Killbox killed Explorer. Now the Explorer shell will not run.

I Used Killbox to unregister and delete a simple DLL that was left behind by Google Desktop after an uninstall. I selected the option to "End Explorer Shell While Killing" in Killbox.

Well, it worked like a charm and deleted the DLL, but upon a reboot of the system, the explorer shell will not run. It will launch, and appear for a split second before seemingly terminating itself. So, the registry entry that sets the shell is fine ( [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe" ) because it is at least trying to launch. I like that it is trying, and I applaud the poor little shell's efforts.

There is no apparent infection (virus, spyware, malware). Scans with Symantec Antivirus Corporate (9.0) as well as AdAware and Spybot find nothing harmful.

I ran the system file checker (sfc /scannow) to see if any protected files needed to be replaced by their original no avail.

I booted into safe mode with the same results: The shell launches, and terminates immediately. I have also run diagnostic startups until the cows came home. When they did get home (the cows), they didn't bring any coffee, and my problem also still existed.

I have done a full repair install of Windows XP Professional, and re-applied all updates and Service no avail. Explorer Shell will still not run. This leads me to believe that there is nothing wrong with Explorer.exe, but there is a registry entry somewhere that is set to kill explorer.exe whenever it runs.....or there are other files that the shell relies on that have been either corrupted or deleted (don't know how that would have one would think that any missing files would have been replaced upon either running the system file checker, or after the repair install).

It is funny to me that Killbox was set to "End Explorer Shell While Killing" , and magically, the shell has apparently been killed for good...makes me think that Killbox writes an entry somewhere in the registry, and that entry has not been deleted as it should have been. Or somehow, whatever Killbox did to kill the shell has gotten stuck in an endless loop of killing explorer.exe whenever it runs. Logic tells me this...although I am aware that it is somewhat unlikely to be the case.

No method of launching Explorer.exe will work. (Double click it in xplorer2; run from the command line; run from the task manager) I have also tried launching the instance of explorer.exe that resides inside the "C:\WINDOWS\ServicePackFiles\i386" folder to no avail. Further, trying to run the "Windows" Explorer file manager (explorer.scf) returns the error "There was a problem sending the command to the program". Quite obviously, iExplore.exe (Internet Explorer -> version 6) will not run as well. I don't really care about that, as I use Firefox, but thought it relevant.

I have copied explorer.exe, renamed it, and set the renamed file as the shell..also to no avail.

As you can see, there is a lot of " no avail" going on. I fear that a total format and reinstall of Windows is required. However, as a last gasp at hope, I turn the wonderful folks here for any possible advice.

Thanking you in advance for any reply. Below is a log from Hijack This!

Logfile of HijackThis v1.99.1
Scan saved at 12:18:58 PM, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Belkin Bulldog\upsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = JDC Workstation
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [FolderShare] "c:\program files\foldershare\foldershare.exe" /background
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Replicator\PTReplicator.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: FreedomAudio -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = <my domain>
O17 - HKLM\Software\..\Telephony: DomainName = <my domain>
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = <my domain>
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GetMail Service - Unknown owner - C:\WINDOWS\SYSTEM32\SRVANY.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - C:\Program Files\Belkin Bulldog\upsd.exe
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So you can reopen explorer.exe when it's closed in the Task Manager or some other program? If you can, or by some other way, try looking at your event viewer and look in your System and Application logs for anything suspicious for any item relating to explorer.exe.
John-D-ChapmanAuthor Commented:
Thanks for the quick reply!

In no way can I open explorer.exe. Any method I try has the same result (tries to open, but terminates immediately i.e., I can see the taskbar flash on the screen for a second, but then the shell terminates causing it to disappear).

I use xplorer2 as an alternative file manager, and through there, I can browse to the administrative tools (*.msc files) to launch them (those that can be viewed without requiring Explorer.exe...i.e. the Control Panel can be viewed right inside xplorer2, and the administrative *.msc files don't require explorer.exe).

My event viewer shows only one system error and no warnings on boot. The error appears to give no clue about what may be causing the problem (the error may be a result of my problem, but does not hint at a cause).

The event is: Event ID: 1 - "The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume."

Application log shows no errors or warnings at all on boot.
What?! There has to be some event viewer messages relating to your problem! Hmm, this is a weird one. Let me check into this further for you. It's a difficult (at least for me) yet very interesting problem.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!


Yeah, very likely that a reg entry is still present and that's whats causing explorer to not launch.
Killbox keeps a backup of every file that has been deleted, did you try restoring it?
And you still have google toolbar installed there right? there's still some google related entries there.

Also check If "explorer.exe" is listed under "Image File Execution Options" key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
"debugger"="location of google dll here"

You can check this registry key, or just fix the above entry in Hijackthis if you don't mind not launching "Crackloc"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=(delete google related entry here)


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If "debugger" value points to the google dll that you deleted, then you need to delete this "explorer.exe" key -->HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
John-D-ChapmanAuthor Commented:

Thanks for the reply, and apologies for the delay in responding.

Yes, the google toolbar is still installed, explaining the entry you saw in my Hijack This! log.

I have checked and verified that there is NO "explorer.exe" key located at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Restoring the deleted DLL from the Killbox backup had no effect, as well as trying the "Tools > Start Explorer Shell:" option from within Killbox.

Certainly is a head scratcher to me. I have a friction burn on my scalp from scratching so much.
John-D-ChapmanAuthor Commented:

Sorry, one more thing:

I did check the following key:
 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"

It did in fact have an entry for the deleted DLL. However, upon deleting the entry and rebooting, the problem still persists.
John-D-ChapmanAuthor Commented:
Apologies to all. I finally had a chance to delve back into this issue, and found that once I approached it with a fresh mind, a simple re-install, then uninstall of Google Desktop did the trick. So, something must have happened when it was uninstalled the first time.

It is strange that a re-install og google desktop worked, and yet restoring the deleted DLL from Killbox did not. But I digress....while i may not know why or how this occurred, the problem has been remedied.

I am giving the points to rpggamergirl, since she was on the right track, eluding to the fact that the missing DLL had something to do with it (she suggested restoring the deleted DLL). The hint to an answer was there. While restoring the DLL alone did not work, re-installing Google Desktop did.
Glad to know problem is gone.
You did well troubleshooting and fixing the problem!

Thank you for the points, so generous of you, :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.