TechSpot

Hijack Log -- Can't load explorer OR boot in Safe Mode

By adampm
Jun 7, 2005
  1. I began experiencing problems with my system yesterday evening. I cannot run Explorer (when I try to open the program, the system hangs and I get an error message) or Norton (same problem). I can run Netscape, but I can't download anything to my local drives.

    I've tried to boot the system in safe mode, but it doesn't work properly. It boots to a black screen and just gives an error that Windows Explorer won't load properly. The only thing I can do in safe mode is get to the task manager via ctrl-alt-delete and shutdown.

    I'm running XP Home Edition and it is fully up-to-date with regard to critical updated, etc.

    I ran Hijackthis and got the following:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:15:24 PM, on 6/7/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\NavNT\vptray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.upenn.edu/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.upenn.edu"); (C:\Documents and Settings\Adam_Michaels\Application Data\Mozilla\Profiles\default\i7qneo3s.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Adam_Michaels\Application Data\Mozilla\Profiles\default\i7qneo3s.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RunDlI] C:\windows\systemp\server.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\PLUGINS\NPDocBox.dll
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.usmd.edu/wfplayer/tdserver.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092968554338
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - https://www.oxhp.com/BenSum/swiftview/svinstall_a_stat.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://guest:guest@155.247.171.2/activex/AxisCamControl.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1437/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/webcam/v110/yvwrctl.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

    Any suggestions?
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    server.exe

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    O4 - HKLM\..\Run: [RunDlI] C:\windows\systemp\server.exe

    Now click on the Fix Checked button in HJT.

    When done, delete the highlighted \directory-name\ with everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
     
  3. adampm

    adampm TS Rookie Topic Starter

    I can't boot into safe mode. It boots to a black screens, gives an error that winexplorer can't load, and hangs...
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Then do it in normal mode.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.