Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Explorer unusable and not possible to delete files


  • Please log in to reply

#1
NeCrite

NeCrite

    New Member

  • Member
  • Pip
  • 8 posts
Below you can find the log that HiJackThis made. I almost couldnt run the program at all.

What i do is the following:
I try to run explorer.exe or go there by double clicking the 'my computer'
No I get an error or no response at all
When I want to try to navigate with the explorer the maplist on the left only shows desktop and no further options.
The only thing I can use to navigate throught it is by filling the right address in the addressbar.
When I want to delete sum useless files in the system32, files that are made by unexpected shutdown, it says access denied or cannot read from source file or disk.

it is a PDC controller and Im a lil scared to reboot it, cause i think it might not get back into his Windows environment.

Any tips anyone?


Logfile of HijackThis v1.98.2
Scan saved at 11:11:20, on 24-5-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\PROGRA~1\Adaptec\STORAG~1\service.exe
C:\PROGRA~1\Adaptec\STORAG~1\ASMProServer.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\CA\eTrust\InoculateIT\InoNmSrv.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINNT\System32\ismserv.exe
D:\SYSVOL\sysvol\BTH-CAD\scripts\kxrpc.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\system32\MGE\RunSC.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\MGE\PCtl.exe
c:\winnt\rkillsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\MGE\BIL.EXE
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\MGE\CILUSB.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\WINNT\system32\Atiptaxx.exe
D:\INSTALL\___software\___Tools\spytools\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.7.1:3128
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BTH-CAD
O17 - HKLM\System\CCS\Services\Tcpip\..\{493E8B0F-8755-4DE2-8035-ADBFA728933C}: NameServer = 192.168.7.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D7266D-D1F8-4951-A0BE-78136F492194}: NameServer = 192.168.7.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F07ED017-621B-4993-9C58-2DD9679211DC}: NameServer = 192.168.7.151,192.168.7.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BTH-CAD
O17 - HKLM\System\CS1\Services\Tcpip\..\{493E8B0F-8755-4DE2-8035-ADBFA728933C}: NameServer = 192.168.7.151
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BTH-CAD
O17 - HKLM\System\CS2\Services\Tcpip\..\{493E8B0F-8755-4DE2-8035-ADBFA728933C}: NameServer = 192.168.7.151
  • 0

Advertisements


#2
Guest_matthuffy_*

Guest_matthuffy_*
  • Guest
Why do you want to mess with your explorer.exe anyhow? tring to do some silly tweeking like changing your Start button?? is it worth it if you do not know what you are doing???????

anyhow! if you are going to mess with this, make a backup of explorer.exe and rename it e.g. explorer1.exe. So if you mess up you can still get back to your windows screen by using task manager RUN and Regedit and then you can revert to your saved explorer1.exe.

you may also need to ajust your protection to change your explorer.exe
this can be done in your FILELIST.XML found here: PUT THIS IN "RUN"
%systemroot%\system32\Restore
you must have SHOW HIDDEN FILES on in your tools menu and also select show "Hide protected operating system files"

there is much much more to this, but if you are concerned at this part, i would suggest you just leave it alone and use your computer for normal things :tazz: However, if you want all the info ask me ;)
  • 0

#3
NeCrite

NeCrite

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Matthuffy I don't think u understand me at all.

I do not mess with explorer itself. I just want to use it to navigate thru my drives and directories.
Delete sum files on a drive, but not the explorer. DOH

Guess u read it again a lil better...

- It is an error i get when using explorer in the system32 dir.
- If i doubleclick on my computer it doesn't open it
- If i use the icon of explorer it doesn't open it
- If i use the icon of my documents it doesn't open it
- When i try to delete a file in the system32 which by example is called 'R' i get an access denied error can't read from location

So u see im not tryin to mess with it, but i have to last with this till next weekend(new server) and i dunno if he is gonna make it, it still makes backup fortunately

So help with be great

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP