Results 1 to 2 of 2
  1. #1
    Member
    Join Date
    Dec 2011
    Posts
    1
    Points
    0

    Exclamation Suspect virus or bot - cannot locate problem

    We have an Exchange 2003 Server, Service Pack 2. Small service business with 6 users. We are running Malewarebytes in the background, with an IP Block (incoming) every few seconds. The log file is huge. Sample provided below. It's been like this for at least a month. We use one IP address for mail. We changed to a new IP address. Same problem still persists.

    About one month ago, we were attacked with what we suspected to be a reverse NDR attack. We had over 150,000 messages in individual queues. This was all cleaned out. We installed the Malewarebytes after this. Also temporarily suspended NDR.

    We have Vamsoft scanning email for spam (70% hit rate), Trend Micro Worry-Free Software (on the server and all clients), and Malewarebytes on the server – all running concurrently.

    Another issue which may or may not be related is ntfrs.exe is using 50% of our CPU. sqlservr.exe is often over 1G in memory usage. Server crashes every few days.

    I’m not an IT person. My consultant cannot figure out what is wrong. The suspicion is that there is bot or virus still messing something up. Suspect all the incoming blocks are attempting to access a bot that we deleted. We’ve run Malewarebytes scan, Spybot can, and Superspybot scan – on server and client machines. No significant hits other than cookies. The HJT log for the server shows some strange items, but we’re not experienced enough to know what should or should not be there.

    Sample portion of log from Malewarebytes - typical over the month:

    05:20:13 administrator IP-BLOCK 146.0.73.84 (Type: incoming)
    05:20:28 administrator IP-BLOCK 146.0.73.84 (Type: incoming)
    05:20:42 administrator IP-BLOCK 146.0.73.84 (Type: incoming)
    05:31:01 administrator IP-BLOCK 146.0.73.84 (Type: incoming)
    05:31:16 administrator IP-BLOCK 146.0.73.84 (Type: incoming)
    07:08:06 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:08:09 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:08:15 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:08:27 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:08:30 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:08:36 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:18:34 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:18:37 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:18:43 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:18:48 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:18:51 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:18:55 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:18:57 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:18:58 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:18:58 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:19:01 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:19:04 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:19:07 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:19:09 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:19:12 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:19:19 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:19:22 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:19:28 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:20:13 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:20:27 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:29:17 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:20 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:26 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:31 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:34 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:38 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:40 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:41 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:42 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:29:45 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:29:47 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:51 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:29:51 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:29:52 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:29:54 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:29:55 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:30:00 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:30:01 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:30:03 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:30:06 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:30:12 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:30:12 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:30:15 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:30:21 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:30:32 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:30:47 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:31:01 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:31:15 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:40:00 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:03 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:09 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:14 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:17 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:21 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:23 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:24 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:30 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:35 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:38 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:41 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:40:42 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:40:44 administrator IP-BLOCK 146.0.73.65 (Type: incoming)
    07:40:44 administrator IP-BLOCK 64.191.91.231 (Type: incoming)
    07:40:45 administrator IP-BLOCK 64.191.91.231 (Type: incoming)

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2011.12.30.01

    Windows Server 2003 Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.18702
    administrator :: SERVER [administrator]

    Protection: Enabled

    12/30/2011 2:37:22 PM
    mbam-log-2011-12-30 (14-37-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 177740
    Time elapsed: 8 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/30/2011 at 02:29 PM

    Application Version : 5.0.1142

    Core Rules Database Version : 8091
    Trace Rules Database Version: 5903

    Scan type : Complete Scan
    Total Scan Time : 01:29:56

    Operating System Information
    Windows Server 2003 Standard Edition 32-bit, Service Pack 2 (Build 5.02.3790)
    Administrator

    Memory items scanned : 1290
    Memory threats detected : 0
    Registry items scanned : 39543
    Registry threats detected : 0
    File items scanned : 115284
    File threats detected : 23

    Adware.Tracking Cookie
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9SNJS0HA.DEFAULT\COOKIES.SQLITE ]
    E:\USERS SHARED FOLDERS\RWRIGHT\RWRIGHT\COOKIES\RWRIGHT@ADS.INTUIT[1].TXT [ /ADS.INTUIT ]
    E:\USERS SHARED FOLDERS\RWRIGHT\RWRIGHT\COOKIES\RWRIGHT@ADS.QUICKEN[2].TXT [ /ADS.QUICKEN ]
    E:\USERS SHARED FOLDERS\RWRIGHT\RWRIGHT\COOKIES\RWRIGHT@ADVERTISING[1].TXT [ /ADVERTISING ]



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:09:08 PM, on 12/30/2011
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    E:\Program Files\Symantec\Backup Exec\beremote.exe
    E:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
    E:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
    C:\WINDOWS\system32\Dfssvc.exe
    E:\Program Files\Symantec\Backup Exec\DLO\dlomaintsvcu.exe
    C:\WINDOWS\System32\dns.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    E:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
    C:\WINDOWS\system32\ntfrs.exe
    E:\Program Files\Trend Micro\PCCSRV\web\service\ofcservice.exe
    E:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\Messaging Security Agent\svcGenericHost.exe
    C:\Program Files\Trend Micro\Messaging Security Agent\svcGenericHost.exe
    C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_Master.exe
    C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_SystemWatcher.exe
    E:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    e:\Program Files\ORF Enterprise Edition\orfeesvc.exe
    E:\Program Files\Trend Micro\PCCSRV\Web\Service\DbServer.exe
    C:\WINDOWS\System32\wins.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Exchsrvr\bin\exmgmt.exe
    C:\Program Files\Exchsrvr\bin\mad.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Exchsrvr\bin\store.exe
    c:\windows\system32\inetsrv\w3wp.exe
    c:\windows\system32\inetsrv\w3wp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Trend Micro\PCCSRV\WSS\iCRCService.exe
    C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
    c:\windows\system32\inetsrv\w3wp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-359429269-2459384470-3487944918-2400\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SMX_SERVER')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: Server Management.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://companyweb
    O15 - ESC Trusted Zone: http://*.cetrk.com
    O15 - ESC Trusted Zone: Coremetrics
    O15 - ESC Trusted Zone: http://libs.coremetrics.com
    O15 - ESC Trusted Zone: Welcome to Dell Technical Support
    O15 - ESC Trusted Zone: Dell
    O15 - ESC Trusted Zone: Welcome to Dell Technical Support
    O15 - ESC Trusted Zone: *.download.com
    O15 - ESC Trusted Zone: Download3K - free software downloads and reviews for Windows, Mac, Linux, Mobile
    O15 - ESC Trusted Zone: http://sharepoint.exptechnical.com
    O15 - ESC Trusted Zone: Google Analytics | Official Website
    O15 - ESC Trusted Zone: http://welcome.hp-ww.com
    O15 - ESC Trusted Zone: Compaq US - Presario Notebook and Laptop PCs, Desktop Computers and Accessories.
    O15 - ESC Trusted Zone: http://h20000.www2.hp.com
    O15 - ESC Trusted Zone: http://h20180.www2.hp.com
    O15 - ESC Trusted Zone: HP - United States | Laptop Computers, Desktops, Printers, Servers and more
    O15 - ESC Trusted Zone: *.jam-software.com
    O15 - ESC Trusted Zone: Konica Minolta Business Solutions. Business Solutions, Printers & More.
    O15 - ESC Trusted Zone: Bing Maps - Driving Directions, Traffic and Road Conditions
    O15 - ESC Trusted Zone: http://sc1.maps.live.com
    O15 - ESC Trusted Zone: Bing
    O15 - ESC Trusted Zone: http://shared.live.com
    O15 - ESC Trusted Zone: Customer Experience Management and Live Chat Software
    O15 - ESC Trusted Zone: Mozilla Firefox Web Browser
    O15 - ESC Trusted Zone: Mozilla Firefox Web Browser
    O15 - ESC Trusted Zone: http://blstc.msn.com
    O15 - ESC Trusted Zone: http://blstj.msn.com
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O15 - ESC Trusted Zone: http://stj.msn.com
    O15 - ESC Trusted Zone: Under Construction
    O15 - ESC Trusted Zone: ftp.halifax.RWTH-Aachen.DE
    O15 - ESC Trusted Zone: Simply Super Software - Trojan Remover
    O15 - ESC Trusted Zone: http://sd-cf.en.softonic.com
    O15 - ESC Trusted Zone: SLI Systems: Site Search, Navigation and Merchandising Solutions
    O15 - ESC Trusted Zone: Enterprise Support - Symantec Corp.
    O15 - ESC Trusted Zone: Symantec - AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solutions
    O15 - ESC Trusted Zone: Index of /
    O15 - ESC Trusted Zone: http://cwt.trendmicro-europe.com
    O15 - ESC Trusted Zone: Trend Micro Threat Encyclopedia | Latest information on malware, spam, malicious URLs, vulnerabilities
    O15 - ESC Trusted Zone: http://corelib.trendmicro.com
    O15 - ESC Trusted Zone: http://threatinfo.trendmicro.com
    O15 - ESC Trusted Zone: http://us.trendmicro.com
    O15 - ESC Trusted Zone: http://www.trendmicro.com
    O15 - ESC Trusted Zone: Index of /
    O15 - ESC Trusted Zone: ORF Enterprise Edition
    O15 - ESC Trusted Zone: http://ftp.support.veritas.com
    O15 - ESC Trusted Zone: Bing Maps
    O15 - ESC Trusted Zone: Webtrends Optimize™ | 404
    O15 - ESC Trusted Zone: http://statse.webtrendslive.com
    O15 - ESC Trusted Zone: http://*.windowsupdate.com
    O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
    O15 - ESC Trusted IP range: http://10.0.0.196
    O15 - ESC Trusted IP range: http://10.0.0.51
    O15 - ESC Trusted IP range: http://150.70.93.10
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1209153966375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209153954812
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.exptechnical.com/Remote/msrdp.cab
    O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://server.rwa.local:4343/SMB/co...oot/AtxEnc.cab
    O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} (Encrypt Class) - https://server.rwa.local:4343/SMB/co...oot/AtxEnc.cab
    O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} (Security Server Management Console) - https://server.rwa.local:4343/SMB/co...AtxConsole.cab
    O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} (Security Server Management Console) - https://server.rwa.local:4343/SMB/co...AtxConsole.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rwa.local
    O17 - HKLM\Software\..\Telephony: DomainName = rwa.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79386C07-429B-4236-9265-EC5FE141E88F}: NameServer = 10.0.0.126
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rwa.local
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rwa.local
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - E:\Program Files\Symantec\Backup Exec\beremote.exe
    O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - E:\Program Files\Symantec\Backup Exec\benetns.exe
    O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - E:\Program Files\Symantec\Backup Exec\pvlsvr.exe
    O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - E:\Program Files\Symantec\Backup Exec\bengine.exe
    O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - E:\Program Files\Symantec\Backup Exec\beserver.exe
    O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - E:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
    O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - E:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
    O23 - Service: Backup Exec DLO Administration Service (DLOAdminSvcu) - Symantec Corporation - E:\Program Files\Symantec\Backup Exec\DLO\DLOAdminSvcu.exe
    O23 - Service: Backup Exec DLO Maintenance Service (DLOMaintenanceSvc) - Symantec Corporation - E:\Program Files\Symantec\Backup Exec\DLO\dlomaintsvcu.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: mr2kserv - LSI Logic Corporation - E:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
    O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - E:\Program Files\Trend Micro\PCCSRV\web\service\ofcservice.exe
    O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - E:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
    O23 - Service: Trend Micro Messaging Security Agent Master Service (ScanMail_Master) - Trend Micro Inc. - C:\Program Files\Trend Micro\Messaging Security Agent\svcGenericHost.exe
    O23 - Service: Trend Micro Messaging Security Agent Remote Configuration Server (ScanMail_RemoteConfig) - Trend Micro Inc. - C:\Program Files\Trend Micro\Messaging Security Agent\svcGenericHost.exe
    O23 - Service: Trend Micro Messaging Security Agent System Watcher (ScanMail_SystemWatcher) - Trend Micro Inc. - C:\Program Files\Trend Micro\Messaging Security Agent\svcGenericHost.exe
    O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - E:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
    O23 - Service: Trend Micro Smart Scan Service (TMiCRCScanService) - Trend Micro Inc. - E:\Program Files\Trend Micro\PCCSRV\WSS\iCRCService.exe
    O23 - Service: Trend Micro Security Agent Communicator (TmListen) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
    O23 - Service: ORF Service (VSORFEE) - Vamsoft Ltd. - e:\Program Files\ORF Enterprise Edition\orfeesvc.exe

    --
    End of file - 13712 bytes

  2. #2
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Here at Help2Go we do not handle business related questions, that work should be done with company ITs. However, I have notified our #1 Administrator (Oscar) to take a look at this post as he is in the business of corporate IT problems. He may be on holidays at the moment, so your patience is appreciated.