What i do is the following:
I try to run explorer.exe or go there by double clicking the 'my computer'
No I get an error or no response at all
When I want to try to navigate with the explorer the maplist on the left only shows desktop and no further options.
The only thing I can use to navigate throught it is by filling the right address in the addressbar.
When I want to delete sum useless files in the system32, files that are made by unexpected shutdown, it says access denied or cannot read from source file or disk.
it is a PDC controller and Im a lil scared to reboot it, cause i think it might not get back into his Windows environment.
Any tips anyone?
Logfile of HijackThis v1.98.2
Scan saved at 11:11:20, on 24-5-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\PROGRA~1\Adaptec\STORAG~1\service.exe
C:\PROGRA~1\Adaptec\STORAG~1\ASMProServer.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\CA\eTrust\InoculateIT\InoNmSrv.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINNT\System32\ismserv.exe
D:\SYSVOL\sysvol\BTH-CAD\scripts\kxrpc.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\system32\MGE\RunSC.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\MGE\PCtl.exe
c:\winnt\rkillsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\MGE\BIL.EXE
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\MGE\CILUSB.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\WINNT\system32\Atiptaxx.exe
D:\INSTALL\___software\___Tools\spytools\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.7.1:3128
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BTH-CAD
O17 - HKLM\System\CCS\Services\Tcpip\..\{493E8B0F-8755-4DE2-8035-ADBFA728933C}: NameServer = 192.168.7.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D7266D-D1F8-4951-A0BE-78136F492194}: NameServer = 192.168.7.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F07ED017-621B-4993-9C58-2DD9679211DC}: NameServer = 192.168.7.151,192.168.7.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BTH-CAD
O17 - HKLM\System\CS1\Services\Tcpip\..\{493E8B0F-8755-4DE2-8035-ADBFA728933C}: NameServer = 192.168.7.151
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BTH-CAD
O17 - HKLM\System\CS2\Services\Tcpip\..\{493E8B0F-8755-4DE2-8035-ADBFA728933C}: NameServer = 192.168.7.151