Improve company productivity with a Business Account.Sign Up


Killbox killed Explorer. Now the Explorer shell will not run.

Posted on 2007-03-23
Medium Priority
Last Modified: 2013-12-06
I Used Killbox to unregister and delete a simple DLL that was left behind by Google Desktop after an uninstall. I selected the option to "End Explorer Shell While Killing" in Killbox.

Well, it worked like a charm and deleted the DLL, but upon a reboot of the system, the explorer shell will not run. It will launch, and appear for a split second before seemingly terminating itself. So, the registry entry that sets the shell is fine ( [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe" ) because it is at least trying to launch. I like that it is trying, and I applaud the poor little shell's efforts.

There is no apparent infection (virus, spyware, malware). Scans with Symantec Antivirus Corporate (9.0) as well as AdAware and Spybot find nothing harmful.

I ran the system file checker (sfc /scannow) to see if any protected files needed to be replaced by their original no avail.

I booted into safe mode with the same results: The shell launches, and terminates immediately. I have also run diagnostic startups until the cows came home. When they did get home (the cows), they didn't bring any coffee, and my problem also still existed.

I have done a full repair install of Windows XP Professional, and re-applied all updates and Service no avail. Explorer Shell will still not run. This leads me to believe that there is nothing wrong with Explorer.exe, but there is a registry entry somewhere that is set to kill explorer.exe whenever it runs.....or there are other files that the shell relies on that have been either corrupted or deleted (don't know how that would have one would think that any missing files would have been replaced upon either running the system file checker, or after the repair install).

It is funny to me that Killbox was set to "End Explorer Shell While Killing" , and magically, the shell has apparently been killed for good...makes me think that Killbox writes an entry somewhere in the registry, and that entry has not been deleted as it should have been. Or somehow, whatever Killbox did to kill the shell has gotten stuck in an endless loop of killing explorer.exe whenever it runs. Logic tells me this...although I am aware that it is somewhat unlikely to be the case.

No method of launching Explorer.exe will work. (Double click it in xplorer2; run from the command line; run from the task manager) I have also tried launching the instance of explorer.exe that resides inside the "C:\WINDOWS\ServicePackFiles\i386" folder to no avail. Further, trying to run the "Windows" Explorer file manager (explorer.scf) returns the error "There was a problem sending the command to the program". Quite obviously, iExplore.exe (Internet Explorer -> version 6) will not run as well. I don't really care about that, as I use Firefox, but thought it relevant.

I have copied explorer.exe, renamed it, and set the renamed file as the shell..also to no avail.

As you can see, there is a lot of " no avail" going on. I fear that a total format and reinstall of Windows is required. However, as a last gasp at hope, I turn the wonderful folks here for any possible advice.

Thanking you in advance for any reply. Below is a log from Hijack This!

Logfile of HijackThis v1.99.1
Scan saved at 12:18:58 PM, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Belkin Bulldog\upsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = JDC Workstation
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [FolderShare] "c:\program files\foldershare\foldershare.exe" /background
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Replicator\PTReplicator.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: FreedomAudio -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = <my domain>
O17 - HKLM\Software\..\Telephony: DomainName = <my domain>
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = <my domain>
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GetMail Service - Unknown owner - C:\WINDOWS\SYSTEM32\SRVANY.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - C:\Program Files\Belkin Bulldog\upsd.exe
Question by:John-D-Chapman
  • 4
  • 3
  • 2
LVL 22

Expert Comment

ID: 18781712
So you can reopen explorer.exe when it's closed in the Task Manager or some other program? If you can, or by some other way, try looking at your event viewer and look in your System and Application logs for anything suspicious for any item relating to explorer.exe.

Author Comment

ID: 18781846
Thanks for the quick reply!

In no way can I open explorer.exe. Any method I try has the same result (tries to open, but terminates immediately i.e., I can see the taskbar flash on the screen for a second, but then the shell terminates causing it to disappear).

I use xplorer2 as an alternative file manager, and through there, I can browse to the administrative tools (*.msc files) to launch them (those that can be viewed without requiring Explorer.exe...i.e. the Control Panel can be viewed right inside xplorer2, and the administrative *.msc files don't require explorer.exe).

My event viewer shows only one system error and no warnings on boot. The error appears to give no clue about what may be causing the problem (the error may be a result of my problem, but does not hint at a cause).

The event is: Event ID: 1 - "The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume."

Application log shows no errors or warnings at all on boot.
LVL 22

Expert Comment

ID: 18781909
What?! There has to be some event viewer messages relating to your problem! Hmm, this is a weird one. Let me check into this further for you. It's a difficult (at least for me) yet very interesting problem.
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

LVL 47

Accepted Solution

rpggamergirl earned 1500 total points
ID: 18783494

Yeah, very likely that a reg entry is still present and that's whats causing explorer to not launch.
Killbox keeps a backup of every file that has been deleted, did you try restoring it?
And you still have google toolbar installed there right? there's still some google related entries there.

Also check If "explorer.exe" is listed under "Image File Execution Options" key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
"debugger"="location of google dll here"

You can check this registry key, or just fix the above entry in Hijackthis if you don't mind not launching "Crackloc"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=(delete google related entry here)

LVL 47

Expert Comment

ID: 18783510
If "debugger" value points to the google dll that you deleted, then you need to delete this "explorer.exe" key -->HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

Author Comment

ID: 18795230

Thanks for the reply, and apologies for the delay in responding.

Yes, the google toolbar is still installed, explaining the entry you saw in my Hijack This! log.

I have checked and verified that there is NO "explorer.exe" key located at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Restoring the deleted DLL from the Killbox backup had no effect, as well as trying the "Tools > Start Explorer Shell:" option from within Killbox.

Certainly is a head scratcher to me. I have a friction burn on my scalp from scratching so much.

Author Comment

ID: 18795342

Sorry, one more thing:

I did check the following key:
 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"

It did in fact have an entry for the deleted DLL. However, upon deleting the entry and rebooting, the problem still persists.

Author Comment

ID: 18851162
Apologies to all. I finally had a chance to delve back into this issue, and found that once I approached it with a fresh mind, a simple re-install, then uninstall of Google Desktop did the trick. So, something must have happened when it was uninstalled the first time.

It is strange that a re-install og google desktop worked, and yet restoring the deleted DLL from Killbox did not. But I digress....while i may not know why or how this occurred, the problem has been remedied.

I am giving the points to rpggamergirl, since she was on the right track, eluding to the fact that the missing DLL had something to do with it (she suggested restoring the deleted DLL). The hint to an answer was there. While restoring the DLL alone did not work, re-installing Google Desktop did.
LVL 47

Expert Comment

ID: 18863014
Glad to know problem is gone.
You did well troubleshooting and fixing the problem!

Thank you for the points, so generous of you, :)

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In a question here at Experts Exchange, a member was looking for "a little app that would allow sound to be turned OFF and ON by simply clicking on an icon in the system tray". This article shows how to achieve that, as well as providing the same OF…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question