My main problem is that I have "lost" explorer.exe on my personal PC after running Kaspersky Anti-Virus Scan. Or HiJackThis, or something. I have an HP Pavillion750c running Windows XP Home (I'm currently using other hardware to communicate).
Approximately six weeks ago I ran McAfee Viruscan and there was a virus/Trojan that is didn't recognize and couldn't delete.
This is when my problems started. It disabled McAfee and I have spent much of the six weeks trying to recover from all of this. I finally came upon a forum suggesting Kaspersky and I think this one will work; I actually got a window from McAfee Security Center wanting to update my files. Haven't seen that in a long time. Prior to Kaspersky, I ran McAfee Free Viruscan; Microsoft AntiSpyware Beta.
I currently only show the desktop background and I can only access Task Manager. When I try to run C:\Windows\explorer.exe, I get the error that it cannot be found, even though I just browsed and selected it. My boot.ini reads:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
I have since tried to perform a restore and recovery. Nothing. I finally used my husband's copy of XP Home Edition, SP2 and loaded that yesterday. Still nothing. All I get is the desktop background, but no icons, taskbar etc. Windows is not
loading. Even SafeMode is just a black screen. So, through much procrastinating, I am finally sending you my HijackThis logfile. I would very much appreciate any hints/thoughts you might find for me to correct my situation.
I know everyone is very busy so feel free to take some time with this. I have another box I can hook up to if I have to. Thank you in advance.
Logfile of HijackThis v1.99.1
Scan sved at 9:49:39 AM, on 5/16/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System21\smss.exe
C:\WINDOWS\System21\winlogon.exe
C:\WINDOWS\System21\services.exe
C:\WINDOWS\System21\lsass.exe
C:\WINDOWS\System21\svchost.exe
C:\WINDOWS\System21\svchost.exe.exe
C:\WINDOWS\System21\spoolsv.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exespoolsv.exe
C:\WINDOWS\System21\taskmgr.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R1 - HKCU\Sofware\Microsoft\Windows\CurrentVersion\Internet Setting,ProxyServer = http=127.0.0.1:83
R1 - HKCU\Sofware\Microsoft\Windows\CurrentVersion\Internet Setting,ProxyOverride = localhost;<local>
02 - BHO: XMLDP Class - {60371670-81 9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll (file missing)
04 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
04 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
04 - HLKM\..\Run: [SDK Codre Function22] sdkimddrpovement2.exe
04 - HLKM\..\Run: [S3TRAY2] s3tray2.exe
04 - HLKM\..\Run: [Recguard] C:\WINDOWS\System32\nsivcixdiagmox.exe
04 - HLKM\..\Run: [PX_I^'[]SHIN[YRJ] C:\WINDOWS\System32\nsivcixdagmox.exe
04 - HLKM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
04 - HLKM\..\Run: [MCUpdateExe] C:\PROGA~1\mcafee.com\agent\mcupdate.exe
04 - HLKM\..\Run: [MCAgentExe] C:\PROGA~1\mcafee.com\agent\mcaent.exe files\mcafee.com\agent\mcagent.exe
04 - HLKM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
04 - HLKM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
04 - HLKM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab]Kaspersky Anti-virus Personal\kav.exe /minimize
04 - HLKM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
04 - HLKM\..\Run: [hpsysdrv] C:\windows\system\hpsysdrv.exe
04 - HLKM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
04 - HLKM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
04 - HLKM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
04 - HLKM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
04 - HLKM\..\RunServices: [PX_I^' []SHIN[YRJ] C:\WINDOWS\System32\nsivcixdagmox.exe
04 - HLKM\..\RunServices: [SDK Codre Function22] sdkimddrovment2.exe
04 - HLKM\..\Run: [Weather] C:\PROGR~1\AWS\WEATHE~1\Weather.exe 1
04 - HLKM\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE
04 - HLKM\..\Run: [SMSSU] C:\WINDOWS\System32\Tmntsrv32.EXE
04 - HLKM\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
04 - HLKM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
04 - HLKM\..\Run: [ctfmon.exe] c:\WINDOWS\system32\ctfmon.exe
04 - HLKM\..\RunServices: [SDK Codre Function22] sdkimddprovment2.exe
04 - GLobal Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
04 - GLobal Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
04 - GLobal Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
04 - GLobal Startup: hp center.lnk - C:\Program Files\hp center\137903\Program\backWeb-137903.exe
04 - GLobal Startup: internat.exe
04 - GLobal Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
08 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
08 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
08 - Extra 'Tools' menuitem: Windows messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
08 - Extra button: WeatherBug - {AF6CABAB-61F9-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
08 - Extra button: Microsoft AntiSpyware helper - {F0E91F73-FCA0-4049-A9C5-A919C18F7960} - (no file) (HKCU)
08 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0E91F73-FCA0-4049-A9C5-A919C18F7960} - (no file) (HKCU)
012 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
012 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
016 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool -
http://go.microsot.c...467&clcid=0x409
016 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
016 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
016 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b)site.cab?1113
016 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...call/scan53.cab
016 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveXcan Installer Class) - http://www.pandasoft.../as5/asinst.cab
016 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
016 - DPF: {E06E2E99-0AA1-11D4-AbA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex...bex/ieatgpc.cab
016 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
017 - HKLM\System\CCS\Services\Tcpip\..\{5E4D95AB-95F5-4AFA-86E2-C5C180D7E007}: Domain - direcway.com
017 - HKLM\System\CCS\Services\Tcpip\..\{5E4D95AB-95F5-4AFA-86E2-C5C180D7E007}: NameServer = 66.82.4.8
023 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) Hughes network Systems - C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
023 - Service: Hardware Clock Driver (hwclock) - unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
023 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Anti-virus Personal\kavsvc.exe
023 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
023 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
023 - Service: Mcafee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - C:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Most of the above looks relatively familiar to me, but some is foreign.
Thank you again.
Sign In
Create Account
