Bruce: > you state that "..An unauthorized user currently has the > ability to run > processed on the machine...." > > how do we know that.. The original poster stated he did know how what the process was. He stated he believed the machine was being attacked. He asked for advice from the community on how to handle the situation. The original poster's statments imply it was not put there by an authorized user. Someone does not just casually assume a machine has been hacked. They have a reason for suspecting it. Neil -- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details.