I have a SBS2003 server that seems to have issues. Symantec End Point Protection, Malwarebytes & Malwarebytes Anti Rootkit all scans come up clean. The scan I ran with Kaspersky TDSSKILLER reports finding a "suspicious Object, Medium Risk" c:\Windows\System32\sbscrexe.exe autostart (0x2). Looking this up on Google I see a lot of reports that indicate this is indeed some sort of virus/Trojan. The 2 windows 7 Ult. workstations on the network worked fine until about 2 weeks ago. Then, one of them started to have all kinds of memory related issues. I tested and even replaced the memory on that system and still received 01, 1a, 73 BSOD's. I ended up reformatting and reinstalling everything and the issue seemed to go away for a day or two. After this the second machine started to have BSOD's with the same errors. Both machines started out with issues authenticating on the server (SBS2003). I deleted each account and recreated on the server and rejoined thinking something was within the profiles. Again the workstations ran for a couple of days and then the first machine had access errors (authentication) and the first user accessed a file from his documents on the server and it blue screened. I have run check disk on all hard drives with zero errors encountered. I forgot to mention that after reloading the first box there were no errors until I loaded the Symantec EPP on it. It blue screened. I uninstalled and reinstalled with no issues for a couple of days then the BSOD's started randomly. Now it seems that there are random BSOD's (memory related by the codes) on both workstations. All hardware has been tested outside of the network and passes all tests. There is no over clocking on either machine. I called the manufacturer of the motherboards (ASUS) and spoke with a support engineer and he agreed there should not be a hardware issue that all the testing should have revealed whether or not there was anything physically wrong (I ran the MS memtest for over 24 hours on each box with no issues). I found a support webpage and used an app called gmer and (I am sharing the output). On the second workstation I ran the gmer app and it found this: Driver: C:\DOCUME~1\XXXX~1\LOCALS~1\Temp\uftdypob.sys. I used process explorer to kill it and deleted the file. The server had NO Antivirus suite on it at the times they were experiencing the BSOD's. I installed the Symantec EPP 12.1.2 to scan for infections but found none. All functions except the firewall are in place and working with no issues. I have the SBS2003 firewall in place instead.
One further observation: The SQLServer instance was running at 99% CPU time when I logged into the server today. This went on for about 20 minutes then stopped. As of this post system idle is 98%.
Any help is greatly appreciated. This has been going on for too long now and I have been unable to catch the culprit!
I am sorry for the long post, I just wanted to pass along as much info as I could on the first post. I know it has to be something simple I am missing! Thanks for the help in advance.