Infiltrator

That's weird, so its connected, it's getting a valid IP address, but not connecting to the internet. What happens when you try pinging google.com, or your default gateway? Does it work at all?

I would certainly recommend Avast, it does a pretty well job in securing your computer from threats. I use the paid version of Avast, which comes with more security features, such as the ability to run applications in a sandbox environment, a built in firewall, the keeps a close eye on the outbound and inbound connections your computer makes. If you can't aford the paid version, the Free version will still do a very good job. Secondly, i would stop using XP altogether and upgrade to Windows 7 for security reasons. DO NOT log into your computer using administrator account, this will limit the damages a virus infection will do to your system. Keep your system and third party applications, up to date, again this is very important as it will prevent virus/malware from exploiting your system and gaining access. I would turn off services that are not required by you, this will limit your threat surface and make your system more secure. The other thing you could look at as well is installing a Firewall, such as Comodo.

I did a bit of research into resetting the BIOS password for Thinkpad laptops and believe it or not, all articles that I found suggest, either contacting IBM to reset it for you, or going the old school hacking way. http://sodoityourself.com/hacking-ibm-thinkpad-bios-password/

Users who are less educated on the subject, will perceive a hacker, as a criminal or someone who's intetions and motives are the same as a blackhat hacker. On the other hand, users who are educated and understand well what the term "hacker" means, will perceive it in a different way. We can go on and go about this, but in the end if the person is not willing to learn or accept the differences its gonna be a waste of time.

No really worth, if you are using their services to do illegal things. Nvpn seems to be a good option, they don't seem to keep any logs at all.

Yes there is a way to get around that, but it involves getting your hands dirty. You will need to get to the motherboard and remove the CMOS battery from its socket. Make sure the battery pack and the AC adapter is disconnected, or you could run the risk of damaging the components on the motherboard while powered on.

It would be a great episode to watch, no doubt about it.

These are great units to have at home or in your business, but the price is the big player in this game. I am planning on buying one of those, to store my terabytes of movie and music collection. But will only be able to afford the unit first then the hard drives. The unit itself is like in the range of $500 to $2000 dollars, the hard drivers on the other hand, is $300 dollars each, depending on how many hard drives the NAS unit itself hold. It's gonna be a huge investment.

Well said, and if the OP's tool can do a better job why not. I personally used many different password cracking tools, one of them being the Cuda Multiforce, due to its simplicity and support for Cuda. I know the oclHashCat supports both CUDA and ATI graphics cards, and its one of the fastest cracking password tool out there, however it can be very confusing and sometimes frastrating to use, not that I can't use it, but as Digip pointed out being easy to use and to learn is very important for the end users, if they can't get something to work because of its complexity, or lack of instructions they gonna look else where. The oclHashCat has many different features, which makes it the swiss army knife for security professionals and pen-testers, even though they do have an online wiki detailing, what each feature does and how to use them, I belive they could've done a better job in terms of keeping it simpler and less confusing with the commands. Furthermore, I belive BitWeasel has done an amazing job with his Cuda Multiforcer, he has kept it as simple as possible, the commands are very easy to use and remember and the tool works without much hicups.

By the sound of your description, what you need is a captitive portal. There are open sources solutions like Pfsense or Untangle, they are Linux firewall distros, that offers this functionality you are after.

i haven't used this one before, but apparently is really good. http://www.axantum.com/axcrypt/ Here are some of the features: Password Protect any number of files using strong encryption. Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows. Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected files. Many additional features, but no configuration required. Just install it and use it. AxCrypt encrypts files that are safely and easily sent to other users via e-mail or any other means. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt. AxCrypt is translated into English, Danish, Dutch, French, German, Hungarian, Italian, Norwegian, Russian, Polish, Spanish and Swedish so chances are it speaks your preferred language.

Good point, but if the mail server has indeed been compromised, the attackers could have enabled "open relay".

That's what I use sometimes, but since the op hasn't responded to my question, I couldn't suggest it.

Are you referring to full disk encryption, or things like email encryption, files encryption and stuff like that.

Not trying to discourage you, but trying to spam back the spammer is not going to help you much. As stated above, spams are forged, if you try sending emails back to those addresses, they will return to your inbox, with a "delivery notification error" and the only way to keep them out of your inbox is with a good spam filter. I run my own mail server at home, and use SPF police to only receive emails from trusted domains, I have specified in my whitelist. Any domain that is not in the whitelist will automatically be blocked. I've also configured my mail server, to stop responding to any abusing IP address. Edit: If you are not happy with the spam, consider migrating to a better email service, Gmail would be a nice one.

You could also look into the QNAP NASes, they offer a varity of services such as webserver, mysql, video and photo streaming. And there is no app nstallation required, it all comes in a single UNIT. However there's a bit of configuration required before you can get it to work. On the other hand, since it's a NAS device, it provides you with Backup and data protection solutions, like RAID and the ability to backup to a remote site or a similar nas device. The only downside is that they are not cheap, but they are great NAS devices to have in your business.

Thanks for the information Digip, will keep it in mind if I come across it.

There's a possibility your mail server could be infected, I'd also look into enabling SPF in your mail server to prevent further spamming. http://en.wikipedia.org/wiki/Sender_Policy_Framework

Have a look under the /var/httpd/logs, I believe.

A lot is going on, but its all for a good cause. Keep up the good work Darren.

Permissions problem in deed, are /tftpboot and pxelinux.0 world readable? Edit: Take a look at this article, it might solve your problem, http://serverfault.com/questions/280537/how-to-chroot-the-tftp-service

What audio streaming application are you using?

MS can continue supportig it till 2015, but to me its old, I would stick with 2008 instead.

Windows 2003 is out of date and MS isn't supporting it anymore I believe. I would go with Windows Server 2008 instead, its a lot secure and stable too.

The IT company I work for, uses Forefront, its quite good, but I would recommend Avast for Enterprise, it will do a better job than MS Forefront.