Results 1 to 6 of 6

Thread: Windos 2003 SBS Server Spam Server

  1. #1
    Junior Member
    Join Date
    Jul 2011
    Location
    Auckland, NZ
    Posts
    4

    Default Windos 2003 SBS Server Spam Server

    Hi,

    One of my customers recently was blacklisted on CBL for sending spam.
    on further investigation, it turned out that a user who had remote desktop access to the server, had had their password hacked.
    There were two installations that appeared to be spam mailers, ASM (ThInstall) and another install called ok_-_copy, which has a bunch of nasties in it, SQL Server, IMAP, MYSQL, FTP dictionaries etc.

    I removed them, into a safe, compressed folder, but i am still getting blacklisted. None of the antivirus or anti malware tools have found anything on the server. Trend Micro, Kapersky, etc.. (we have run Trend Micro)
    And Spybot and Malware Bytes havent found anything.

    The network runs a proxy server, and is blocking ports 25 and 587. I am about to block pop (110) as well. in case the infection is on another pc in the network.

    I dont know who to send the details of this "new" infection too?
    on that note, i dont know how to stop my blasted server from sending out spam!?!?! any hints?

    I have run OTL and checked all the files and programs, and cant see anything out of the ordinary.

    thanks!
    Truby

  2. #2
    Junior Member
    Join Date
    Jul 2011
    Location
    Auckland, NZ
    Posts
    4

    Default OTL.txt

    OTL logfile created on: 25/07/2011 9:29:59 a.m. - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: dd/MM/yyyy

    2.50 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 13.04% Memory free
    6.36 Gb Paging File | 3.95 Gb Available in Paging File | 62.18% Paging File free
    Paging file location(s): d:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 32.25 Gb Total Space | 8.06 Gb Free Space | 25.01% Space Free | Partition Type: NTFS
    Drive D: | 8.05 Gb Total Space | 4.05 Gb Free Space | 50.33% Space Free | Partition Type: FAT32
    Drive E: | 96.38 Gb Total Space | 68.06 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
    Drive G: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive L: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive P: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive R: | 32.25 Gb Total Space | 8.06 Gb Free Space | 25.01% Space Free | Partition Type: NTFS
    Drive S: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive U: | 96.38 Gb Total Space | 68.06 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
    Drive Z: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS

    Computer Name: SBSERVER | User Name: administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/25 09:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2011/03/30 02:56:02 | 002,483,728 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcService.exe
    PRC - [2011/03/30 01:21:02 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
    PRC - [2011/03/26 09:07:32 | 001,076,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    PRC - [2011/03/26 09:04:38 | 000,121,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    PRC - [2011/03/10 04:00:52 | 001,394,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe
    PRC - [2011/01/21 11:11:54 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    PRC - [2010/12/06 13:59:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/10/26 14:47:58 | 000,677,200 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
    PRC - [2010/10/25 20:25:56 | 000,046,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\svcGenericHost.exe
    PRC - [2010/10/25 20:25:36 | 000,039,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_SystemWatcher.exe
    PRC - [2010/10/25 20:24:58 | 000,050,000 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_RemoteConfig.exe
    PRC - [2010/10/25 20:24:58 | 000,050,000 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_Master.exe
    PRC - [2010/10/22 13:46:26 | 000,232,112 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
    PRC - [2010/10/21 03:03:32 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    PRC - [2010/09/17 10:57:05 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\iBUSOBM\aua\jvm\bin\auaJW.exe
    PRC - [2010/07/16 17:16:40 | 000,464,208 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Server\PCCSRV\wss\iCRCService.exe
    PRC - [2009/02/16 23:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
    PRC - [2008/11/26 16:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) -- E:\Exchsrvr\bin\store.exe
    PRC - [2008/05/09 18:23:30 | 000,073,728 | ---- | M] () -- C:\Program Files\iBUSOBM\aua\bin\Aua.exe
    PRC - [2007/04/17 14:03:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2007/02/18 00:30:48 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
    PRC - [2007/02/18 00:30:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
    PRC - [2007/02/17 04:08:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
    PRC - [2007/02/17 03:58:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
    PRC - [2007/02/17 03:55:16 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
    PRC - [2007/02/17 03:41:50 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
    PRC - [2007/02/17 03:31:48 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
    PRC - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
    PRC - [2007/02/17 02:58:36 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/11/10 13:25:46 | 001,776,640 | ---- | M] () -- C:\Program Files\Ricoh\Scheduler.exe
    PRC - [2005/08/25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- E:\Exchsrvr\bin\mad.exe
    PRC - [2005/08/25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- E:\Exchsrvr\bin\exmgmt.exe
    PRC - [2005/05/09 17:54:42 | 000,153,688 | ---- | M] (VERITAS Software Corporation) -- C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
    PRC - [2005/05/06 08:28:10 | 000,053,248 | ---- | M] (Adaptec Incorporated) -- C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
    PRC - [2005/04/14 08:40:58 | 000,045,134 | ---- | M] (APC) -- C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe
    PRC - [2005/04/14 08:40:52 | 000,028,672 | ---- | M] (APC) -- C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe
    PRC - [2004/07/14 01:05:10 | 001,527,887 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    PRC - [2004/07/14 01:05:10 | 000,065,536 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    PRC - [2004/04/01 18:21:16 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    PRC - [2003/09/11 11:43:45 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Monitoring\wblogsvc.exe
    PRC - [2003/09/11 11:43:05 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/25 09:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/09/08 00:08:31 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll
    MOD - [2007/02/17 04:09:16 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
    SRV - File not found [Disabled | Stopped] -- -- (UPS)
    SRV - File not found [Auto | Running] -- -- (ScanMail_SystemWatcher)
    SRV - File not found [Auto | Running] -- -- (ScanMail_RemoteConfig)
    SRV - File not found [Auto | Running] -- -- (ScanMail_Master)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/03/30 02:56:02 | 002,483,728 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcService.exe -- (ofcservice)
    SRV - [2011/03/30 01:21:02 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS) Windows Internet Name Service (WINS)
    SRV - [2011/01/21 11:11:54 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
    SRV - [2010/12/06 13:59:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/10/26 14:47:58 | 000,677,200 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (TmListen)
    SRV - [2010/10/25 20:21:34 | 000,033,616 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Messaging Security Agent\EUQ\EUQMonitor.exe -- (EUQ_Monitor)
    SRV - [2010/10/22 13:46:26 | 000,232,112 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe -- (OfcAoSMgr)
    SRV - [2010/07/16 17:16:40 | 000,464,208 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Security Server\PCCSRV\WSS\iCRCService.exe -- (TMiCRCScanService)
    SRV - [2010/04/28 11:33:58 | 000,262,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files\iBUSOBM\bin\CDPService.exe -- (OBCDPService) Continuous Data Protection (iBUS Online Backup Manager)
    SRV - [2010/04/28 11:33:58 | 000,077,824 | ---- | M] () [Auto | Stopped] -- C:\Program Files\iBUSOBM\bin\Scheduler.exe -- (OBScheduler) Online Backup Scheduler (iBUS Online Backup Manager)
    SRV - [2009/02/16 23:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
    SRV - [2008/11/26 16:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Exchsrvr\bin\store.exe -- (MSExchangeIS)
    SRV - [2008/11/26 15:43:19 | 003,598,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
    SRV - [2008/05/09 18:23:30 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\iBUSOBM\aua\bin\Aua.exe -- (OBAutoUpdate) AutoUpdateAgent (iBUS Online Backup Manager)
    SRV - [2008/02/14 16:54:00 | 001,111,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Dynamics NAV\Database Server\SERVER.exe -- (SBSERVER)
    SRV - [2007/02/18 00:30:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
    SRV - [2007/02/17 04:07:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
    SRV - [2007/02/17 03:58:10 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
    SRV - [2007/02/17 03:55:56 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
    SRV - [2007/02/17 03:41:50 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
    SRV - [2007/02/17 03:20:52 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
    SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
    SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
    SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
    SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) Network News Transfer Protocol (NNTP)
    SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
    SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV - [2007/02/17 03:19:28 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2007/02/17 02:50:02 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
    SRV - [2006/11/10 12:45:06 | 001,635,456 | ---- | M] (VERITAS Software Corporation) [On_Demand | Stopped] -- C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe -- (BackupExecJobEngine)
    SRV - [2006/07/11 05:42:34 | 003,310,144 | ---- | M] (VERITAS Software Corporation) [On_Demand | Stopped] -- C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe -- (BackupExecRPCService)
    SRV - [2006/07/11 05:40:54 | 000,830,528 | ---- | M] (VERITAS Software Corporation) [On_Demand | Stopped] -- C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe -- (BackupExecDeviceMediaService)
    SRV - [2006/07/11 05:37:56 | 000,507,456 | ---- | M] (VERITAS Software Corporation) [On_Demand | Stopped] -- C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe -- (BackupExecAgentAccelerator)
    SRV - [2005/08/25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
    SRV - [2005/08/25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
    SRV - [2005/08/25 18:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
    SRV - [2005/05/14 09:18:46 | 000,035,416 | ---- | M] (VERITAS Software Corporation) [On_Demand | Stopped] -- C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe -- (BackupExecAgentBrowser)
    SRV - [2005/05/06 08:28:10 | 000,053,248 | ---- | M] (Adaptec Incorporated) [Auto | Running] -- C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe -- (AdaptecStorageManagerAgent)
    SRV - [2005/04/14 08:40:58 | 000,045,134 | ---- | M] (APC) [Auto | Running] -- C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe -- (APCPBEServer)
    SRV - [2005/04/14 08:40:52 | 000,028,672 | ---- | M] (APC) [Auto | Running] -- C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe -- (APCPBEAgent)
    SRV - [2004/07/14 01:05:10 | 001,527,887 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
    SRV - [2004/07/14 01:05:10 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
    SRV - [2004/04/01 18:21:16 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
    SRV - [2003/11/12 15:34:56 | 000,098,304 | ---- | M] (Tyan Computer Corp) [On_Demand | Stopped] -- C:\Program Files\ML150 System Monitor Server Agent\MSMDataEngine.exe -- (MSMDataEngine)
    SRV - [2003/09/11 11:43:45 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Monitoring\wblogsvc.exe -- (WBLOGSVC)
    SRV - [2003/09/11 11:43:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
    SRV - [2003/09/11 07:26:10 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
    SRV - [2003/09/11 07:26:10 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
    SRV - [2003/06/03 19:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Exchsrvr\bin\events.exe -- (MSExchangeES)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2011/02/25 14:10:00 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2011/02/25 14:09:00 | 000,190,736 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2011/02/25 14:09:00 | 000,065,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/09/30 10:59:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2009/07/15 16:37:52 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
    DRV - [2009/05/19 16:42:38 | 000,009,216 | ---- | M] (Hewlett-Packard ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpdat.sys -- (hpdat)
    DRV - [2008/10/18 12:56:36 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2007/02/17 04:09:26 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
    DRV - [2007/02/17 02:49:38 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
    DRV - [2007/02/17 02:31:14 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
    DRV - [2005/08/25 17:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
    DRV - [2005/04/01 15:40:00 | 000,092,571 | R--- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACmgt)
    DRV - [2004/07/26 18:11:43 | 000,020,256 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
    DRV - [2004/04/02 20:43:18 | 000,037,704 | ---- | M] (VERITAS Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\04mmdat.sys -- (4mmdat--VRTS)
    DRV - [2003/09/18 19:23:52 | 000,016,136 | ---- | M] (VERITAS Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS -- (SCSIChanger)
    DRV - [2003/08/01 13:38:34 | 000,013,023 | ---- | M] (Tyan Computer System) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tyansmb.sys -- (tyansmb)
    DRV - [2003/03/25 11:05:30 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\4mmdat.sys -- (4mmdat)
    DRV - [2003/03/25 09:54:06 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
    DRV - [2002/10/09 17:27:48 | 000,008,064 | ---- | M] (Tyan Computer Co.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ipmidrv.sys -- (IPMI_Driver)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = sbserver:8080

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\ [2011/07/19 09:06:29 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/07/20 10:57:36 | 000,436,117 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
    O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
    O1 - Hosts: 127.0.0.1 123moviedownload.com
    O1 - Hosts: 127.0.0.1 www.123moviedownload.com
    O1 - Hosts: 127.0.0.1 www.123simsen.com
    O1 - Hosts: 15010 more lines...
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
    O4 - HKLM..\Run: [InterBaseGuardian] C:\Program Files\InterBase\bin\ibguard.exe (Inprise Corporation)
    O4 - HKLM..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe ()
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe (RICOH CO.,LTD.)
    O4 - HKLM..\Run: [OBSystemTray] C:\Program Files\iBUSOBM\bin\SystemTray.exe ()
    O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\e-Reader Scheduler.lnk = C:\Program Files\Ricoh\Scheduler.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70752} https://10.0.0.2:4343/officescan/con...l/WinNTChk.cab (ObjWinNTCheck Class)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/...?1187657256655 (MUCatalogWebControl Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/micr...?1186540780565 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1186540697768 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://10.0.0.2/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
    O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://10.0.0.2:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
    O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} https://10.0.0.2/SMB/console/html/root/AtxConsole.cab (Security Server Management Console)
    O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} https://10.0.0.2:4343/SMB/console/ht...AtxConsole.cab (Security Server Management Console)
    O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (HPSDDX Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} https://10.0.0.2/SMB/console/html/root/AtxConsole.cab (Security Server Management Console)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = taylormarine.co.nz
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/07/26 10:41:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{5f0bcbaa-92b4-11df-95a5-0002b3eedc25}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f0bcbaa-92b4-11df-95a5-0002b3eedc25}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5f0bcbaa-92b4-11df-95a5-0002b3eedc25}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{66c859b8-52fc-11dd-8029-0002b3eedc25}\Shell\AutoRun\command - "" = H:\setupSNK.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/25 09:27:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/07/25 09:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2011/07/25 09:17:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/25 09:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/07/25 09:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/07/25 09:17:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/07/25 09:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/07/25 09:16:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/07/25 09:10:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2011/07/25 09:05:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/07/25 09:05:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/07/25 09:05:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/07/25 08:21:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/07/22 09:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/07/22 09:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
    [2011/07/22 08:29:43 | 000,000,000 | ---D | C] -- C:\desktop
    [2011/07/22 08:15:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/07/22 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dodgy Programs
    [2011/07/21 12:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TCPView
    [2011/07/20 16:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Autoruns
    [2011/07/19 08:34:28 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
    [2011/07/19 08:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/25 09:45:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job
    [2011/07/25 09:34:18 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
    [2011/07/25 09:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/07/25 09:17:37 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/25 09:16:59 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/07/25 09:11:02 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2011/07/25 08:07:35 | 000,150,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Open Ports.JPG
    [2011/07/25 07:54:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/07/25 05:07:00 | 000,007,531 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
    [2011/07/25 04:33:46 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Collect Usage Data.job
    [2011/07/24 18:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Backup_NAV_Live.job
    [2011/07/22 14:31:58 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BE5AC0D0-E7EE-495B-A699-710423E2D6CC}.job
    [2011/07/22 08:56:14 | 001,190,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/07/22 08:56:14 | 000,347,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/07/22 08:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/22 07:31:53 | 000,000,848 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
    [2011/07/21 14:15:46 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Scripts.lnk
    [2011/07/21 12:48:56 | 000,290,954 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TCPView.zip
    [2011/07/21 08:42:54 | 000,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/07/20 16:40:21 | 000,005,296 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/07/20 10:57:36 | 000,436,117 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/07/19 09:17:36 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\testsql.zup
    [2011/07/17 10:13:55 | 000,035,750 | ---- | M] () -- C:\WINDOWS\ricdb.ini
    [2011/07/17 10:13:54 | 000,005,654 | ---- | M] () -- C:\WINDOWS\System32\RPCS.ini
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2011/07/06 16:32:28 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2011/07/06 16:32:28 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/25 09:17:37 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/25 08:07:35 | 000,150,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Open Ports.JPG
    [2011/07/21 12:48:54 | 000,290,954 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TCPView.zip
    [2011/04/04 12:01:00 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2011/01/25 13:58:00 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wfbshelp.ini
    [2009/11/10 10:30:30 | 000,005,746 | ---- | C] () -- C:\WINDOWS\cfgrt_ex.ini
    [2009/06/18 04:08:32 | 000,000,345 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/10/13 07:55:35 | 000,003,618 | ---- | C] () -- C:\WINDOWS\cfgspyms.ini
    [2008/10/13 07:55:34 | 000,004,412 | ---- | C] () -- C:\WINDOWS\cfgms.ini
    [2008/10/09 16:21:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\unicon.ini
    [2008/08/13 12:35:04 | 000,001,843 | ---- | C] () -- C:\WINDOWS\System32\RC98E1A0.dat
    [2008/08/11 10:43:08 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\dbms.zup
    [2008/08/11 10:30:33 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\fin.zup
    [2008/08/11 10:25:28 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\testsql.zup
    [2008/08/11 10:00:55 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dbms.zup
    [2007/11/26 16:27:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\APCSnmp.dll
    [2007/09/26 14:10:29 | 000,003,678 | ---- | C] () -- C:\WINDOWS\cfgspyps.ini
    [2007/09/13 10:07:21 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
    [2007/07/06 12:09:34 | 000,000,129 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/05/22 18:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
    [2007/05/03 14:54:24 | 000,004,485 | ---- | C] () -- C:\WINDOWS\cfgps.ini
    [2007/04/26 12:26:18 | 000,003,631 | ---- | C] () -- C:\WINDOWS\cfgrs_ex.ini
    [2007/04/26 12:26:17 | 000,004,420 | ---- | C] () -- C:\WINDOWS\cfgrs.ini
    [2007/02/18 00:26:18 | 000,004,725 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/09/13 11:33:01 | 000,017,586 | ---- | C] () -- C:\WINDOWS\cfgall.ini
    [2006/02/15 11:02:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AOReport.dll
    [2006/02/15 11:02:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\aocheck.exe
    [2006/02/15 11:01:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\myoem.dll
    [2005/06/30 11:28:15 | 000,002,031 | ---- | C] () -- C:\WINDOWS\PmData.Dat
    [2005/06/30 11:28:15 | 000,000,226 | ---- | C] () -- C:\WINDOWS\PMJobCli.ini
    [2005/06/30 11:28:12 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RLPR.dll
    [2005/06/30 11:28:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\rtcpf.dll
    [2005/06/30 11:28:11 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\rpnv2ui.dll
    [2005/06/30 11:28:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMObservps.dll
    [2005/06/30 11:28:06 | 000,012,358 | ---- | C] () -- C:\WINDOWS\PMRicMb.ini
    [2005/06/30 11:28:06 | 000,006,702 | ---- | C] () -- C:\WINDOWS\PMRicPMb.ini
    [2005/06/30 11:28:06 | 000,005,390 | ---- | C] () -- C:\WINDOWS\PMPrtMb.ini
    [2005/06/30 11:28:06 | 000,004,303 | ---- | C] () -- C:\WINDOWS\PMRicFMb.ini
    [2005/06/30 11:28:06 | 000,003,005 | ---- | C] () -- C:\WINDOWS\PMDvPrn.ini
    [2005/06/30 11:28:06 | 000,002,102 | ---- | C] () -- C:\WINDOWS\PMDvDev.ini
    [2005/06/30 11:28:06 | 000,002,047 | ---- | C] () -- C:\WINDOWS\PMDIOMb.ini
    [2005/06/30 11:28:06 | 000,002,036 | ---- | C] () -- C:\WINDOWS\PMHostMb.ini
    [2005/06/30 11:28:06 | 000,001,885 | ---- | C] () -- C:\WINDOWS\PMPSIOMb.ini
    [2005/06/30 11:28:06 | 000,001,727 | ---- | C] () -- C:\WINDOWS\PMRicSMb.ini
    [2005/06/30 11:28:06 | 000,001,706 | ---- | C] () -- C:\WINDOWS\PMRicCMb.ini
    [2005/06/30 11:28:06 | 000,001,494 | ---- | C] () -- C:\WINDOWS\PMMib2Mb.ini
    [2005/06/30 11:28:06 | 000,001,143 | ---- | C] () -- C:\WINDOWS\PMDPIMb.ini
    [2005/06/30 11:28:06 | 000,001,110 | ---- | C] () -- C:\WINDOWS\PMDvFax.ini
    [2005/06/30 11:28:06 | 000,001,094 | ---- | C] () -- C:\WINDOWS\PMAxsMb.ini
    [2005/06/30 11:28:06 | 000,000,842 | ---- | C] () -- C:\WINDOWS\PMDvScan.ini
    [2005/06/30 11:28:06 | 000,000,423 | ---- | C] () -- C:\WINDOWS\PMDvCopy.ini
    [2005/06/30 11:28:06 | 000,000,332 | ---- | C] () -- C:\WINDOWS\PMSnmpMb.ini
    [2005/06/30 11:26:24 | 000,035,750 | ---- | C] () -- C:\WINDOWS\ricdb.ini
    [2005/06/30 11:26:22 | 000,005,654 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
    [2005/02/03 10:13:05 | 000,000,320 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
    [2004/08/09 11:05:38 | 000,002,651 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
    [2004/08/01 10:43:14 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
    [2004/07/28 09:49:22 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/07/27 14:36:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2004/07/27 14:17:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/07/27 14:08:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
    [2004/07/27 14:08:10 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
    [2004/07/27 14:03:27 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
    [2004/07/27 14:01:25 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
    [2004/07/26 18:17:53 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/07/26 18:16:37 | 000,095,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/07/26 11:53:39 | 000,001,933 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI
    [2004/07/26 11:50:15 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
    [2004/07/26 11:17:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/07/26 10:36:50 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/07/26 10:35:40 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2004/07/26 10:35:40 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2004/07/26 10:34:31 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2004/07/26 10:34:30 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2004/07/26 10:34:23 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2003/09/11 07:26:10 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/09/11 07:26:10 | 001,190,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/09/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/09/11 07:26:10 | 000,347,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/09/11 07:26:10 | 000,275,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/09/11 07:26:10 | 000,216,006 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/09/11 07:26:10 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
    [2003/09/11 07:26:10 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
    [2003/09/11 07:26:10 | 000,029,710 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/09/11 07:26:10 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
    [2003/09/11 07:26:10 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
    [2003/09/11 07:26:10 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
    [2003/09/11 07:26:10 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
    [2003/09/11 07:26:10 | 000,005,644 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2003/09/11 07:26:10 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
    [2003/09/11 07:26:10 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/09/11 07:26:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/09/11 07:26:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\mqtgsvc.exe.cfg

