown. Contact the administrator
    to install the driver before you log in again.

    Error - 13/10/2009 10:03:07 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
    Contact the administrator to install the driver before you log in again.

    Error - 13/10/2009 16:20:01 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
    Contact the administrator to install the driver before you log in again.

    Error - 13/10/2009 16:20:01 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver Dell Photo AIO Printer 924 required for printer Dell Photo
    AIO Printer 924 is unknown. Contact the administrator to install the driver before
    you log in again.

    Error - 13/10/2009 16:20:02 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver EPSON Stylus DX8400 Series required for printer EPSON Stylus
    DX8400 Series is unknown. Contact the administrator to install the driver before
    you log in again.

    Error - 13/10/2009 16:20:10 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver Microsoft Office Document Image Writer Driver required for
    printer Microsoft Office Document Image Writer is unknown. Contact the administrator
    to install the driver before you log in again.

    Error - 13/10/2009 16:20:11 | Computer Name = SS-SRV | Source = TermServDevices | ID = 1111
    Description = Driver Amyuni Document Converter 2.10 required for printer SagePDFPrinter
    is unknown. Contact the administrator to install the driver before you log in again.

    Error - 13/10/2009 22:17:01 | Computer Name = SS-SRV | Source = Service Control Manager | ID = 7024
    Description = The Symantec SPBBCSvc service terminated with service-specific error
    4294967295 (0xFFFFFFFF).


    < End of report >


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    looks fine, you don't have to do these scans if you don't want to, they are just an extra precaution

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Closed Accounts Posts: 2,045 ✭✭✭ttm


      Just a couple of (possibly dumb) thoughts?

      What has SBS got to do with Internet access in your setup and why are you looking there for the problem?

      Where do the clients DNS settings come from and where are they doing the lookups (SBS/Router or ISP).

      What router/firewall do you have?

      If there is anyway to move a couple of clients on a separate switch or hub I'd try that and see if they get the same problems. The not being able to save Word files can very very rarely be due to problem on a switch/hub. If you've had reports of corrupt Excel files saved to a network share I'd rush to replace the switch.


    6. Registered Users, Registered Users 2 Posts: 646 ✭✭✭John2002


      Ok, I ran TFC, it removed plenty of files.

      I also ran Malwarebytes, log is below, didn't find anything.

      Kapersky online scanner is still running so will post its results when it's done.


      Malwarebytes' Anti-Malware 1.41
      Database version: 2958
      Windows 5.2.3790 Service Pack 2

      14/10/2009 14:18:44
      mbam-log-2009-10-14 (14-18-44).txt

      Scan type: Quick Scan
      Objects scanned: 107574
      Time elapsed: 21 minute(s), 50 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)


    7. Registered Users, Registered Users 2 Posts: 646 ✭✭✭John2002


      ttm wrote: »
      Just a couple of (possibly dumb) thoughts?

      What has SBS got to do with Internet access in your setup and why are you looking there for the problem?

      Where do the clients DNS settings come from and where are they doing the lookups (SBS/Router or ISP).

      What router/firewall do you have?

      If there is anyway to move a couple of clients on a separate switch or hub I'd try that and see if they get the same problems. The not being able to save Word files can very very rarely be due to problem on a switch/hub. If you've had reports of corrupt Excel files saved to a network share I'd rush to replace the switch.

      Thanks for your response ttm, I'll try to answer your queries as best I can.

      According to ipconfig the clients DNS IP address is the SBS server.

      The router we're using is the standard eircom one, Morotola Netopia 2247-62. This is new as Eircom shipped me a new one when I rang them about our internet dropping. The only firewall ports that are open AFAIK are HTTP (80), PPTP (1723) and SMTP (25).

      I have a separate (3 month old) Linksys 5 port switch but problem happens to clients connected through both this and the router.

      The main reason I think there's a virus or some sort of malware on the server is that when logged in as admin on the server I cannot install a program from the desktop - I'm told I don't have permissions. I haven't changed any permissions.

      Also, if I download an executable to the desktop, it downloads fully but when I look at it it's suddenly 0KB. That's using FF.

      Thanks for your help.
      John.


    8. Closed Accounts Posts: 2,045 ✭✭✭ttm


      John2002 wrote: »
      Thanks for your response ttm, I'll try to answer your queries as best I can.

      According to ipconfig the clients DNS IP address is the SBS server.

      The router we're using is the standard eircom one, Morotola Netopia 2247-62. This is new as Eircom shipped me a new one when I rang them about our internet dropping. The only firewall ports that are open AFAIK are HTTP (80), PPTP (1723) and SMTP (25).

      I have a separate (3 month old) Linksys 5 port switch but problem happens to clients connected through both this and the router.

      The main reason I think there's a virus or some sort of malware on the server is that when logged in as admin on the server I cannot install a program from the desktop - I'm told I don't have permissions. I haven't changed any permissions.

      Also, if I download an executable to the desktop, it downloads fully but when I look at it it's suddenly 0KB. That's using FF.

      Thanks for your help.
      John.

      My point is just that you don't need to use the SBS server for anything for the internet, so for touble shooting you could give one client that uses the internet a lot Eircoms DNS settings on the Local Area Connection Properties while keeping DHCP and try giving another client OpenDNS settings and see if there is any difference when you notice a problem. Could just be Eircoms DNS playing up?

      I also wouldn't take too much notice of the Admin permissions on files as I've seen strange admin permision weirdness on every version of Windows server since NT4. Have you tried right clicking Internet Explorer and Run As Administrator and then go to the website for the download? I know you are logged in as the Admistrator but try it and see anyway as it can make a difference. The 0KB file might be due to the account you are using having permissions to the internet temp file but no permission to copy it to the desktop - event log might help and you might need to temporarily turn on event logging for object access failure. It might just be that Fire Fox doesn't have the permissions to move the files so try reinstalling and do a RUN AS on the installer.

      As far as ports open :confused: on a netopia router all you can do is forward specific ports to the servers IP address. Users open whatever ports they like every time they make a request. All your netopia "firewall" really does is stop data from the outside if there is no originating request for it on the inside so if there is malware on a client PC it can run as if there is no firewall stoping it as there isn't, the malware inside makes a request and the firewall allows it.


    9. Advertisement
    Advertisement