Jump to content


Photo

Please review this log


  • Please log in to reply
4 replies to this topic

#1 bheywow

bheywow

    Member

  • New Member
  • Pip
  • 4 posts

Posted 18 June 2004 - 10:32 PM

It looks stranger than it is, this is a Windows 2003 server running citrix, so several people log in at the same time.

The problem has to do with poor launching times with IE, sometimes it is fine, sometimes it can take 30 seconds or longer to access a website (even if it is cached) This delay can happen anytime even after a reboot when only a single user is logged in, any assistance would be appreciated

Also when this delay occurs you get an hourglass and cannot access any other programs running or any menus within windows. this all began about 3 weeks ago, prior to that it worked fine.

Logfile of HijackThis v1.97.7
Scan saved at 12:33:08 PM, on 6/16/2004
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
U:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Dell\OpenManage\RAC\MN\racsrvc.exe
C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\Program Files\Citrix\Installer\AgentSVC.exe
C:\WINDOWS\System32\cdmsvc.exe
C:\Program Files\Citrix\Installer\saginst.exe
C:\WINDOWS\System32\ctxxmlss.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\system32\encsvc.exe
C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
C:\WINDOWS\system32\mfcom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dell\OPENMA~1\oldiags\vendor\pcdoctor\bin\diagorb.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\wfshell.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\wfshell.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\bhw\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.integtech.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O10 - Broken Internet access because of LSP provider 'u:\windows\system32\mswsock.dll' missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab
O16 - DPF: {25D8D7E0-2A54-4D4D-A55D-C247D83C0A75} (BOSIActiveFormX Control) - http://65.167.107.17...ActiveXGrid.cab
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://msam01/Websit...bsiteViewer.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://appserver01/p...ts/pjclient.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {7A39242D-58D7-421D-81EF-BD67FEBDDBB2} (BOSIActiveXMemo Control) - http://66.167.107.17...MemoControl.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?37956.3928125
O16 - DPF: {ABE0CADC-D722-4D73-A845-8948FF858A02} (Audit Object) - http://66.167.107.17...rackitAudit.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://appserver01/p...033/pjcintl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://advancedmeet...bex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://secure.it.co...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IT.local
O17 - HKLM\Software\..\Telephony: DomainName = IT.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{1895CB8A-C082-4E40-BAEF-7E96111D54F3}: NameServer = 172.16.1.11,172.16.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IT.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{1895CB8A-C082-4E40-BAEF-7E96111D54F3}: NameServer = 172.16.1.11,172.16.1.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IT.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{1895CB8A-C082-4E40-BAEF-7E96111D54F3}: NameServer = 172.16.1.11,172.16.1.10

#2 bheywow

bheywow

    Member

  • New Member
  • Pip
  • 4 posts

Posted 22 July 2004 - 01:53 AM

Anyone?

#3 bheywow

bheywow

    Member

  • New Member
  • Pip
  • 4 posts

Posted 03 August 2004 - 12:12 AM

bump

Still waiting

#4 Apophis_darkblade

Apophis_darkblade

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 03 August 2004 - 12:21 AM

Update hijack this! and repost a log report.


Thanks.

#5 bheywow

bheywow

    Member

  • New Member
  • Pip
  • 4 posts

Posted 03 August 2004 - 12:01 PM

Thanks, but I will pass




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button