1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hi, can someone check this new log please?

Discussion in 'Virus & Other Malware Removal' started by pileyrei, Apr 6, 2004.

Thread Status:
Not open for further replies.
  1. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Hi

    It seems that over the last few weeks I haven't had a dull day at work! So many issues coming through.......

    If I open internet explorer the cpu usuage shoots to 100% and the webpage eventually times out. I've run spybot and adaware.

    Here is my log. Any nasties?

    PS: This is a work pc so expect to see a few strange entries.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:18:38, on 06/04/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\msdtc.exe
    C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\Visual IP InSight\AirProducts\ARUpld32.exe
    C:\Program Files\Visual IP InSight\AirProducts\ARMon32a.exe
    C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
    C:\PROGRA~1\NavNT\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\mqsvc.exe
    C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
    C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\S3Tray2.exe
    C:\WINNT\system32\tp4serv.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\WINNT\system32\RunDll32.exe
    C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\oliveran.europe\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aponline.apci.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aponline.apci.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [WinMsg50RegSet] C:\winnt\regedit.exe /s "C:\Program Files\AirProducts\WinMsgr50\HKCUSettings.reg"
    O4 - HKLM\..\Run: [WinMsg50IMSet] C:\WINNT\System32\wscript.exe "C:\Program Files\AirProducts\WinMsgr50\IMSetting.vbs"
    O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://aponline.apci.com
    O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://naex014p/TeamWorkspace/Components/outlctlx.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax.cab
    O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://us0131suad/tdbin/Spider80.ocx
    O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://mase2/ideaTracker/Cab/saxfile_new.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {964DD339-E1F3-4EBF-80CE-585296353E20} (APOutlookUtils.Library) - http://us0295expp/TeamWorkspace/Components/APOutlookUtils.CAB
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    O16 - DPF: {AF1574C9-94B5-46BF-8580-6EADF940EAC3} (APRuntime.DownloadStub) - http://naex014p/TeamWorkspace/Components/APRuntime.CAB
    O16 - DPF: {CDBD9968-7BF1-11D4-9D36-0001029DEBEB} (Loader Class) - http://testdir/tdbin/Spider.ocx
    O16 - DPF: {D166EE70-4D87-11D2-B8B2-0000C00A958C} (FarPoint Spread 3.0 (OLEDB)) - http://mase2.apci.com/edaapps/edacommon/CabFiles/FarPoint/Spread.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DAFD7A40-73FF-11D1-A811-00AA006EAC9D} (Microsoft SS Outlook Control) - http://us0119ssgp/teamworkspacesearch/exciol.ocx
    O16 - DPF: {E7B62F4E-82F4-11D2-BD41-00105A0A7E89} (FileManager Class) - http://rdweb.america.apci.com/geo/saxfile.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D210EE8-988F-4AED-91F6-332154F92C85}: Domain = apci.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E91A996F-95A7-4F6C-892A-A1C30C81CB20}: Domain = APCI.COM
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com

    Thanks

    Pileyrei
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    this is a semi unklnown, O2 - BHO: (no name) - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
    I know what it does and who makes it ,but don't know anyone else who uses it. Any BHO will take IE memory and could cause IE instabilities, I am not saying it's the cause but it is one possibility.

    to eliminate it or confirm it as the cause then doewnload BHO demon from http://www.definitivesolutions.com/bhodemon.htm

    that allows you to easily enable & disable bho's without any propblems, disable it, see if IE problems stop and you have your answer.
    If it isn't the cause, then re-enable it again



    I can't find anything about these so I don't know

    Have you installed them and know what they are, II think they are part of your IP Insight program and have seen several reports of difficulties seting up that program, causing loss of connections


    O4 - HKLM\..\Run: [WinMsg50RegSet] C:\winnt\regedit.exe /s "C:\Program Files\AirProducts\WinMsgr50\HKCUSettings.reg"
    O4 - HKLM\..\Run: [WinMsg50IMSet] C:\WINNT\System32\wscript.exe "C:\Program Files\AirProducts\WinMsgr50\IMSetting.vbs"
    O16 - DPF: {CDBD9968-7BF1-11D4-9D36-0001029DEBEB} (Loader Class) - http://testdir/tdbin/Spider.ocx
     
  3. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Hi Derek

    Thanks very much for your input. The BHO program did not resolve the problem but its a good one to remember for the future, thanks!

    The other two entries refer to msn messenger I believe and should be ok.
    I'll carry on looking into the issue. I have a hunch its our in house firewall causing problems. We've had loads of issues with it!

    Regards

    Pileyrei
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217588

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice