I recently started a position as IT Admin at a medium sized business. The business had been operating as a break/fix kind of IT environment, so it is a bit of a mess. They have mostly moved to virtual servers for their applicaitons, but there is a local server that is in rough shape. It is running Windows Server 2003 Standard x86. The OS corrupted itself because it was in a 10GB partition will only 100mb left. I have change the partition size, but I have not been able to completely repair the OS. sfc /scannow seems to do its job, but it always has to look for files on the install disk in the same place (I do have the disc), I have not yet tried to repair via booting to the disc. I would just do a wipe and reload, but they no longer have the application install disc and license for the application they use the server for. But now to the problem I need help with.
Our ISP have been telling us that we are sending spam. When we disconnect the server, no more spam is sent. The server will not boot to safe mode, it will try then reboot. I have run malwarebytes (nothing found), Kaspesky TDSS Killer (nothing found), Superantispyware (Malware.trace found in registry), and Hitmanpro (6 threats and a couple suspicious entries removed, sorry I didn't pay more attention). Hitmanpro now finds nothing, but when we reconnect the server, we get the spam messages. What step should I take next? Should I try and repair the server so I can boot to safe mode? Should I try booting to a rescue disc like Kaspersky?