Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Exchange Mail Queue Full

  • This topic is locked This topic is locked
1 reply to this topic

#1 killowatthours


  • Members
  • 1 posts
  • Local time:11:32 PM

Posted 26 September 2007 - 06:30 PM

My Exchange server smtp queue is filling up with tons of spam. Can't tell if it is actually on the server itself or one of the workstations. Hope this helps with finding it

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:22 PM, on 9/26/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\SAV\DefWatch.exe
D:\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
C:\Program Files\RDS\RsiSvc.exe
C:\Program Files\RDS\srscandr.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESrv.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSECtrl.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSEUI.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESp.exe
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSELog.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESJM.EXE
C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSETask.exe
C:\Program Files\SAV\Rtvscan.exe
C:\Program Files\RDS\ddsschednt.exe
C:\Program Files\RDS\dds.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\RDS\spooler.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\NovaNet-WEB Backup\TrayControl.exe
D:\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
D:\Sybase\SQL Anywhere 9\Shared\Sybase Central 4.2\scjview.exe
D:\Program Files\NovaNet-WEB Backup\BackupClientSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] D:\Program Files\NovaNet-WEB Backup\TrayControl.exe
O4 - HKCU\..\Run: [DBISQL9] "D:\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [SybaseCentral42] "D:\Sybase\SQL Anywhere 9\Shared\Sybase Central 4.2\scjview.exe" -preload
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: NovaNet-WEB Backup Tray Control.lnk = D:\Program Files\NovaNet-WEB Backup\TrayControl.exe
O4 - Global Startup: Start Delivery Services.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://support.aficio.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.bowdoin.edu
O15 - ESC Trusted Zone: http://www.bris.ac.uk
O15 - ESC Trusted Zone: http://web.bsu.edu
O15 - ESC Trusted Zone: http://www.ccvsoftware.com
O15 - ESC Trusted Zone: http://www.colostate.edu
O15 - ESC Trusted Zone: http://www.comphelpone.com
O15 - ESC Trusted Zone: http://ftp.us.dell.com
O15 - ESC Trusted Zone: http://support.dell.com
O15 - ESC Trusted Zone: http://www.download.com
O15 - ESC Trusted Zone: http://www.ebby.com
O15 - ESC Trusted Zone: http://www.eggheadcafe.com
O15 - ESC Trusted Zone: http://*.foxitsoftware.com
O15 - ESC Trusted Zone: http://*.fs1
O15 - ESC Trusted Zone: http://www.gestetner.com
O15 - ESC Trusted Zone: http://www.gestetnerusa.com
O15 - ESC Trusted Zone: http://www.godaddy.com
O15 - ESC Trusted Zone: http://pagead2.googlesyndication.com
O15 - ESC Trusted Zone: http://mail.herrodtech.com
O15 - ESC Trusted Zone: http://support.irsaims.com
O15 - ESC Trusted Zone: http://www.mergertree.com
O15 - ESC Trusted Zone: http://www.msn.com
O15 - ESC Trusted Zone: http://www.pugh.co.uk
O15 - ESC Trusted Zone: http://www.qub.ac.uk
O15 - ESC Trusted Zone: http://docushare.subr.edu
O15 - ESC Trusted Zone: http://www.sussex.ac.uk
O15 - ESC Trusted Zone: http://fileconnectdl.symantec.com
O15 - ESC Trusted Zone: http://www.tech-archive.net
O15 - ESC Trusted Zone: http://www.ucalgary.ca
O15 - ESC Trusted Zone: http://www.cstore.ucf.edu
O15 - ESC Trusted Zone: http://download2.veritas.com
O15 - ESC Trusted Zone: http://www.veritas.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://www.wmin.ac.uk
O15 - ESC Trusted Zone: http://www.york.ac.uk
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range:
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135795315593
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = costlow.net
O17 - HKLM\Software\..\Telephony: DomainName = costlow.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{06ED5A2A-4C00-4F2A-A235-9B47341B2C7F}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = costlow.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{06ED5A2A-4C00-4F2A-A235-9B47341B2C7F}: NameServer =
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BackupClientSvc - Unknown owner - D:\Program Files\NovaNet-WEB Backup\BackupClientSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dds Scheduler Deamon (DdsSched) - RICOH Company Ltd. - C:\Program Files\RDS\ddsschednt.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Mars Database Server (MarsDB) - iAnywhere Solutions, Inc. - D:\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: Ridoc Server Information Service (RsiSvc) - RICOH Company Ltd. - C:\Program Files\RDS\RsiSvc.exe
O23 - Service: Symantec Mail Security Spam Statistics (SAVFMSESpamStatsManager) - Symantec Corporation - C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESpamStatsManager.exe
O23 - Service: ScanRouterDriverV2 - Ricoh Co.,Ltd. - C:\Program Files\RDS\srscandr.exe
O23 - Service: Symantec Mail Security for Microsoft Exchange (SMSMSE) - Symantec Corporation - C:\Program Files\Symantec\SMSMSE\5.0\Server\SAVFMSESrv.exe
O23 - Service: SOption - RICOH Company Ltd. - C:\Program Files\RDS\SOption.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe

End of file - 9931 bytes

BC AdBot (Login to Remove)


#2 Grinler


    Lawrence Abrams

  • Admin
  • 43,640 posts
  • Gender:Male
  • Location:USA
  • Local time:01:32 AM

Posted 08 October 2007 - 11:27 AM

After reviewing your log, it has been determined, that there are no infections present on your computer.
Please create another Topic, in the Business Applications forum, with a thorough explanation of the problems you're experiencing, such as:
How long have you had this problem?
What have you done to try and correct this problem?
Is this a persistent problem. or does it just occur occasionally?
Have you installed any new hardware/software recently?
What were you doing when this problem first started?
The exact Error Messages, you may have received.

Please also include:
Operating System (XP Home, XP Pro, etc.)
Browser (Internet Explorer, Firefox, etc.)
Antivirus used
Spyware/Malware programs used

By including as much information as possible, we will better be able to understand your problem, which will result in your computer being fixed, in the most timely manner.

Also, to avoid confusion, mention that you have already posted a HijackThis log, and it was found that you had no infections.
This will prevent others from suggesting, that you post a HJT log for examination.

Since there were no infections found, on your computer, I will now close this Topic.
If you have any questions, don't hesitate to PM me.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users