how-to block ads
|
richb2
Wooliewillie
join:2001-12-31
Montvale, NJ
|  HJT Log - only boots w/o networking
Logfile of HijackThis v1.99.1
Scan saved at 4:38:24 PM, on 10/9/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\explorer.exe
C:\hjt\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.1.1:21;gopher=192.168.1.1:80;http=192.168.1.1:80;https=192.168.1.1:443
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINNT\System32\performent011.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINNT\System32\zolker011.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINNT\System32\ztoolb011.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINNT\System32\ztoolb011.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\System32\intell32.exe
O4 - HKLM\..\Run: [AdService] C:\WINNT\System32\AdService.dll
O4 - HKLM\..\Run: [FSH] C:\WINNT\system32\svcnva.exe home
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKCU\..\Run: [HJ95 Sernum Check] d:\hjpro\bin\keycheck.exe
O4 - HKCU\..\Run: [HiJaak Expander] d:\hjpro\bin\expander.exe
O4 - HKCU\..\Run: [SHCenter.exe] d:\hjpro\bin\shcenter.exe
O4 - HKCU\..\Run: [runner.exe] d:\hjpro\bin\shcenter.exe
O4 - Global Startup: Iomega Quick Tools NT.lnk = C:\Iomg_NT\Quick.exe
O4 - Global Startup: Iomega Startup.lnk = C:\Iomg_NT\Quick.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ListGrabber - {CA1694AD-6CEA-4BBE-A00E-A09C1D589938} - C:\Program Files\eGrabber\ListGrabber Standard\InternetAddress.exe
O13 - WWW. Prefix: »
O16 - DPF: {0369528B-3082-11D2-9997-00A0C9B7A242} (PlaceWare Presentation-Upload Control) - »pwt.ops.placeware.com/etc/pwa/fr···trol.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - »housecall60.trendmicro.com/house···an60.cab
O16 - DPF: {33101C03-75C3-11CF-A8A0-444553540000} (Catalyst SocketWrench Control 3.6 (SP2)) - »www.dialeronline.net/CSWSK32.OCX
O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!»69.50.164.12/exp/mht/sext01.chm:···ller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···63695473
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - »a840.g.akamai.net/7/840/537/2004···an53.cab
O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - »209.225.30.147/gcc_installer/Web···uery.cab
O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - »content01.na.iconf.net/gcc_insta···ller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DOMAIN
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DOMAIN
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DOMAIN
O20 - Winlogon Notify: style2 - C:\WINNT\q682967365_disk.dll
O20 - Winlogon Notify: winrie32 - C:\WINNT\SYSTEM32\winrie32.dll
O21 - SSODL: IIIDBAGI - {7D4D3DCF-74DB-0EB1-4A34-6AC80521218A} - C:\WINNT\System32\Fkiammjm.dll (file missing)
O21 - SSODL: mtklefap - {DF251FFC-C57B-473A-8698-C099EA1F50D7} - C:\WINNT\System32\vpoa32.dll (file missing)
O23 - Service: AnmChannelFactoryServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELFACTORYSERVER.exe
O23 - Service: AnmChannelServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELSERVER.exe
O23 - Service: AnmLoggerServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMLOGGERSERVER.exe
O23 - Service: AnmSupplierServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMSUPPLIERSERVER.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: CT Bus Broker (CTBusBroker) - Dialogic Corporation - C:\PROGRA~1\Dialogic\bin\ctbbserv.exe
O23 - Service: Dialogic System Service (Dialogic) - Dialogic Corporation - C:\PROGRA~1\Dialogic\bin\dlgc_srv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe | |
|  
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Re: HJT Log - only boots w/o networking Hi richb2,
I see the problem and can write up some steps to try to resolve it, but you have all these other threads going showing the troubles with the crashing programs and boot problems trying to follow the FAQ. If you are trying a million other things from other threads while I'm trying to write this up, we'll all be confused. Can you just stick with this one and wait a minute while I write this up?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2005
Proud Member of ASAP (Alliance of Security Analysis Professionals) | |
| | richb2
Wooliewillie
join:2001-12-31
Montvale, NJ | Re: HJT Log - only boots w/o networking As I said in the other thread, there are two machines. Machine A which is almost OK, and machine B which is really screwed. Machine B is running Antivir right now. Machine A is idle. | |
| | |
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Re: HJT Log - only boots w/o networking Well, you have something like 4 threads going at once here and I'm looking at THIS one. It is severely infested requiriing some special tools to fix. I can only proceed on one at a time. And I can't tell if this is machine A or machine B.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2005
Proud Member of ASAP (Alliance of Security Analysis Professionals) | |
| | | | richb2
Wooliewillie
join:2001-12-31
Montvale, NJ | Re: HJT Log - only boots w/o networking I am going to close this and all except the Machine A, HJT log. How do I close these? | |
| | | | |
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | Re: HJT Log - only boots w/o networking You see the *hey mods* link under YOUR post? Hit that and request the threads you want closed. You can choose *other* and ask the Mods via the message box there to close each but the one you want help with first. This way we can tell which one is your priority. And if you are running additional tools on the one you want left open, please list ALL steps taken from the FAQ that you were able to complete and a fresh hijackthis log - so we can tell where you are! Thanks 
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2005
Proud Member of ASAP (Alliance of Security Analysis Professionals) | |
| | | (topic locked) | |
|
