1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What is wmiapsrv.exe? (StartupList v1.52 log)

Discussion in 'Windows XP' started by NameTooLong, Sep 28, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. NameTooLong

    NameTooLong Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    325
    What is wmiapsrv.exe? I've never seen it in my processes before... I searched on the internet and couln't find anything. Should I be concerned? Feel free to offer advice about the other stuff in the log (although I know what most of it is)...

    StartupList report, 9/28/2003, 2:10:38 AM
    StartupList version: 1.52
    Started from : C:\Program Files\StartupList\StartupList v1.52.1.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\KEMailKb\KEMailKb.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\Program Files\Atomic Clock Sync\Atomic.exe
    C:\Program Files\Desktop Calendar\Desktop Calendar.exe
    C:\Program Files\Gaim\gaim.exe
    C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro 1.40.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Hotmail Popper\hotpop.exe
    C:\Program Files\PopTray\PopTray.exe
    C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe << THIS ONE RIGHT HERE...
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\StartupList\StartupList v1.52.1.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\drivel\Start Menu\Programs\Startup]
    Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
    PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
    Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    ScriptSentry = C:\Program Files\Script Sentry\ScriptSentry.exe /check
    KEMailKb = C:\PROGRA~1\KEMailKb\KEMailKb.EXE
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    CoolSwitch = C:\WINDOWS\System32\taskswitch.exe
    Atomic.exe = C:\Program Files\Atomic Clock Sync\Atomic.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    NVIEW = rundll32.exe nview.dll,nViewLoadHook
    Desktop Calendar = C:\Program Files\Desktop Calendar\Desktop Calendar.exe
    Gaim = C:\Program Files\Gaim\gaim.exe
    FreeRAM XP = "C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro 1.40.exe" -win

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (disabled by BHODemon) - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.079375

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\DOCUME~1\drivel\LOCALS~1\Temp\GLB1A2B.EXE


    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 6,200 bytes
    Report generated in 0.040 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  3. NameTooLong

    NameTooLong Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    325
    Uhhh... oh yeah... there it is... lol :D Thanks for the quick reply...

    BTW... www.blackviper.com says it's an unneeded service and can be set to disabled. :D
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No prob! :D
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168008

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice