Jump to content

I am sending out lots of Spam


Recommended Posts

After running Malwarebytes I got the following log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4451

Windows 5.2.3790 Service Pack 2

Internet Explorer 6.0.3790.3959

8/23/2010 6:12:48 AM

mbam-log-2010-08-23 (06-12-48).txt

Scan type: Quick scan

Objects scanned: 183235

Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

After reboot and rerunning Malware I get the same results.

I did the following:

I ran defogger and log is attached.

I ran dds.scr but it failed said it was not compatible with my OS (Small business server 2003)

I ran GMER and the log is attached.

Any help would be great.

attach.zip

Link to post
Share on other sites

Hi,

Why are you using a server version of Windows?

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
    %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    ipconfig /all
    nslookup google.com
    nslookup yahoo.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    route print
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Link to post
Share on other sites

Thanks for the reply!

First log OTL.txt as follows:

OTL logfile created on: 8/26/2010 3:37:26 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController

Internet Explorer (Version = 6.0.3790.3959)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.99 Gb Total Space | 7.22 Gb Free Space | 36.15% Space Free | Partition Type: NTFS

Drive D: | 271.94 Gb Total Space | 218.22 Gb Free Space | 80.24% Space Free | Partition Type: NTFS

Drive E: | 48.00 Gb Total Space | 14.33 Gb Free Space | 29.86% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive R: | 271.94 Gb Total Space | 218.22 Gb Free Space | 80.24% Space Free | Partition Type: NTFS

Drive V: | 271.94 Gb Total Space | 218.22 Gb Free Space | 80.24% Space Free | Partition Type: NTFS

Computer Name: CLOWER-08

Current User Name: administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 15:35:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2010/06/22 08:48:23 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/06/22 08:48:18 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/06/22 08:48:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/06/22 08:48:12 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/06/22 08:48:10 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/06/22 08:48:09 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe

PRC - [2009/08/06 21:43:46 | 000,034,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Update Services\service\bin\wsusservice.exe

PRC - [2009/05/28 12:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe

PRC - [2009/02/16 06:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe

PRC - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe

PRC - [2008/12/16 20:39:30 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe

PRC - [2008/11/25 23:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) -- E:\exchange\bin\store.exe

PRC - [2008/11/25 22:43:19 | 003,598,848 | ---- | M] (Microsoft Corporation) -- E:\exchange\bin\emsmta.exe

PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe

PRC - [2007/04/23 11:53:45 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/23 11:53:45 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe

PRC - [2007/04/23 11:53:45 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr

PRC - [2007/04/23 11:53:45 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

PRC - [2007/04/23 11:53:45 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe

PRC - [2007/04/23 11:53:45 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe

PRC - [2007/04/23 11:53:45 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe

PRC - [2007/04/23 11:53:45 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe

PRC - [2007/04/23 11:53:45 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe

PRC - [2007/04/23 11:53:45 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe

PRC - [2007/04/23 11:53:45 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\davcdata.exe

PRC - [2007/04/23 11:53:45 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe

PRC - [2007/04/23 11:53:45 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2007/04/23 11:53:45 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe

PRC - [2007/04/19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE

PRC - [2006/10/23 00:48:20 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2006/04/07 15:40:48 | 000,061,526 | ---- | M] ( ) -- C:\Program Files\RAID Web Console 2\MegaPopup\popup.exe

PRC - [2006/02/15 12:48:00 | 000,176,128 | R--- | M] () -- C:\Program Files\RAID Web Console 2\MegaMonitor\Monitor.exe

PRC - [2005/11/06 08:48:26 | 000,040,960 | ---- | M] () -- C:\Program Files\RAID Web Console 2\Framework\VivaldiFramework.exe

PRC - [2005/08/25 21:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- E:\exchange\bin\mad.exe

PRC - [2005/08/25 21:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- E:\exchange\bin\exmgmt.exe

PRC - [2005/05/03 22:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

PRC - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE

PRC - [2005/04/29 19:53:57 | 000,022,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Monitoring\wblogsvc.exe

PRC - [2005/04/29 19:53:18 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe

PRC - [2005/01/15 10:12:56 | 000,045,163 | ---- | M] () -- C:\Program Files\RAID Web Console 2\JRE\bin\javaw.exe

PRC - [2003/09/28 16:16:12 | 000,237,568 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHost.exe

========== Modules (SafeList) ==========

MOD - [2010/08/26 15:35:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2007/04/23 11:53:45 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007/04/23 11:53:45 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll

MOD - [2007/02/17 01:04:16 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinHttpAutoProxySvc)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/06/22 08:48:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/08/06 21:43:46 | 000,034,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Update Services\Service\bin\WsusService.exe -- (WsusService)

SRV - [2009/08/06 21:35:52 | 000,066,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Update Services\Service\bin\WsusCertServer.exe -- (WSusCertServer)

SRV - [2009/05/28 12:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS) Windows Internet Name Service (WINS)

SRV - [2009/02/16 06:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)

SRV - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe -- (MSSQL$SBSMONITORING)

SRV - [2008/12/16 20:39:30 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe -- (MSSQL$SHAREPOINT)

SRV - [2008/12/16 17:51:14 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE -- (SQLAgent$SHAREPOINT)

SRV - [2008/11/25 23:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\exchange\bin\store.exe -- (MSExchangeIS)

SRV - [2008/11/25 22:43:19 | 003,598,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\exchange\bin\emsmta.exe -- (MSExchangeMTA)

SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe -- (MSSQL$MICROSOFT##SSEE) Windows Internal Database (MICROSOFT##SSEE)

SRV - [2007/09/07 13:12:20 | 000,038,424 | ---- | M] (LANDesk Software Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\CBA\PDS.EXE -- (Intel PDS)

SRV - [2007/09/07 13:12:20 | 000,030,232 | ---- | M] (LANDesk Software Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\CBA\XFR.EXE -- (Intel File Transfer)

SRV - [2007/09/07 13:12:16 | 000,058,912 | ---- | M] (LANDesk Software Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\AMS_II\IAO.EXE -- (Intel Alert Originator)

SRV - [2007/09/07 13:12:16 | 000,038,440 | ---- | M] (LANDesk Software Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\AMS_II\HNDLRSVC.EXE -- (Intel Alert Handler)

SRV - [2007/04/23 11:53:45 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)

SRV - [2007/04/23 11:53:45 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2007/04/23 11:53:45 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)

SRV - [2007/04/23 11:53:45 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)

SRV - [2007/04/23 11:53:45 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)

SRV - [2007/04/23 11:53:45 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)

SRV - [2007/04/23 11:53:45 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)

SRV - [2007/04/23 11:53:45 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)

SRV - [2007/04/23 11:53:45 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)

SRV - [2007/04/23 11:53:45 | 000,037,888 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)

SRV - [2007/04/23 11:53:45 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)

SRV - [2007/04/23 11:53:45 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2007/04/23 11:53:45 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)

SRV - [2007/04/23 11:53:45 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)

SRV - [2007/04/23 11:53:45 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) Network News Transfer Protocol (NNTP)

SRV - [2007/04/23 11:53:45 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)

SRV - [2007/04/23 11:53:45 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2007/04/23 11:53:45 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)

SRV - [2007/04/19 14:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)

SRV - [2006/02/15 12:48:00 | 000,176,128 | R--- | M] () [Auto | Running] -- C:\Program Files\RAID Web Console 2\MegaMonitor\Monitor.exe -- (MegaMonitorSrv)

SRV - [2005/11/06 08:48:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\RAID Web Console 2\Framework\VivaldiFramework.exe -- (MSMFramework)

SRV - [2005/08/25 21:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\exchange\bin\mad.exe -- (MSExchangeSA)

SRV - [2005/08/25 21:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\exchange\bin\exmgmt.exe -- (MSExchangeMGMT)

SRV - [2005/08/25 20:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\exchange\bin\srsmain.exe -- (MSExchangeSRS)

SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE -- (SQLAgent$SBSMONITORING)

SRV - [2005/04/29 19:53:57 | 000,022,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Monitoring\wblogsvc.exe -- (WBLOGSVC)

SRV - [2005/04/29 19:53:18 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)

SRV - [2003/09/28 16:16:12 | 000,237,568 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHost.exe -- (DpHost)

SRV - [2003/06/03 02:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\exchange\bin\events.exe -- (MSExchangeES)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2010/06/22 08:48:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/06/01 08:02:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/04/28 10:45:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2008/05/06 10:06:59 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TOUCHDSP.sys -- (TOUCHDSP)

DRV - [2008/05/06 10:06:59 | 000,020,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TouchSta.SYS -- (TOUCHSTA)

DRV - [2007/04/23 11:53:45 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)

DRV - [2007/04/23 11:53:45 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)

DRV - [2007/04/23 11:53:45 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)

DRV - [2007/02/17 03:07:16 | 000,029,184 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2007/02/17 03:04:28 | 000,028,160 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2007/02/17 03:04:28 | 000,026,624 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2007/02/17 03:04:28 | 000,024,064 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2007/02/17 02:34:06 | 000,024,064 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2007/02/17 01:51:06 | 000,024,064 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)

DRV - [2007/02/17 01:31:22 | 000,009,216 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2007/02/16 22:55:58 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2007/01/29 14:37:12 | 000,047,104 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbdpfp.sys -- (usbdpfp)

DRV - [2007/01/29 14:37:12 | 000,046,592 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dpK00701.sys -- (dpK00701)

DRV - [2006/04/05 22:03:54 | 001,431,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/04/03 08:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2006/02/17 12:42:32 | 000,018,432 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MSAS2K3.SYS -- (msas2k3)

DRV - [2006/02/17 12:42:32 | 000,017,280 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MEGASAS.SYS -- (megasas)

DRV - [2005/08/25 19:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)

DRV - [2003/03/24 22:13:08 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2003/03/24 22:05:14 | 000,048,640 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2003/03/24 22:05:14 | 000,041,472 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2003/03/24 22:05:12 | 000,050,688 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2003/03/24 22:05:08 | 000,054,272 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2003/03/24 22:05:00 | 000,016,384 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)

DRV - [2003/03/24 22:04:50 | 000,007,168 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-96185218-4171969023-2960831864-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

IE - HKU\S-1-5-21-96185218-4171969023-2960831864-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb

IE - HKU\S-1-5-21-96185218-4171969023-2960831864-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-96185218-4171969023-2960831864-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = clower-08:80

O1 HOSTS File: ([2007/04/23 11:53:45 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)

O4 - HKLM..\Run: [patches] File not found

O4 - HKLM..\Run: [Popup] C:\Program Files\RAID Web Console 2\MegaPopup\popup.exe ( )

O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\AIXV5\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\frednusbaum\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\gaines\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-96185218-4171969023-2960831864-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-96185218-4171969023-2960831864-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-96185218-4171969023-2960831864-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ClowerElectric.local

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\WINDOWS\nexlinkrev2.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\nexlinkrev2.bmp

O27 - HKLM IFEO\sethc.exe: Debugger - c:\windows\system32\Microsoft\Protect\PINTLPRH.exe ()

O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/10/02 13:37:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{f7c5e005-0ce4-11dd-9737-00151755bf05}\Shell - "" = AutoRun

O33 - MountPoints2\{f7c5e005-0ce4-11dd-9737-00151755bf05}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f7c5e005-0ce4-11dd-9737-00151755bf05}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)

NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

SystemRestore not available.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 15:35:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/08/24 16:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/08/23 16:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mbam-other

[2010/08/20 12:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TCPView

[2010/08/18 22:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/08/18 22:30:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/08/18 22:30:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/08/18 22:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/18 22:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/08/18 22:30:12 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/08/18 17:23:33 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2010/08/18 14:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/08/18 14:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/08/18 12:56:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/07/10 07:50:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010/06/22 08:48:17 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/06/02 07:26:17 | 000,000,000 | -H-D | C] -- C:\$AVG

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/26 15:39:00 | 000,000,662 | ---- | M] () -- C:\WINDOWS\tasks\Update Services synchronization task.job

[2010/08/26 15:35:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/08/26 15:35:42 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/08/26 15:23:38 | 000,029,520 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa

[2010/08/26 14:54:53 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Collect Server Performance Data.job

[2010/08/26 14:54:01 | 000,000,628 | ---- | M] () -- C:\WINDOWS\tasks\Update Services auto approval task.job

[2010/08/26 12:17:19 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/08/26 12:17:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/08/26 12:15:26 | 000,004,542 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2010/08/26 12:12:59 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2010/08/26 12:12:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/26 12:11:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/26 12:08:27 | 003,761,508 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010/08/26 12:00:05 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{c2f76b41-06fe-11dd-ad35-806e6f6e6963}.job

[2010/08/26 08:54:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Update Services configuration task.job

[2010/08/26 06:14:17 | 063,903,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/08/26 04:54:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Collect Usage Data.job

[2010/08/24 16:52:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/08/23 17:31:33 | 430,403,584 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2010/08/23 16:57:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/08/23 07:31:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/18 22:30:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/18 22:30:22 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/08/18 17:23:33 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2010/08/18 14:15:18 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/08/16 14:42:47 | 001,406,224 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/08/16 14:42:47 | 001,067,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/16 14:42:47 | 000,303,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/16 12:44:15 | 000,103,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/16 11:59:29 | 000,004,861 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/07/28 10:52:17 | 000,030,208 | ---- | M] () -- \\CLOWER-08\Users\administrator\My Documents\Barnabas Ministry - Morrison.doc

[2010/06/22 08:48:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/06/22 08:48:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/06/16 08:36:53 | 000,025,088 | ---- | M] () -- \\CLOWER-08\Users\administrator\My Documents\Life with my Wife.doc

[2010/06/01 08:02:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 16:52:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/08/23 16:57:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/08/18 22:30:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/18 14:15:31 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/08/18 14:15:18 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/07/28 10:52:13 | 000,030,208 | ---- | C] () -- \\CLOWER-08\Users\administrator\My Documents\Barnabas Ministry - Morrison.doc

[2010/07/10 07:50:30 | 000,041,732 | ---- | C] () -- C:\WINDOWS\System32\c.msc

[2010/07/10 07:50:30 | 000,034,885 | ---- | C] () -- C:\WINDOWS\System32\t.msc

[2009/11/10 15:48:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/16 03:32:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/07/25 12:10:12 | 000,020,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\TouchSta.SYS

[2008/06/12 16:06:09 | 000,000,162 | -H-- | C] () -- C:\Program Files\Common Files\client.lcs

[2008/05/06 10:32:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/04/26 08:53:57 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat

[2008/04/25 23:57:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini

[2008/04/23 06:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2008/04/17 17:42:16 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2008/04/17 17:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/17 17:19:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2008/04/17 17:18:45 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini

[2008/04/17 17:11:42 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini

[2007/10/02 15:11:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/10/02 13:34:05 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2007/10/02 13:34:05 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2007/10/02 13:34:02 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2007/10/02 13:34:01 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2007/10/02 13:34:01 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2007/10/02 13:25:49 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini

[2007/10/02 13:25:46 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini

[2007/10/02 13:25:46 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini

[2007/10/02 13:25:46 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini

[2007/10/02 13:25:41 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini

[2007/10/02 13:25:40 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini

[2005/08/26 15:36:48 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/08/26 15:36:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/07 16:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific

[2010/08/19 16:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/08/18 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/06/01 08:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gaines\Application Data\AVG9

[2010/04/22 16:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gaines\Application Data\Tific

[2010/08/26 15:45:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Server Performance Data.job

[2010/08/26 04:54:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Collect Usage Data.job

[2010/04/07 13:44:46 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\rb-Default.job

[2009/08/03 16:19:15 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\rb-Weekly.job

[2010/08/26 13:09:00 | 000,032,526 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

[2010/08/26 12:00:05 | 000,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{c2f76b41-06fe-11dd-ad35-806e6f6e6963}.job

[2010/08/26 14:54:01 | 000,000,628 | ---- | M] () -- C:\WINDOWS\Tasks\Update Services auto approval task.job