    < End of report >

  3. #3
    Junior Member
    Join Date
    Jul 2011
    Location
    Auckland, NZ
    Posts
    4

    Default Extras.txt

    OTL Extras logfile created on: 25/07/2011 9:30:00 a.m. - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: dd/MM/yyyy

    2.50 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 13.04% Memory free
    6.36 Gb Paging File | 3.95 Gb Available in Paging File | 62.18% Paging File free
    Paging file location(s): d:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 32.25 Gb Total Space | 8.06 Gb Free Space | 25.01% Space Free | Partition Type: NTFS
    Drive D: | 8.05 Gb Total Space | 4.05 Gb Free Space | 50.33% Space Free | Partition Type: FAT32
    Drive E: | 96.38 Gb Total Space | 68.06 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
    Drive G: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive L: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive P: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive R: | 32.25 Gb Total Space | 8.06 Gb Free Space | 25.01% Space Free | Partition Type: NTFS
    Drive S: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
    Drive U: | 96.38 Gb Total Space | 68.06 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
    Drive Z: | 67.83 Gb Total Space | 14.39 Gb Free Space | 21.22% Space Free | Partition Type: NTFS

    Computer Name: SBSERVER | User Name: administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000000-0000-5010-0002-0000836BD2D2}" = Microsoft Dynamics NAV 5.0 SP1 Database Server
    "{00000000-0000-5010-A800-0000836BD2D2}" = Microsoft Dynamics NAV 5.0 SP1 CSIDE Client
    "{0A07E717-BB5D-4B99-840B-6C5DED52B277}" = Trend Micro Worry-Free Business Security Agent
    "{0AFBEC56-6CF0-4ED1-B6D6-F255EC5867CA}" = Ezijobz SME
    "{0C753D2F-C64A-44B9-8FF4-A7752D8F2EC7}" = Windows Small Business Server Admin
    "{0F86FD09-BA63-4E45-A70B-604C1106C2F2}" = APC PowerChute Business Edition Console
    "{14C03D20-0507-419A-9E2A-3C17CDB10527}" = ML150 System Monitor Server Agent
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
    "{2734011B-3709-45B2-A946-5A1ADB1AFCFE}" = Windows Small Business Server Documents
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
    "{31271095-CD3A-4C9F-89F6-B5F6F3B35636}" = Windows Small Business Server Remote Portal
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
    "{3FEC3A5B-60FF-4626-B425-08E09B121A15}" = LogMeIn
    "{47DAC891-3058-4713-AC22-553A7BA1E1D8}" = ML150 System Monitor Console
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5D622FC5-B037-4505-AD5A-60555C2A05E9}" = Microsoft Connector for POP3 Mailboxes
    "{5DB0ECA1-4C56-488B-9BF1-FB300D9E1F54}" = Trend Micro Plug-in Manager
    "{64A411C9-DB09-4F01-A8D4-2D5227D7A074}" = Windows Small Business Server Licensing
    "{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)
    "{66C8DA1B-9156-44B6-B222-2219BC6F21A9}" = Windows Small Business Server Client Setup
    "{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
    "{73980FB5-5DF2-4DC8-9E53-14EF93FD72B6}" = Type3232 TWAIN Driver Ver.3
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8681E826-9DC6-4EAC-84B7-971EA795BD36}" = Microsoft Group Policy Management Console
    "{885CAC07-102C-4663-8283-51CBCE616211}" = HP StorageWorks Library And Tape Tools
    "{88A6C12D-DED9-412B-9CC2-643F03674EDF}" = Windows Small Business Server Fax Cfg
    "{8EFE8B68-29E3-4F11-980B-1CDC9E21B258}" = Windows Small Business Server Connectivity
    "{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
    "{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
    "{94251E15-F03A-42CF-B762-6A75B1A0790B}" = Adaptec Storage Manager
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
    "{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
    "{A6491A4A-AAA0-4892-BFEF-ECD6CECE2FF3}" = APC PowerChute Business Edition Server
    "{ACCB890A-C291-4157-92A1-5A56D71AB047}" = Windows Small Business Server Fax
    "{ACE0B250-0370-42D3-B137-16BB4BC0BD61}" = Windows Small Business Server ActiveSync
    "{B6131A80-CAAB-11D3-8246-00C0DFE13AD2}" = Adaptec Storage Manager
    "{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMONITORING)
    "{BCE9F441-9027-4911-82E0-5FB28057897D}" = APC PowerChute Business Edition Agent
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C138D676-4F0F-4FDE-8BE5-26CFD3566DCD}" = SmartDeviceMonitor for Client
    "{C8885E66-9862-4CEE-ADC4-F4769598C795}" = VERITAS Update
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DD2B5BC3-1FC9-4FCC-B49E-7F28AF3AACD8}" = VERITAS Backup Exec for Windows Servers
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (BKUPEXEC)
    "{E3DD8B4D-D2B2-457A-B5D6-66B5031535A2}" = Windows Small Business Server Backup
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E8964572-1F5B-4D32-80BA-F2D81E592A8D}" = SmartDeviceMonitor for Admin
    "{EB132F7D-C614-40F5-952C-ED7391638A1B}" = Windows Small Business Server Client Experience
    "{F44BD974-0ADA-4A17-894E-0BF75F724216}" = Trend Micro Messaging Security Agent
    "{FFFFED3C-5E7E-4C6C-A7B9-8BAB6181852B}" = Windows Small Business Server Monitoring
    "5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Borland InterBase 7.1 " = Borland InterBase 7.1
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "EMS InterBase/FireBird Manager" = EMS InterBase/FireBird Manager
    "ESET Online Scanner" = ESET Online Scanner v3
    "FBDBServer_1_5_is1" = Firebird 1.5.1.4481
    "Firebird ODBC Driver_is1" = Firebird ODBC Driver 1.2.0.69
    "IB Expert_is1" = IB Expert 2004 Personal Edition
    "iBUS Online Backup Manager_is1" = iBUS Online Backup Manager
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{885CAC07-102C-4663-8283-51CBCE616211}" = HP StorageWorks Library And Tape Tools
    "InstallShield_{94251E15-F03A-42CF-B762-6A75B1A0790B}" = Adaptec Storage Manager
    "LAN-Fax Utilities" = LAN-Fax Utilities
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
    "Microsoft SQL Server 2000" = Microsoft SQL Server 2000
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MYOB Payroll" = MYOB Payroll
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OfficeScanNT" = Trend Micro Client/Server Security Agent
    "PROSet" = Intel(R) Network Connections Drivers
    "Ricoh e-Reader_is1" = Ricoh e-Reader Version 5
    "Security Server-10.0.0.2" = Trend Micro Worry-Free Business Security Advanced
    "SMEX_{F44BD974-0ADA-4A17-894E-0BF75F724216}" = Trend Micro Messaging Security Agent
    "VERITAS Backup Exec 10.0" = VERITAS Backup Exec for Windows Servers
    "WIC" = Windows Imaging Component
    "Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
    "WinImage" = WinImage
    "Wofie" = Trend Micro Worry-Free Business Security Agent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21/07/2011 4:47:08 p.m. | Computer Name = SBSERVER | Source = MSExchangeDSAccess | ID = 264246
    Description = Process MAD.EXE (PID=4832). All Domain Controller Servers in use are
    not responding: sbserver.taylormarine.co.nz For more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 21/07/2011 4:47:14 p.m. | Computer Name = SBSERVER | Source = MSExchangeAL | ID = 8026
    Description = LDAP Bind was unsuccessful on directory sbserver.taylormarine.co.nz
    for distinguished name ''. Directory returned error:[0x51] Server Down. For more
    information, click http://www.microsoft.com/contentredirect.asp.

    Error - 21/07/2011 4:47:15 p.m. | Computer Name = SBSERVER | Source = MSExchangeAL | ID = 8026
    Description = LDAP Bind was unsuccessful on directory sbserver.taylormarine.co.nz
    for distinguished name ''. Directory returned error:[0x51] Server Down. For more
    information, click http://www.microsoft.com/contentredirect.asp.

    Error - 21/07/2011 4:47:15 p.m. | Computer Name = SBSERVER | Source = MSExchangeAL | ID = 8250
    Description = The Win32 API call 'DsGetDCNameW' returned error code [0x862] The
    specified component could not be found in the configuration information. The service
    could not be initialized. Make sure that the operating system was installed properly.


    For
    more information, click http://www.microsoft.com/contentredirect.asp.

    Error - 22/07/2011 12:23:38 a.m. | Computer Name = SBSERVER | Source = Userenv | ID = 1058
    Description = Windows cannot access the file gpt.ini for GPO CN={89459E49-9CD0-4DE7-9456-3E998B50181F},CN=Policies,CN=System,DC=taylormarine,DC=co,DC=nz.
    The file must be present at the location <\\taylormarine.co.nz\SysVol\taylormarine.co.nz\Policies\{89459E49-9CD0-4DE7-9456-3E998B50181F}\gpt.ini>.
    (The specified network name is no longer available. ). Group Policy processing
    aborted.

    Error - 22/07/2011 12:23:38 a.m. | Computer Name = SBSERVER | Source = Userenv | ID = 1030
    Description = Windows cannot query for the list of Group Policy objects. Check the
    event log for possible messages previously logged by the policy engine that describes
    the reason for this.

    Error - 22/07/2011 5:00:46 a.m. | Computer Name = SBSERVER | Source = NTBackup | ID = 8019
    Description = End Operation: Warnings or errors were encountered. Consult the backup
    report for more details.

    Error - 24/07/2011 4:13:05 p.m. | Computer Name = SBSERVER | Source = MSExchangeTransport | ID = 265174
    Description = A non-delivery report with a status code of 4.0.0 was generated for
    recipient rfc822;taylormarine@knutsford.co.nz (Message-ID <C71.449.4E29D877@sbserver.taylormarine.co.nz>).


    Error - 24/07/2011 4:18:33 p.m. | Computer Name = SBSERVER | Source = MSSQLSERVER | ID = 9003
    Description = The log scan number (1097:46:1) passed to log scan in database 'NAV_GST_Test'
    is not valid. This error may indicate data corruption or that the log file (.ldf)
    does not match the data file (.mdf). If this error occurred during replication,
    re-create the publication. Otherwise, restore from backup if the problem results
    in a failure during startup.

    Error - 24/07/2011 4:18:33 p.m. | Computer Name = SBSERVER | Source = MSSQLSERVER | ID = 3414
    Description = An error occurred during recovery, preventing the database 'NAV_GST_Test'
    (database ID 7) from restarting. Diagnose the recovery errors and fix them, or
    restore from a known good backup. If errors are not corrected or expected, contact
    Technical Support.

    [ DNS Server Events ]
    Error - 21/07/2011 4:47:14 p.m. | Computer Name = SBSERVER | Source = DNS | ID = 4015
    Description = The DNS server has encountered a critical error from the Active Directory.
    Check
    that the Active Directory is functioning properly. The extended error debug information
    (which may be empty) is "". The event data contains the error.

    Error - 21/07/2011 4:47:14 p.m. | Computer Name = SBSERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone .. This DNS server is configured to use information obtained from Active
    Directory
    for this zone and is unable to load the zone without it. Check that the Active
    Directory is functioning properly and repeat enumeration of the zone. The extended
    error debug information (which may be empty) is "". The event data contains the
    error.

    Error - 21/07/2011 4:47:14 p.m. | Computer Name = SBSERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone _msdcs.taylormarine.co.nz. This DNS server is configured to use information
    obtained from Active Directory for this zone and is unable to load the zone without
    it. Check that the Active Directory is functioning properly and repeat enumeration
    of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 21/07/2011 4:47:14 p.m. | Computer Name = SBSERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone 0.0.10.in-addr.arpa. This DNS server is configured to use information obtained
    from Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat enumeration of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    Error - 21/07/2011 4:47:14 p.m. | Computer Name = SBSERVER | Source = DNS | ID = 4004
    Description = The DNS server was unable to complete directory service enumeration
    of zone taylormarine.co.nz. This DNS server is configured to use information obtained
    from Active Directory for this zone and is unable to load the zone without it.
    Check that the Active Directory is functioning properly and repeat enumeration of
    the zone. The extended error debug information (which may be empty) is "". The event
    data contains the error.

    [ File Replication Service Events ]
    Error - 15/07/2011 6:28:02 a.m. | Computer Name = SBSERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path c: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a c:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    Error - 15/07/2011 6:28:02 a.m. | Computer Name = SBSERVER | Source = NtFrs | ID = 13570
    Description = The File Replication Service has detected that the volume hosting
    the path C: is low on disk space. Files may not replicate until disk space is made
    available on this volume. The available space on the volume can be found by typing
    "dir
    /a C:". For more information about managing space on a volume type "copy /?", "rename
    /?", "del /?", "rmdir /?", and "dir /?".

    [ System Events ]
    Error - 24/07/2011 3:26:04 p.m. | Computer Name = SBSERVER | Source = SAM | ID = 12294
    Description = The SAM database was unable to lockout the account of Administrator
    due to a resource error, such as a hard disk write failure (the specific error code
    is in the error data) . Accounts are locked after a certain number of bad passwords
    are provided so please consider resetting the password of the account mentioned above.

    Error - 24/07/2011 3:26:04 p.m. | Computer Name = SBSERVER | Source = SAM | ID = 12294
    Description = The SAM database was unable to lockout the account of Administrator
    due to a resource error, such as a hard disk write failure (the specific error code
    is in the error data) . Accounts are locked after a certain number of bad passwords
    are provided so please consider resetting the password of the account mentioned above.

    Error - 24/07/2011 3:26:09 p.m. | Computer Name = SBSERVER | Source = SAM | ID = 12294
    Description = The SAM database was unable to lockout the account of Administrator
    due to a resource error, such as a hard disk write failure (the specific error code
    is in the error data) . Accounts are locked after a certain number of bad passwords
    are provided so please consider resetting the password of the account mentioned above.

    Error - 24/07/2011 3:26:13 p.m. | Computer Name = SBSERVER | Source = SAM | ID = 12294
    Description = The SAM database was unable to lockout the account of Administrator
    due to a resource error, such as a hard disk write failure (the specific error code
    is in the error data) . Accounts are locked after a certain number of bad passwords
    are provided so please consider resetting the password of the account mentioned above.

    Error - 24/07/2011 3:26:33 p.m. | Computer Name = SBSERVER | Source = SAM | ID = 12294
    Description = The SAM database was unable to lockout the account of Administrator
    due to a resource error, such as a hard disk write failure (the specific error code
    is in the error data) . Accounts are locked after a certain number of bad passwords
    are provided so please consider resetting the password of the account mentioned above.

    Error - 24/07/2011 3:26:52 p.m. | Computer Name = SBSERVER | Source = SAM | ID = 12294
    Description = The SAM database was unable to lockout the account of Administrator
    due to a resource error, such as a hard disk write failure (the specific error code
    is in the error data) . Accounts are locked after a certain number of bad passwords
    are provided so please consider resetting the password of the account mentioned above.

    Error - 24/07/2011 3:29:08 p.m. | Computer Name = SBSERVER | Source = NETLOGON | ID = 5722
    Description = The session setup from the computer ACCOUNTS failed to authenticate.
    The
    name(s) of the account(s) referenced in the security database is ACCOUNTS$. The
    following error occurred: %%5

    Error - 24/07/2011 3:54:38 p.m. | Computer Name = SBSERVER | Source = TermServDevices | ID = 1111
    Description = Driver PDF Complete Converter required for printer PDF Complete is
    unknown. Contact the administrator to install the driver before you log in again.

    Error - 24/07/2011 3:54:39 p.m. | Computer Name = SBSERVER | Source = TermServDevices | ID = 1111
    Description = Driver HP Universal Printing PS required for printer HP Universal
    Printing PS is unknown. Contact the administrator to install the driver before you
    log in again.

    Error - 24/07/2011 4:51:00 p.m. | Computer Name = SBSERVER | Source = dpti2o | ID = 262153
    Description = The device, \Device\Scsi\dpti2o1, did not respond within the timeout
    period.


    < End of report >

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,690

    Default

    Hello Truby,

    In case you missed it please see the forum FAQ, "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

    Particularly post #5 in the thread. Personal computers or.....

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Jul 2011
    Location
    Auckland, NZ
    Posts
    4

    Default what now?

    thank you for that, what i really was asking was,
    i have a serious problem. the three companies i have talked to cant find out what is wrong. none of the spyware programs can find anything.
    I have found physical spyware / malware programs that i want to send it to someone / a malware company so they can add it to their list of programs they should be scanning for.

    But i cant seem to find anywhere to submit this data.
    now i could just work out what it is and how to remove it, and just let other people suffer with the same problem, what none of the spyware detection programs can find. but i thought it would be a public service to find this and help out other people before they too were infected.

    but i guess this isnt the case. i will just work it out myself, and everyone can suffer the same problems. guess the spammers win.

    Truby

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,690

    Default

    Hello Truby,

    To be able to directly examine threats and improve detections our detectives would need the file/s.

    Infected Files. How To Submit.

    Best regards.
    Last edited by tashi; 2011-09-08 at 19:18. Reason: Date of archive
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •