Hi,
Something is generating hammering our internet connectiion, using all the abndwidth. After a bit of checking I managed to stop the problem by stoppping the SMTP service. Unfortunatley I need this service as the machine runs our Exchange Server.
Pretty sure it's not an open relay problem - the problem persists even if I srop all the exchange services.
Please help - below if the Hijack This log.
Thanks,
Leon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:49, on 10/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Documents and Settings\leon\WINDOWS\Syst
em32\smss.
exe
C:\WINNT\system32\winlogon
.exe
C:\WINNT\system32\services
.exe
C:\WINNT\system32\lsass.ex
e
C:\WINNT\System32\termsrv.
exe
C:\WINNT\system32\svchost.
exe
C:\WINNT\system32\spoolsv.
exe
C:\WINNT\system32\spool\DR
IVERS\W32X
86\3\OPHAL
DCS.EXE
C:\WINNT\system32\Dfssvc.e
xe
C:\WINNT\System32\svchost.
exe
C:\SterlingCommerce\SI\mys
ql\bin\mys
qld-nt.exe
C:\WINNT\system32\svchost.
exe
C:\Program Files\Microsoft BackOffice\Connectivity\PO
P3 Connector\vmimb.exe
C:\PROGRA~1\MICROS~4\MSSQL
\binn\sqls
ervr.exe
C:\WINNT\system32\ntfrs.ex
e
C:\WINNT\system32\regsvc.e
xe
C:\WINNT\System32\locator.
exe
C:\WINNT\system32\MSTask.e
xe
C:\WINNT\System32\svchost.
exe
C:\WINNT\System32\lserver.
exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\mspmspsv
.exe
C:\WINNT\system32\svchost.
exe
C:\WINNT\System32\tcpsvcs.
exe
C:\WINNT\System32\dns.exe
C:\SterlingCommerce\SI\bin
\ops.exe
C:\WINNT\System32\inetsrv\
inetinfo.e
xe
C:\WINNT\System32\msdtc.ex
e
C:\Program Files\Common Files\System\MSSearch\Bin\
mssearch.e
xe
C:\SterlingCommerce\SI\bin
\Noapp.exe
C:\Program Files\Microsoft ISA Server\mspadmin.exe
C:\Program Files\Microsoft ISA Server\wspsrv.exe
C:\PROGRA~1\MICROS~4\MSSQL
\binn\sqla
gent.exe
C:\Program Files\Microsoft ISA Server\w3proxy.exe
C:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\p
ptd40nt.ex
e
C:\WINNT\system32\spool\dr
ivers\w32x
86\3\hpzts
b04.exe
C:\Program Files\Java\j2re1.4.2_12\bi
n\jusched.
exe
C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe
C:\Program Files\BackupDirect\CBSysTr
ay.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\winlogon
.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINNT\System32\WBEM\Win
Mgmt.exe
C:\SterlingCommerce\SI\bin
\webdav.ex
e
C:\SterlingCommerce\SI\bin
\vslisten.
exe
C:\SterlingCommerce\SI\bin
\cla2clien
t.exe
C:\WINNT\system32\winlogon
.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\msiexec.
exe
C:\WINNT\system32\winlogon
.exe
C:\WINNT\system32\winlogon
.exe
C:\WINNT\system32\rdpclip.
exe
C:\WINNT\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\p
ptd40nt.ex
e
C:\WINNT\system32\spool\dr
ivers\w32x
86\3\hpzts
b04.exe
C:\Program Files\Java\j2re1.4.2_12\bi
n\jusched.
exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\mdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
s.exe
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page = C:\WINNT\system32\blank.ht
m
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyServer = 192.168.0.1:8080
F2 - REG:system.ini: UserInit=C:\WINNT\system32
\userinit.
exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINNT\System32\msdxm.oc
x
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\p
ptd40nt.ex
e
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\I
ndexSearch
.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\dr
ivers\w32x
86\3\hpzts
b04.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bi
n\jusched.
exe
O4 - HKUS\S-1-5-21-1659004503-1
645522239-
839522115-
1274\..\Ru
n: [internat.exe] internat.exe (User 'sonix')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-1659004503-164552
2239-83952
2115-1274 Startup: BackupDirect TaskBar Icon.LNK = C:\Program Files\BackupDirect\OLSysTr
ay.exe (User 'sonix')
O4 - .DEFAULT User Startup: BackupDirect TaskBar Icon.LNK = C:\Program Files\BackupDirect\OLSysTr
ay.exe (User 'Default user')
O4 - Global Startup: Backup Direct TaskBar Icon.LNK = C:\Program Files\BackupDirect\CBSysTr
ay.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINNT\system32\msjava.d
ll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINNT\system32\msjava.d
ll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\Documents and Settings\leon\WINDOWS\web\
related.ht
m (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\Documents and Settings\leon\WINDOWS\web\
related.ht
m (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
8CAB36FD2A
2} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
8CAB36FD2A
2} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\leon\windows\syst
em32\rnr20
.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
dll
O15 - Trusted Zone:
http://*.gameknot.comO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
060082AA75
C} (GpcContainer Class) -
https://stercomm.webex.com/client/v_mywebex-t20/webex/ieatgpc.cabO16 - DPF: {E82ED244-76EF-4D34-BDB3-A
B21A522F38
E} (webhelper Class) -
http://www.btconnect.com/public/home/download/btbconnectwebcontrol015.cabO17 - HKLM\System\CCS\Services\T
cpip\Param
eters: Domain = filtagroup.local
O17 - HKLM\System\CCS\Services\T
cpip\..\{0
6A81355-34
F5-4790-B4
9B-5D58A86
D3981}: NameServer = 193.113.209.14,193.113.209
.46
O17 - HKLM\System\CCS\Services\T
cpip\..\{0
B046527-DA
36-4D5C-87
D8-4295BFE
82E6D}: NameServer = 193.113.209.14,193.113.209
.46
O17 - HKLM\System\CCS\Services\T
cpip\..\{E
4888521-5C
89-4266-90
87-65DAC3B
7E17C}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\T
cpip\Param
eters: Domain = filtagroup.local
O17 - HKLM\System\CS1\Services\T
cpip\..\{0
6A81355-34
F5-4790-B4
9B-5D58A86
D3981}: NameServer = 193.113.209.14,193.113.209
.46
O17 - HKLM\System\CS2\Services\T
cpip\Param
eters: Domain = filtagroup.local
O17 - HKLM\System\CS2\Services\T
cpip\..\{0
6A81355-34
F5-4790-B4
9B-5D58A86
D3981}: NameServer = 193.113.209.14,193.113.209
.46
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\BackupDirect\AgentSr
v.EXE
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINNT\system32\spool\DR
IVERS\W32X
86\3\OPHAL
DCS.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.
exe
O23 - Service: Gentran Integration Suite at port 5000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin
\si.exe
O23 - Service: Gentran Integration Suite CmdLine2Adapter at port 5000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin
\cla2clien
t.exe
O23 - Service: Gentran Integration Suite EventListeners at port 5000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin
\vslisten.
exe
O23 - Service: Gentran Integration Suite Noapps at port 5000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin
\Noapp.exe
O23 - Service: Gentran Integration Suite Opsserver at port 5000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin
\ops.exe
O23 - Service: Gentran Integration Suite WebDav at port 5000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin
\webdav.ex
e
O23 - Service: Gentran_Integration_Suite_
MySql_at_p
ort_5000 - Unknown owner - C:\SterlingCommerce\SI\mys
ql\bin\mys
qld-nt.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
P~1\LUCOMS
~1.EXE
O23 - Service: MySql - Unknown owner - C:\SterlingCommerce\SI\mys
ql\bin\mys
qld-nt (file missing)
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - C:\Program Files\Pwrchute\ups.exe
--
End of file - 9102 bytes
Start Free Trial
