Link to home
Start Free TrialLog in
Avatar of Jack Dee
Jack Dee

asked on

Can't open Control Panel. Explorer.exe Application Error

Strange things are going on on my computer.  I use Mozilla Firefox web browser version 1.0.2.  I first noticed this error when trying to download ANY kind of attachement via Hotmail.

firefox.exe - No Disk
There is no disk in the drive.  Please insert a disk into drive \Device\Harddisk2\DR15

I thought I'd uninstall and reinstall Mozilla Firefox, but have a second problem to solve before I do that.

I am getting the following error when I try to open the Control Panel on a Windows XP Professional PC.

Explorer.exe Application Error
The instruction at "0x02e89e56" referenced memory at "0x00000000". The memory could not be "written".
Click OK to terminate the program.
Click CANCEL to debug the program.

I have tried the patch in KB Article Q329692.  I have followed instructions KB Article 883791.  No luck.  Still have same symptoms.  I scanned the computer for viruses and Spyware using Microsoft Anti Spyware, Spybot Search and Destroy, and Ad Aware.  I was able to successfully remove all spyware.

What else can I do?  Please help!
Avatar of mattisflones
mattisflones
Flag of United States of America image

If youre up for it i suggest you try a "SFC/Scannow".. That might correct the problem since it did for me last time i saw something similar.
If you dont know the SFC command, feel free to ask for more info.
Check your RAM with Memtest:
Memtest CD Image: http://www.memtest.org/download/1.51/memtest86+-1.51.iso.zip
Memtest Floppy Disk Creator: hhttp://www.memtest.org/download/1.40/memtest86+-1.40.floppy.zip

Check your HardDrive with Drive Fitness Test (DFT):
DFT CD Image: http://www.hitachigst.com/downloads/dft32_v402_b00.iso
DFT Floppy Disck Creator: http://www.hitachigst.com/downloads/dft32_v402_b00.exe

NOTE: Run an advanced test in DFT - a Red background is BAD
You can lookup the error code in the manual: http://www.hitachigst.com/downloads/dft32_user_guide.pdf

If both of those pass fine, then do the following:
- download, run hijackthis and post your logfile up here for us to see: http://www.merijn.org/files/hijackthis.zip
ASKER CERTIFIED SOLUTION
Avatar of Member_2_49692
Member_2_49692

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Member_2_49692
Member_2_49692

sorry if some of my info. repeated everyone elses it took awhile to type all this.... :)
Avatar of Jack Dee

ASKER

Wow!  Thanks for the detailed write ups!  The Pandora software found some stuff, two things that were marked Possible Virus and 4 things marked Adware.  I was able to manually delete them all.  The Spysweeper found a few things that it got rid of automatically.  Other than that, all the other programs you mentioned had negative results.

Here are the results of the HiJackThis scan.

Logfile of HijackThis v1.99.1
Scan saved at 10:02:35 PM, on 4/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DNTUS26.EXE
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\PC Guardian\EP Hard Disk\User\DISrv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\PC Guardian\EP Hard Disk\User\PCGProt.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Symantec\LiveState Recovery\Desktop 3.0\Agent\VProSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\XZ86EA.EXE
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PC Guardian\EP Hard Disk\User\LaunchEPHD.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Symantec\LiveState Recovery\Desktop 3.0\Agent\VProTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
C:\WINMPM\pvsw\Bin\W3DBSMGR.EXE
C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\"user"\My Documents\Download\HiJackThis\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iws_cleanup.exe] C:\WINDOWS\System32\iws_cleanup.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPHD User] "C:\Program Files\PC Guardian\EP Hard Disk\User\LaunchEPHD.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [LiveState Recovery 3.0] C:\Program Files\Symantec\LiveState Recovery\Desktop 3.0\Agent\VProTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\WINMPM\pvsw\Bin\W3DBSMGR.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whlnsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://dsrprotect/officescan/console/html/AtxEnc.cab
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://dsrprotect/officescan/console/html/AtxConsole.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://caah01-file01/tsweb/msrdp.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://wvcc.gd-ais.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://dsrentah/tsweb/msrdp.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://dsrprotect/officescan/console/html/AtxPie.cab
O16 - DPF: {BA00165E-C903-11D3-BD27-0050048A82BF} (eShare Technologies NetAgent Customer ActiveX Control) - http://ec112.ecicorp.com/netagent/objects/CustAppX.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://"company".webex.com/client/latest/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.gd-ais.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.gd-ais.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = "maindomain".com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = "olddomain".com
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: SymcEventMonitors - C:\WINDOWS\SYSTEM32\EventMonitors.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINDOWS\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EphdXlatService - Unknown owner - C:\Program Files\PC Guardian\EP Hard Disk\User\DISrv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PCG Protect - PC Guardian - C:\Program Files\PC Guardian\EP Hard Disk\User\PCGProt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec LiveState Recovery - Symantec Corporation - C:\Program Files\Symantec\LiveState Recovery\Desktop 3.0\Agent\VProSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Aelita DMW Migration Agent (Vmover.exe) - Aelita Software Corporation - C:\WINDOWS\System32\Vmover.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I forgot to mention, I ran "SFC/Scannow" and it did not find or fix anything.
is it the same in Safe mode ?
When I try to run "SFC/Scannow" from safe mode, I get the following error:

Windows File Protection could not initiate a scan of protected system files.
The specific error code is 0x000006ba [The RPC server is unavailable.]
In addition, I get the same "Explorer.exe Application Error" when I try to access the Control Panel from safe mode.
Did you play around with MSconfig a little too much maybe?

