--------------------------------------------------------------------------------
Hey everyone,
just like most NEW people in this forum, I'm having some problems and I'm hoping a good sould will help me out.
I believe I'm infected by a mass-mailer virus.
Hundreds of emails are being sent out from my server and I'm getting undeliverable messages.
We are gettin TONS of spam, many of which contain infected files.
I installed Symantec Messaging exchange and it's blocking many of the infected messages but I can't get it to stop. Non of the antivirus programs will detect any virus. It does however detect incoming files that are infected.
I've copied the log fro hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 10:28:02 AM, on 10/31/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Advantage\Server\ADS.EXE
D:\Program Files\ArrayManager\AFA\afaagent.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
c:\bill\bill.exe
D:\Program Files\ihv\CIO\IOMGR.EXE
D:\PROGRAM FILES\HIP\bin\dcevt32.exe
D:\PROGRAM FILES\HIP\bin\dcstor32.exe
D:\Program Files\ol-diags11\OLDiags\bin\OLDserv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\CA\eTrust\InoculateIT\InoNmSrv.exe
D:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
D:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
D:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\LogWatNT.exe
D:\Program Files\ihv\LSILOGIC\LSIDMIBrowser\LSIRPC.exe
D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
D:\Program Files\ihv\CIO\PORTSERV.EXE
C:\WINNT\system32\ntfrs.exe
D:\Program Files\Drac\client\RacAddrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESrv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Pwrchute\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSECtrl.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSEUI.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\ihv\CIO\IOMRPCCM.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSELog.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESJM.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSETask.exe
D:\Program Files\ihv\CIO\CIONOTIFIER.EXE
D:\Program Files\ol-diags11\OLDiags\bin\Apache.exe
C:\WINNT\System32\tcpsvcs.exe
D:\Program Files\ol-diags11\OLDiags\bin\Apache.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\modemshr.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
D:\Program Files\ihv\CIO\IOMRPCEV.EXE
C:\Program Files\Microsoft ISA Server\mspadmin.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Microsoft ISA Server\w3proxy.exe
C:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\Program Files\Microsoft ISA Server\wspsrv.exe
D:\Program Files\Drac\client\MStation.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\HPPROPTY.EXE
D:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
D:\Program Files\Drac\client\CmdSrvr.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\bill\srvmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Symantec\SMSMSE\5.0\UI\Symantec.MailSecurity .UI.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESpamStatsM anager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
D:\Utilities\tcp view\Tcpview.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSELive.exe
C:\WINNT\system32\CMD.exe
C:\WINNT\system32\FTP.EXE
C:\WINNT\system32\find.exe
D:\Utilities\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = SERVER2:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP LaserJet ToolBox] HPPROPTY.EXE
O4 - HKLM\..\Run: [Realtime Monitor] "D:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Bill] c:\bill\bill.lnk
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Command Server.lnk = D:\Program Files\Drac\client\CmdSrvr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Revolution Web Call Accounting service monitor.lnk = C:\bill\srvmon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123586162015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124246135265
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://iawcorp.com/tsweb/msrdp.cab
O16 - DPF: {E19F9330-3110-11d4-991C-005004D3B3DB} (Java Runtime Environment 1.3.0_01) - http://192.168.16.2:7273/j2re-1_3_0_01-win-i.exe
O16 - DPF: {ED990224-80E6-11D3-9190-00105AE647BB} (RACView Control) - file://D:\Program Files\Drac\client\Web\WebRacView.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pro-ad.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A1899B2-2BB9-4431-9CF1-98947CD537BA}: NameServer = 192.168.16.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDEE46FC-DD74-4E76-B3C0-50801DDBF7D5}: NameServer = 192.168.16.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pro-ad.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pro-ad.com
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Advantage Database Server (Advantage) - Extended Systems, Inc. - C:\Advantage\Server\ADS.EXE
O23 - Service: PERC2 Remote Services Agent (AFA_AGENT) - Adaptec, Inc. - D:\Program Files\ArrayManager\AFA\afaagent.exe
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: Backup Exec 8.x Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec 8.x Alert Server (BackupExecAlertServer) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\alertServer.exe
O23 - Service: Backup Exec 8.x Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec 8.x Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec 8.x Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec 8.x Notification Server (BackupExecNotificationServer) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\nsvr.exe
O23 - Service: Backup Exec 8.x Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: CAMService - Unknown owner - c:\bill\bill.exe
O23 - Service: CIO Array Management Service 4.01 (CIOArrayManagement) - Adaptec, Inc. - D:\Program Files\ihv\CIO\IOMGR.EXE
O23 - Service: CIOArrayManager RPC Command - Unknown owner - D:\Program Files\ihv\CIO\IOMRPCCM.EXE
O23 - Service: CIOArrayManager RPC Event - Unknown owner - D:\Program Files\ihv\CIO\IOMRPCEV.EXE
O23 - Service: CIO Event Notifier (CIOEventNotifier) - Unknown owner - D:\Program Files\ihv\CIO\CIONOTIFIER.EXE
O23 - Service: Dell OpenManage Server Agent DMI (dcdmi32) - Dell Computer Corporation. - D:\PROGRAM FILES\HIP\bin\dcdmi32.exe
O23 - Service: Dell OpenManage Server Agent Event Monitor (dcevt32) - Dell Computer Corporation. - D:\PROGRAM FILES\HIP\bin\dcevt32.exe
O23 - Service: Dell OpenManage Server Agent (dcstor32) - Dell Computer Corporation. - D:\PROGRAM FILES\HIP\bin\dcstor32.exe
O23 - Service: Dell OpenManage VA Subscription - Unknown owner - D:\Program Files\VersionAssistant\MN\DVCNSubscribe.exe
O23 - Service: dellw3c - Unknown owner - D:\Program Files\ol-diags11\OLDiags\bin\Apache.exe
O23 - Service: dellw3j - Unknown owner - D:\Program Files\ol-diags11\OLDiags\bin\OLDserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: eTrust InoculateIT Admin Server (InoNmSrv) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoNmSrv.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: LSI RPC Proxy Service (LSIRPC) - Unknown owner - D:\Program Files\ihv\LSILOGIC\LSIDMIBrowser\LSIRPC.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - C:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: NobleNet Portmapper - Unknown owner - D:\Program Files\ihv\CIO\PORTSERV.EXE
O23 - Service: DRAC AddressBook Server (RacAddrBook) - American Megatrends Inc. - D:\Program Files\Drac\client\RacAddrs.exe
O23 - Service: DRAC CardObject Server (RacObject) - American Megatrends Inc. - D:\Program Files\Drac\client\MStation.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Mail Security Spam Statistics (SAVFMSESpamStatsManager) - Symantec Corporation - C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESpamStatsM anager.exe
O23 - Service: Symantec Mail Security for Microsoft Exchange (SMSMSE) - Symantec Corporation - C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESrv.exe
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - C:\Program Files\Pwrchute\ups.exe
O23 - Service: Win32SL (Win32sl) - Intel - D:\PROGRAM FILES\HIP\DMI\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
--------------------------------------------------------------------------------
Hey everyone,
just like most NEW people in this forum, I'm having some problems and I'm hoping a good sould will help me out.
I believe I'm infected by a mass-mailer virus.
Hundreds of emails are being sent out from my server and I'm getting undeliverable messages.
We are gettin TONS of spam, many of which contain infected files.
I installed Symantec Messaging exchange and it's blocking many of the infected messages but I can't get it to stop. Non of the antivirus programs will detect any virus. It does however detect incoming files that are infected.
I've copied the log fro hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 10:28:02 AM, on 10/31/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Advantage\Server\ADS.EXE
D:\Program Files\ArrayManager\AFA\afaagent.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
c:\bill\bill.exe
D:\Program Files\ihv\CIO\IOMGR.EXE
D:\PROGRAM FILES\HIP\bin\dcevt32.exe
D:\PROGRAM FILES\HIP\bin\dcstor32.exe
D:\Program Files\ol-diags11\OLDiags\bin\OLDserv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\CA\eTrust\InoculateIT\InoNmSrv.exe
D:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
D:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
D:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\LogWatNT.exe
D:\Program Files\ihv\LSILOGIC\LSIDMIBrowser\LSIRPC.exe
D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
D:\Program Files\ihv\CIO\PORTSERV.EXE
C:\WINNT\system32\ntfrs.exe
D:\Program Files\Drac\client\RacAddrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESrv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Pwrchute\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSECtrl.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSEUI.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\ihv\CIO\IOMRPCCM.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSELog.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESJM.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSETask.exe
D:\Program Files\ihv\CIO\CIONOTIFIER.EXE
D:\Program Files\ol-diags11\OLDiags\bin\Apache.exe
C:\WINNT\System32\tcpsvcs.exe
D:\Program Files\ol-diags11\OLDiags\bin\Apache.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\modemshr.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
D:\Program Files\ihv\CIO\IOMRPCEV.EXE
C:\Program Files\Microsoft ISA Server\mspadmin.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Microsoft ISA Server\w3proxy.exe
C:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\Program Files\Microsoft ISA Server\wspsrv.exe
D:\Program Files\Drac\client\MStation.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\HPPROPTY.EXE
D:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
D:\Program Files\Drac\client\CmdSrvr.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\bill\srvmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Symantec\SMSMSE\5.0\UI\Symantec.MailSecurity .UI.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESpamStatsM anager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
D:\Utilities\tcp view\Tcpview.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSELive.exe
C:\WINNT\system32\CMD.exe
C:\WINNT\system32\FTP.EXE
C:\WINNT\system32\find.exe
D:\Utilities\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = SERVER2:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP LaserJet ToolBox] HPPROPTY.EXE
O4 - HKLM\..\Run: [Realtime Monitor] "D:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Bill] c:\bill\bill.lnk
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Command Server.lnk = D:\Program Files\Drac\client\CmdSrvr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Revolution Web Call Accounting service monitor.lnk = C:\bill\srvmon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123586162015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124246135265
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://iawcorp.com/tsweb/msrdp.cab
O16 - DPF: {E19F9330-3110-11d4-991C-005004D3B3DB} (Java Runtime Environment 1.3.0_01) - http://192.168.16.2:7273/j2re-1_3_0_01-win-i.exe
O16 - DPF: {ED990224-80E6-11D3-9190-00105AE647BB} (RACView Control) - file://D:\Program Files\Drac\client\Web\WebRacView.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pro-ad.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A1899B2-2BB9-4431-9CF1-98947CD537BA}: NameServer = 192.168.16.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDEE46FC-DD74-4E76-B3C0-50801DDBF7D5}: NameServer = 192.168.16.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pro-ad.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pro-ad.com
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Advantage Database Server (Advantage) - Extended Systems, Inc. - C:\Advantage\Server\ADS.EXE
O23 - Service: PERC2 Remote Services Agent (AFA_AGENT) - Adaptec, Inc. - D:\Program Files\ArrayManager\AFA\afaagent.exe
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: Backup Exec 8.x Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec 8.x Alert Server (BackupExecAlertServer) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\alertServer.exe
O23 - Service: Backup Exec 8.x Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec 8.x Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec 8.x Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec 8.x Notification Server (BackupExecNotificationServer) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\nsvr.exe
O23 - Service: Backup Exec 8.x Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: CAMService - Unknown owner - c:\bill\bill.exe
O23 - Service: CIO Array Management Service 4.01 (CIOArrayManagement) - Adaptec, Inc. - D:\Program Files\ihv\CIO\IOMGR.EXE
O23 - Service: CIOArrayManager RPC Command - Unknown owner - D:\Program Files\ihv\CIO\IOMRPCCM.EXE
O23 - Service: CIOArrayManager RPC Event - Unknown owner - D:\Program Files\ihv\CIO\IOMRPCEV.EXE
O23 - Service: CIO Event Notifier (CIOEventNotifier) - Unknown owner - D:\Program Files\ihv\CIO\CIONOTIFIER.EXE
O23 - Service: Dell OpenManage Server Agent DMI (dcdmi32) - Dell Computer Corporation. - D:\PROGRAM FILES\HIP\bin\dcdmi32.exe
O23 - Service: Dell OpenManage Server Agent Event Monitor (dcevt32) - Dell Computer Corporation. - D:\PROGRAM FILES\HIP\bin\dcevt32.exe
O23 - Service: Dell OpenManage Server Agent (dcstor32) - Dell Computer Corporation. - D:\PROGRAM FILES\HIP\bin\dcstor32.exe
O23 - Service: Dell OpenManage VA Subscription - Unknown owner - D:\Program Files\VersionAssistant\MN\DVCNSubscribe.exe
O23 - Service: dellw3c - Unknown owner - D:\Program Files\ol-diags11\OLDiags\bin\Apache.exe
O23 - Service: dellw3j - Unknown owner - D:\Program Files\ol-diags11\OLDiags\bin\OLDserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: eTrust InoculateIT Admin Server (InoNmSrv) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoNmSrv.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: LSI RPC Proxy Service (LSIRPC) - Unknown owner - D:\Program Files\ihv\LSILOGIC\LSIDMIBrowser\LSIRPC.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - C:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: NobleNet Portmapper - Unknown owner - D:\Program Files\ihv\CIO\PORTSERV.EXE
O23 - Service: DRAC AddressBook Server (RacAddrBook) - American Megatrends Inc. - D:\Program Files\Drac\client\RacAddrs.exe
O23 - Service: DRAC CardObject Server (RacObject) - American Megatrends Inc. - D:\Program Files\Drac\client\MStation.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Mail Security Spam Statistics (SAVFMSESpamStatsManager) - Symantec Corporation - C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESpamStatsM anager.exe
O23 - Service: Symantec Mail Security for Microsoft Exchange (SMSMSE) - Symantec Corporation - C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESrv.exe
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - C:\Program Files\Pwrchute\ups.exe
O23 - Service: Win32SL (Win32sl) - Intel - D:\PROGRAM FILES\HIP\DMI\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
- Conflict Essay Management
- Saranac Capital Management
Capital of the Adirondacks? State approves Saranac Lake’s new trademark phrase December 16, 2010
- Credit Counseling Debt Management Council
Money Management International (MMI) is a nonprofit, full-service credit-counseling agency, providing confidential financial guidance, financial education, counseling ...
- Sbc Yahoo Dial Connection Manager
- Product Managers Responsibilities