Logfile of HijackThis v1.99.1
Scan saved at 14:31:33, on 4.10.2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
D:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
D:\Program Files\Symantec\pcAnywhere\awhost32.exe
D:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINNT\system32\certsrv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
D:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
D:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
D:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINNT\System32\ismserv.exe
D:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\System32\snmp.exe
D:\Program Files\systemhound\shservice.exe
C:\UPSMAN\UMCLIENT\UMC_SERV.EXE
C:\UPSMAN\UMAGENT\UMA_SERV.EXE
C:\WINNT\System32\wins.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\cmd.exe
C:\UPSMAN\UMCLIENT\UMC.EXE
C:\UPSMAN\UMAGENT\UMAEX.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\Atiptaxx.exe
D:\Program Files\Axis Communications\Print System\TrayIcon.exe
D:\Program Files\Axis Communications\Print System\DriverScanner.exe
D:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
C:\WINNT\system32\ctfmon.exe
C:\LS3\LS3EXEC.EXE
D:\Program Files\Sygate\SPF\Smc.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\System32\mdm.exe
C:\WINNT\system32\spoolsv.exe
c:\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AXIS Print System TrayIcon] D:\Program Files\Axis Communications\Print System\TrayIcon.exe
O4 - HKLM\..\Run: [AXIS Printer Driver Scanner] D:\Program Files\Axis Communications\Print System\DriverScanner.exe
O4 - HKLM\..\Run: [Realtime Monitor] D:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe -s
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LSIII Executor.lnk = C:\LS3\LS3EXEC.EXE
O20 - Winlogon Notify: dimsntfy - C:\WINNT\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - D:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - D:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - D:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - D:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: systemhound scheduler - Software Innovations UK Limited - D:\Program Files\systemhound\shservice.exe
O23 - Service: UM-Client - Unknown owner - C:\UPSMAN\UMCLIENT\UMC_SERV.EXE
O23 - Service: UM-Agent (UmAgent) - Unknown owner - C:\UPSMAN\UMAGENT\UMA_SERV.EXE


Logfile of HijackThis v1.99.1
Scan saved at 14:35:40, on 4.10.2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\IBM\ServeRAID Manager\RaidServ.exe
C:\UPSMAN\UMCLIENT\UMC_SERV.EXE
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINDOWS\system32\cmd.exe
C:\UPSMAN\UMCLIENT\UMC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Exchsrvr\bin\store.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\totalcmd\TOTALCMD.EXE
d:\Orodja\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: ServeRAID Manager Agent (ServeRAIDManagerAgent) - IBM Corporation - C:\Program Files\IBM\ServeRAID Manager\RaidServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UM-Client - Unknown owner - C:\UPSMAN\UMCLIENT\UMC_SERV.EXE

You here last month, and understandably, Mosaic1 was a wee bit upset.

Now you are back, with two Windows 2003 machines.

Sorry, but I am going to lock this thread and ask that you take your problems elsewhere.

GSF will no longer be available to you for HJT logs.

lpp