explorer.exe wont load - w/ hijackthis log...

heres the link to my thread with a little bit of a summary of whats going on:

http://www.windowsbbs.com/showthread.php?p=330394#post330394

can anyone find anything out of place with my hijack this log?

ok I got a scan.

here it is:

 

Hello and welcome to WindowsBBS Removing Spyware & Viruses forum.


Below you will find my results and recommendations from your HijackThis! log file analysis. Please read ALL instructions carefully BEFORE proceeding.


Well I see two problems right off the bat; P2P file sharing applications and a LOP infection. Wonder how that got on board?


We can fix this pretty easily.


We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

• Open Windows Defender.
• Click on Tools, General Settings.
• Scroll down and uncheck Turn on real-time protection (recommended).
• After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you re-enable Real-time Protection again.


By using ANY form of P2P file sharing, you will be continuously open to infections EVERY time you DL something. I strongly recommend you remove all instances of it from your machine.


Access your Add or Remove Programs Control Panel by hitting your [Start] button, select Control Panel and click on Add or Remove Programs. Then find the following programs and click the [Change|Remove] button for each, if they are listed. If they are not, continue with instructions
Ares
WarezP2P Client
Bay Area Racing
Viewpoint <<-Stealth DL, bundled with AOL AIM. Used for online game playing. AIM still operational after removal. Will re-install with AIM update.


Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}


O3 - Toolbar: (no name) - {ED46E61C-C391-49ED-82F8-A3DCAA44671F} - (no file)

O3 - Toolbar: BayAreaRacing toolbar - {14124dd7-b8a3-4e74-8861-35ea8d17508f} - C:\Program Files\BayAreaRacing\tbBayA.dll (file missing)


O4 - HKLM\..\Run:[LIST DRV BAIT DASH] C:\Documents and Settings\All Users\Application Data\TimeChicListDrv\five sixth.exe

O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h

O4 - HKCU\..\Run: [mfcdclock] C:\DOCUME~1\Dean\APPLIC~1\LITEEL~1\vc joy pure.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h


O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm


O16 - DPF: WebControlDeploy - https://grouper.com/v1/GrouperSetup.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://deanh8.multiply.com/photos/uploader.cab



Search for, and delete, if found, the following files/folders:
C:\Program Files\Viewpoint<<<<---this folder
C:\Program Files\BayAreaRacing<<<<---this folder
C:\Program Files\Warez P2P Client<<<<---this folder
C:\Program Files\Ares<<<<---this folder
C:\Documents and Settings\All Users\Application Data\TimeChicListDrv<<<<---this folder
C:\DOCUME~1\Dean\APPLIC~1\LITEEL~1<<<<---this folder

Reboot post a new HJT log back into this thread please.

 

Reboot post a new HJT log back into this thread please.[/QUOTE]
I dont have access to a start menu and I cant get windows defender to start up.

I did the other things you mentioned to do but I couldnt find this file...
C:\DOCUME~1\Dean\APPLIC~1\LITEEL~1<<<<---this folder

 

Dean, it looks good now but let's wait for the final word from TeMerc. He has a good handle on this stuff.

When you finish, you may have to create a new login ID in order to get your Desktop back in shape. I'll link you up to the MS article for doing that in case you haven't had that pleasure before.

Create a new User Account per MS

Do that AFTER you finish with TeMerc. We don't want to muddy things up by interfering with the clean-up process.

 

Ok as surferdude said the log looks clear.

However was the log made in safe mode? If so we need a log now in normal mode to get a look at everything that would run as the box starts up.

For the start menu problem lets run this fix on line 117 and see if that cures the problem.

And what happens when you try to start Windows Defender, error message does it start and shut down, explain please.

 

That log was made in normal mode. When I try to start defender, nothing happens.. I go to start new task, browse for the windows defender program, click on it and then nothing loads.

The reason my startmenu isnt loading is because explorer.exe isnt loading.

I downloaded the file on 117, what do I do with it now?

 

Double click the downloaded .reg file and allow it to merge data to your Registry. Reboot for effect.

 

ooh ok, its restarting now so we will see if it helps.

 

You downloaded the wrong file! It's line 117 and it's a .reg file named nodesktop.reg

http://www.kellys-korner-xp.com/regs_edits/nodesktop.reg

there's a direct link.

 

yeah I edited my post, i figured that out after you said it should be a reg file

 

I still have no desktop/start menu and explorer.exe still wont load.

 

Open Task Manager and go to File > New Task and type NUSRMGR.CPL and press enter. If you get the User applet, create a new user with administrative privileges. Exit and see if you can log on to the new account.

 

nope, still nothing

 

Now come the Registry part that we've been dancing around. I think you can do this if you are willing to try. Just be reasonably careful and let's see if we can't do some exploring.

Open Regedit via Task Manager. The key we are looking for is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

When you get to that key, we need to verify that there are the following Value Strings on the right side panel:

Name= Shell
Data = explorer.exe

Name = Userinit
Data = C:\Windows\system32\userinit.exe,

Give that a shot and report back what you find. They need to exist EXACTLY as shown.

 

they both look good

 

OK, that's all we can do. I think you're facing a Repair install at best and if that fails a clean install.

Did you try running sfc /scannow from the Task Manager? Might as well give that a shot as a last ditch hope. I have little faith in it doing any magic. Try it anyway and post back.

 

it says some files are missing and I need my XP CD to install them again.

I guess it looks like I need to get a CD some how.

 

everytime i try to go to new task and tell it to open explorer.exe my computer makes a weird noise from the inside.

maybe the hd is bad?

 

Run chkdsk /r from the Task Manager.

EDIT: It will inform you that it needs to reboot to lock the drive. Do so and hope for a miracle. I'll check back in a bit to allow you time to complete the drive check. It takes a while.

That would be a good idea.

 

I'm checkin' into the goose hair for today. I'll leave you with a little task:

From Task Mgr run cmd to open the command screen. Then type cd \windows press enter. Then type dir /s explorer.exe press enter. You should get three copies of explorer and they should all be the same size. 1,032,192 bytes each.

then type dir /s userinit.exe press enter. You should get three copies of userinit and they should all be the same size. 24,575 bytes each.