You can start the RPC by commandline with the command: "Net Start RPCss", then you should be able to run the SFC...
No playing with MSconfig here.  "Net Start RPCss" results in "The requested service has already been started.  More help is available by typing NET HELPMSG 2182."

Tried to run "SFC /Scannow" again, and still got the "Windows File Protection" error above.
Strange!
If this was my case.. i would run a inplace upgrade.. Seems like there is serious stuff going on with your OS. Specially when the SFC can not cooperate with a started RPC!

I ran your hijackthis file through the analyzer: http://hijackthis.de/index.php?langselect=english ...you have some bugs that might be a problem, but i really dont have the time to check them out..
Okay I have looked over your hijack this logfile a lot of odd things still going on

ALSO ARE YOU RUNNING A WEB SERVER ? YOU HAVE IIS UTILITIES AND CISCO SOFTWARE INSTALLED ?????


this file DNTUS26.EXE located in your hijack this file above can be one of several things...
see the url below for more information... If you did not install a remote administration tool named Dameware then get this off the system immediately. This can also be part of the

http://www.bleepingcomputer.com/startups/DNTUS26.EXE-7988.html

here is the explicit removal instructions

DNTUS26.EXE
DNTUS26.exe program is part of DameWare Mini Remote Control.  A lightweight remote control intended primarily for administrators and help desks for quick and easy deployment without external dependencies and machine reboot.

How to remove the Mini Remote and/or NT Utilities Client Agent Service:
Please note that if the DWRCS.exe and/or DNTUS26.exe files are not located in the system32 folder, then please search for them and perform the following steps from that folder instead of the system32 folder.

Go to a command prompt.
Type cd %systemroot%\system32 and press Enter.
Type DWRCS.exe -remove and press Enter.
Type DNTUS26.exe -remove and press Enter.
After the service removal you can delete the following files, however this may require a re-boot before you can delete them.
DNTUS26.EXE
DWRCS.EXE
DWRCS.INI
DWRCK.DLL
DWRCSET.DLL (v 3.6x and later)
DWRCSHELL.DLL (v 3.6x and later)
If you cannot delete the DWRCShell.dll, then more than likely the Windows Explorer Shell must have already loaded it.  Reboot the machine and do not right-click on anything.  Click on the Start button and then select run.  Type CMD and press ENTER. Once you have the DOS prompt, type: CD %systemroot%\system32 and press Enter.   Now delete the DWRCShell.dll file.



MORE INFORMATION: DNTU26.EXE also suspected infection of W32/Deloder.worm.

DWRCS.EXE: Part of the above file

C:\WINDOWS\TEMP\XZ86EA.EXE  <----- DEFINATELY DELETE THIS IT IS A TROJAN OF SOME SORTS PRIOR TO DELETING IT GO TO THE DIRECTORY FIND IT RIGHT CLICK ON IT AND GET THE DATE IT WAS CREATED POST THAT DATE HERE. DO NOT DOUBLE CLICK ON IT!!!!!

this is odd

O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whlnsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\whllsp.dll

O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://wvcc.gd-ais.com/InternalSite/WhlCompMgr.cab

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



I am assuming you are doing some sort of programming with all the experimental tools and protocols ???

Name: Remote Packet Capture Protocol v.0 (experimental)
Filename: rpcapd.exe
Description: Service name is rpcapd. "WinPcap is an open source library for packet capture and network analysis for the Win32 platforms. It includes a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a high-level and system-independent library (wpcap.dll, based on libpcap version 0.6.2)." File is found at this location: %ProgramFiles%\WinPcap\rpcapd.exe

I see Trend Micro PC Cillin Zone Alarm and Symantec   what exact version of these softwares do you have ???

PC Cillin I know is AV and a firewall

Symantec - are you running System works Symantec AV , Firewall ????

Zone Alarm - Pro, Free or the anti virus security firewall suite ?

Whatever that whale client file is it may have damaged your winsock .... follow the instructions here to check your winsock http://windowsxp.mvps.org/winsock.htm

if that is no help google  "winsock fix xp" their are several free utilities but make sure you make a system restore point before doing this....

Also have you followed everything step by step as I stated above ??? such as turning off system restore in my first post along with running CoolWebShredder and also running the I.E. Repair TOOL VX2 finder etc... ???

as far as the error in safe mode this could be for several reasons....

1. When in safe mode is the rpc service running ?

2. If so then their is corruption try the following

http://support.microsoft.com/?kbid=296241  this says windows 2000 but may also work for xp... check to see if you have the certificate installed by using the instructions but do not export. If the certificate is missing go to another XP machine and export the certificate.

see this
these are the trusted root certificates for windows to run properly

http://support.microsoft.com/kb/293781/


What errors are you getting now and what have you tried please let me know if their are any steps you skipped at any point please tell me because they could make a world of difference....

Your final option if all else fails:
 Do a non destructive reinstall of the O.S. put in the CD and select repair install providing it is not an OEM boot and nuke type cd.
Providing you have at least SP1 loaded you should not loose anything. Some programs may not work anymore but that is very unlikely and only if they are not mainstream programs that adhere to general windows application programming guidelines.
All else failed!!  

I ran the Windows Repair option from the bootable Windows XP Professional CD.  After it was done, it kicked my PC into an endless reboot cycle.  I have a Winternals ERD Commander boot disk that I used to get the data to a removable hard disk.  Then, I reimaged the drive.  Now I am restoring files and programs.

Even though my problem was not resolved I have decided to reward points to briancassin for a wonderful writeup.  I learned about some utilities that I was not aware of before.  
mb2010,

thank you, sorry to hear that you ended up reimaging the drive.:(