[2010/08/26 08:54:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\Tasks\Update Services configuration task.job

[2010/08/26 15:44:00 | 000,000,662 | ---- | M] () -- C:\WINDOWS\Tasks\Update Services synchronization task.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/10/02 13:37:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/08/13 08:26:56 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2007/10/02 13:37:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/10/02 13:37:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2007/10/02 13:37:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2007/04/23 11:53:45 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM

[2007/04/23 11:53:45 | 000,297,072 | RHS- | M] () -- C:\ntldr

[2009/08/02 10:04:58 | 000,262,144 | ---- | M] () -- C:\ntuser.dat

[2009/08/02 10:04:58 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG

[2010/08/26 12:11:56 | 4288,438,272 | -HS- | M] () -- C:\pagefile.sys

[2010/08/26 15:34:43 | 000,081,318 | ---- | M] () -- C:\popuplog.log

< %systemroot%\Fonts\*.com >

[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2007/10/02 13:37:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

[2007/04/23 11:53:45 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\sfmpsprt.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2007/10/02 06:28:53 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2007/10/02 06:28:53 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2007/10/02 06:28:53 | 000,495,616 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

[2007/10/02 13:37:56 | 000,000,214 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

[2007/10/02 06:32:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Sti_Trace.log

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2008/04/10 14:33:06 | 000,000,117 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2007/10/02 13:42:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

[2008/06/12 16:04:42 | 025,650,405 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gaines-setup-setup.exe

[2010/03/12 11:03:00 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

[2010/03/12 11:02:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe

[2010/08/18 22:30:22 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2008/04/08 11:12:18 | 000,181,763 | ---- | M] (UltraVnc) -- C:\Documents and Settings\Administrator\Desktop\NEISupport.exe

[2010/08/26 15:35:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

[2008/06/12 16:06:09 | 000,000,162 | -H-- | M] () -- C:\Program Files\Common Files\client.lcs

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

[2007/04/23 11:53:45 | 000,001,542 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{425516c2-f76f-4a49-b8eb-83fc24f40599}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >

[2007/04/23 11:53:45 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=E3ECE6202C2C667C45D06DBB4DEBD8E9 -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

< %systemroot%\ADDINS\*.* >

[2007/04/23 11:53:45 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

"NoAutoUpdate" = 0

"AUOptions" = 3

"RescheduleWaitTimeEnabled" = 1

"RescheduleWaitTime" = 1

"RebootWarningTimeoutEnabled" = 1

"RebootWarningTimeout" = 5

"RebootRelaunchTimeoutEnabled" = 1

"RebootRelaunchTimeout" = 10

"DetectionFrequencyEnabled" = 1

"DetectionFrequency" = 1

"AutoInstallMinorUpdates" = 1

"UseWUServer" = 1

"NoAutoRebootWithLoggedOnUsers" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-15 08:13:27

< ipconfig /all >

Invalid Switch: all

< nslookup google.com >

< nslookup yahoo.com >

< ping -n 2 google.com >

< ping -n 2 yahoo.com >

< route print >

< End of report >

Second log Extra's as follows:

OTL Extras logfile created on: 8/26/2010 3:37:26 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController

Internet Explorer (Version = 6.0.3790.3959)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.99 Gb Total Space | 7.22 Gb Free Space | 36.15% Space Free | Partition Type: NTFS

Drive D: | 271.94 Gb Total Space | 218.22 Gb Free Space | 80.24% Space Free | Partition Type: NTFS

Drive E: | 48.00 Gb Total Space | 14.33 Gb Free Space | 29.86% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive R: | 271.94 Gb Total Space | 218.22 Gb Free Space | 80.24% Space Free | Partition Type: NTFS

Drive V: | 271.94 Gb Total Space | 218.22 Gb Free Space | 80.24% Space Free | Partition Type: NTFS

Computer Name: CLOWER-08

Current User Name: administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\RAID Web Console 2\MegaPopup\popup.exe" = C:\Program Files\RAID Web Console 2\MegaPopup\popup.exe:*:Enabled:popup -- ( )

"C:\Program Files\RAID Web Console 2\JRE\bin\javaw.exe" = C:\Program Files\RAID Web Console 2\JRE\bin\javaw.exe:*:Enabled:javaw -- ()

"C:\Program Files\Common Files\IMPMIG.EXE" = C:\Program Files\Common Files\IMPMIG.EXE:*:Enabled:IMPMIG -- File not found

"C:\Program Files\Common Files\AcroIEHelper.exe" = C:\Program Files\Common Files\AcroIEHelper.exe:*:Enabled:AcroIEHelper -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Windows Small Business Server ActiveSync

"{108BE742-0564-4734-AE54-74F81263FB04}" = Windows Small Business Server Licensing

"{2C0D7E35-EE6E-4DC7-BA13-2C68AEDEB59D}" = Windows Server Update Services 3.0 SP2

"{396B1960-EB6D-48F5-AA7B-377921A1A33D}" = RAID Web Console 2 v1.13-02

"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser

"{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Windows Small Business Server Backup

"{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App

"{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring

"{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)

"{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser

"{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin

"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003

"{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0

"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting

"{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Windows Small Business Server Fax

"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting

"{977605C6-4F60-426A-AC11-D27404B3866C}" = Default

"{A2B40ABC-025A-4389-8148-86CED357B259}" = Microsoft Connector for POP3 Mailboxes

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0

"{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Windows Small Business Server Documents

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Windows Small Business Server Connectivity

"{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Windows Small Business Server Client Experience

"{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Windows Small Business Server Remote Portal

"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}" = Windows Internal Database (MICROSOFT##SSEE)

"{CF2BCF99-1A5A-4F0A-923E-29B2E029E66C}" = DigitalPersona Gold Fingerprint Recognition Software 3.2.0

"{D846DDEE-EDF2-445F-96A4-175544202D32}" = Windows Small Business Server Fax Cfg

"{E0AF53C1-C734-4D68-898E-B506CA921141}" = Windows Small Business Server Update Services

"{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common

"{F0674B40-D8C3-11D3-8C61-00104B1F6CF0}" = Remote Backup 2007

"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)

"2186E77AD6E7C7071CED9BFA90127C3C088F9CAB" = Windows Driver Package - ESG-SHV System (09/19/2006 5.00.6262.1)

"5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003

"60E32FC9593A7CBEACF68913FA836F324BF623F1" = Windows Driver Package - Intel System (01/19/2006 1.2.43.0)

"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)

"ActiveTouchMeetingClient" = WebEx

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AF2644056DAD431E530AF5FE0505FFD67426CA81" = Windows Driver Package - ESG-SHV System (02/24/2006 5.00.6055.2)

"ATI Display Driver" = ATI Display Driver

"AVG9Uninstall" = AVG 9.0

"HijackThis" = HijackThis 2.0.2

"HitmanPro35" = Hitman Pro 3.5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1

"PROSet" = Intel® PRO Network Connections Drivers

"Small Business Server 2003 R2" = Windows Small Business Server 2003 R2

"WIC" = Windows Imaging Component

"Windows Internal Database" = Windows Internal Database

"Windows Server Update Services 3.0 SP2" = Windows Server Update Services 3.0 SP2

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/26/2010 4:44:15 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265174

Description = A non-delivery report with a status code of 4.7.1 was generated for

recipient rfc822;astelcolls@selco2000.com (Message-ID <CLOWER-08WwAJIlZ5cN00002359@clowerelectric.com>).

Error - 8/26/2010 4:44:19 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265174

Description = A non-delivery report with a status code of 4.7.1 was generated for

recipient rfc822;asteele.student@mountsaintvincent.edu (Message-ID <CLOWER-08WwAJIlZ5cN00002359@clowerelectric.com>).

Error - 8/26/2010 4:44:23 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265162

Description = A non-delivery report with a status code of 5.4.0 was generated for

recipient rfc822;astephenson@sfg1.net (Message-ID <CLOWER-08WwAJIlZ5cN00002359@clowerelectric.com>).

Causes: This message indicates a DNS problem or an IP address configuration problem

Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4

literal format. For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 8/26/2010 4:44:23 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265162

Description = A non-delivery report with a status code of 5.4.0 was generated for

recipient rfc822;aster.9341.5066832@candygoat.com (Message-ID <CLOWER-08WwAJIlZ5cN00002359@clowerelectric.com>).

Causes: This message indicates a DNS problem or an IP address configuration problem

Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4

literal format. For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 8/26/2010 4:44:23 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265162

Description = A non-delivery report with a status code of 5.4.0 was generated for

recipient rfc822;aster.9838.3206873@candygoat.com (Message-ID <CLOWER-08WwAJIlZ5cN00002359@clowerelectric.com>).

Causes: This message indicates a DNS problem or an IP address configuration problem

Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4

literal format. For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 8/26/2010 4:44:23 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265162

Description = A non-delivery report with a status code of 5.4.0 was generated for

recipient rfc822;hostmaster@candygoat.com (Message-ID <CLOWER-08Xa69FuM2F000005965@clowerelectric.com>).

Causes: This message indicates a DNS problem or an IP address configuration problem

Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4

literal format. For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 8/26/2010 4:44:23 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265162

Description = A non-delivery report with a status code of 5.4.0 was generated for

recipient rfc822;10005.959808@candygoat.com (Message-ID <CLOWER-08DjoYAPNXRP0000173a@clowerelectric.com>).

Causes: This message indicates a DNS problem or an IP address configuration problem

Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4

literal format. For more information, click http://www.microsoft.com/contentredirect.asp.

Error - 8/26/2010 4:44:41 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265174

Description = A non-delivery report with a status code of 4.7.1 was generated for

recipient rfc822;jetpilot@execpc.com (Message-ID <CLOWER-086PmiZWHHmT000056c8@clowerelectric.com>).

Error - 8/26/2010 4:44:55 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265174

Description = A non-delivery report with a status code of 4.7.1 was generated for

recipient rfc822;adpenner@iastate.edu (Message-ID <CLOWER-080Qp9jBQIjo000026e1@clowerelectric.com>).

Error - 8/26/2010 4:46:36 PM | Computer Name = CLOWER-08 | Source = MSExchangeTransport | ID = 265162

Description = A non-delivery report with a status code of 5.4.0 was generated for

recipient rfc822;gnto7m@sbprss.com (Message-ID <CLOWER-0819qW2CoKkH00005379@clowerelectric.com>).

Causes: This message indicates a DNS problem or an IP address configuration problem

Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4

literal format. For more information, click http://www.microsoft.com/contentredirect.asp.

[ DNS Server Events ]

Error - 5/22/2010 8:05:45 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

Check

that the Active Directory is functioning properly. The extended error debug information

(which may be empty) is "". The event data contains the error.

Error - 5/22/2010 8:05:45 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone .. This DNS server is configured to use information obtained from Active

Directory

for this zone and is unable to load the zone without it. Check that the Active

Directory is functioning properly and repeat enumeration of the zone. The extended

error debug information (which may be empty) is "". The event data contains the

error.

Error - 5/22/2010 8:05:45 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone _msdcs.ClowerElectric.local. This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without

it. Check that the Active Directory is functioning properly and repeat enumeration

of

the zone. The extended error debug information (which may be empty) is "". The event

data contains the error.

Error - 5/22/2010 8:05:45 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without

it. Check that the Active Directory is functioning properly and repeat enumeration

of

the zone. The extended error debug information (which may be empty) is "". The event

data contains the error.

Error - 5/22/2010 8:05:45 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone ClowerElectric.local. This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without

it. Check that the Active Directory is functioning properly and repeat enumeration

of

the zone. The extended error debug information (which may be empty) is "". The event

data contains the error.

Error - 8/26/2010 1:08:44 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

Check

that the Active Directory is functioning properly. The extended error debug information

(which may be empty) is "". The event data contains the error.

Error - 8/26/2010 1:08:44 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone .. This DNS server is configured to use information obtained from Active

Directory

for this zone and is unable to load the zone without it. Check that the Active

Directory is functioning properly and repeat enumeration of the zone. The extended

error debug information (which may be empty) is "". The event data contains the

error.

Error - 8/26/2010 1:08:44 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone _msdcs.ClowerElectric.local. This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without

it. Check that the Active Directory is functioning properly and repeat enumeration

of

the zone. The extended error debug information (which may be empty) is "". The event

data contains the error.

Error - 8/26/2010 1:08:44 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without

it. Check that the Active Directory is functioning properly and repeat enumeration

of

the zone. The extended error debug information (which may be empty) is "". The event

data contains the error.

Error - 8/26/2010 1:08:44 PM | Computer Name = CLOWER-08 | Source = DNS | ID = 4004

Description = The DNS server was unable to complete directory service enumeration

of zone ClowerElectric.local. This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without

it. Check that the Active Directory is functioning properly and repeat enumeration

of

the zone. The extended error debug information (which may be empty) is "". The event

data contains the error.

[ File Replication Service Events ]

Error - 8/20/2010 4:23:15 PM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/21/2010 7:31:18 AM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/21/2010 10:38:17 AM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/23/2010 8:31:48 AM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/23/2010 4:15:16 PM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/23/2010 6:33:10 PM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/24/2010 8:48:25 AM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/24/2010 11:54:33 AM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/24/2010 6:22:30 PM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

Error - 8/25/2010 10:20:58 AM | Computer Name = CLOWER-08 | Source = NtFrs | ID = 13568

Description =

[ System Events ]

Error - 8/26/2010 11:56:49 AM | Computer Name = CLOWER-08 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

BILL2009 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{08FA3B5C-0069-45A2-. The master browser is stopping or an election

is being forced.

Error - 8/26/2010 12:56:54 PM | Computer Name = CLOWER-08 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

BILL2009 that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{08FA3B5C-0069-45A2-. The master browser is stopping or an election

is being forced.

Error - 8/26/2010 1:13:11 PM | Computer Name = CLOWER-08 | Source = ipnathlp | ID = 39484681

Description = The Windows Firewall/Internet Connection Sharing (ICS) service could

not start because another program or service is running that might use the network

address translation component (Ipnat.sys). This can occur when Routing and Remote

Access is enabled. If this is the case, you must disable Routing and Remote Access

before the Windows Firewall/Internet Connection Sharing (ICS) service can start.

Error - 8/26/2010 1:13:21 PM | Computer Name = CLOWER-08 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Intel PDS service to

connect.

Error - 8/26/2010 1:13:21 PM | Computer Name = CLOWER-08 | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%170

Error - 8/26/2010 1:22:45 PM | Computer Name = CLOWER-08 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

YOUR-98FBDD8ADB that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{08FA3B5C-006. The master browser is stopping or an election is being

forced.

Error - 8/26/2010 2:22:51 PM | Computer Name = CLOWER-08 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

YOUR-98FBDD8ADB that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{08FA3B5C-006. The master browser is stopping or an election is being

forced.

Error - 8/26/2010 3:22:59 PM | Computer Name = CLOWER-08 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

YOUR-98FBDD8ADB that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{08FA3B5C-006. The master browser is stopping or an election is being

forced.

Error - 8/26/2010 4:23:01 PM | Computer Name = CLOWER-08 | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

YOUR-98FBDD8ADB that believes that it is the master browser for the domain on transport

NetBT_Tcpip_{08FA3B5C-006. The master browser is stopping or an election is being

forced.

Error - 8/26/2010 4:34:43 PM | Computer Name = CLOWER-08 | Source = TermServDevices | ID = 1111

Description = Driver HP Photosmart C4600 series required for printer !!JO-PC!HP

Photosmart C4600 series is unknown. Contact the administrator to install the driver

before you log in again.

< End of report >

Hope this helps.

Fred

Link to post
Share on other sites

Yes this is a small business.

It is Microsoft Small Business Server 2003

We put the free version of malware on when we started having problems. We have since ordered the full version but have not updated the software yet because we did not want to alter any of the results.

should we go ahead and finish the registration and rerun Malware?

Thanks

Fred

Hi,

I would like to know two things first. :)

1. Why are you using a server version of Windows?

2. Is this a business PC?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.