No desktop, no task bar, no start button

I rebuilt this for a client about 2 months  ago...

Dell XPS400, Winowx XP Media...

On boot up y ou see...
1. Windows splash screen...15 seconds
2. Black screen for about 10 seconds...
3. Welcome screen with blue background and dark blue top and bottom borders...30 seconds or so...
4. Dark blue desktop, with mouse cursor...not the BSOD blue...
5. Mouse moves around...occasionally the timer glass shows...

No task bar, no start button...nothing...

I can get into Task Manager...explorer.exe running at 50%...I end it, no change...

I booted with UBCD, cannot fix anything with it...

Pulled HD out, slaved to another good box, ran MBAM, Super Anti Spyware, Vipre scans...found 1 download trojan, a few cookies...

Tried boot into Save Mode...I get only one choice, "Profile 1"...no other options...

I'm stumped...and I really don;t want to rebuild this bugger again...

Steve
LVL 2
Steve MutchlerIT TechAsked:
Who is Participating?
 
johnb6767Connect With a Mentor Commented:
You know what, I think I was posting this in the wrong thread.....

Past my bedtime.... Sheeesh......

Anyway......

Scratch all that I mentioned.....

Not a userinit problem, but possibly an explorer.exe problem.

From the Task Manager>File>New>Regedit.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Look for the followingvalue....

Shell=Explorer.exe

If it shows anything after explorer.exe, kill all but that, and hit F5. Do the values re appear? If not, reboot/logoff, and see if your shell returns....

Also, From the Task Manager>File>New>explorer.exe

Does the Desktop/Taskbar all display properly? If not, might have an Image Hijack.

Back to the registry under the following key.....

HKEY_LOCAL_MACHINE\XP\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Look for a subkey named Explorer.exe. If it exists, kill it......

Last but not least, try replacing your c:\windows\explorer.exe, with a known good copy, either extracted from the CD/i386 directory, or c:\windows\system32\dllcache. The good file should be around 1008KB if I am not mistaken, and should be signed by Microsoft. .....
0
 
pablovrCommented:
Would you consider a repair install?

How to Perform a Windows XP Repair Install:
http://www.michaelstevenstech.com/XPrepairinstall.htm
0
 
orangutangCommented:
Can you send us your AutoRuns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) log from safe mode?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
johnb6767Commented:
Profile 1 shouldnt matter....

The userinit value is corrupted in the registry, or Userinit.exe is not the proper one/corrupted. Should be roughly 24kb in size, and signed by MS.......

How to edit the registry offline using BartPE boot CD ?
http://windowsxp.mvps.org/peboot.htm

Just follow the directions in the article, about loading the SYSTEM hive, and navigate to the following key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Look for the followingvalue....

Userinit=C:\Windows\system32\userinit.exe, <~~~~ Should look EXACTLY like this, including the comma...

Since you are familiiar with slaving the hdd, follow the instructions above to load the Software hive in the registry, from this install, and make sure it looks good....
0
 
johnb6767Connect With a Mentor Commented:
Also, see if you can get a command prompt in Safe Mode.......

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v userinit /t reg_sz /d c:\windows\system32\userinit.exe, /f

By far the easiest way to correct that value.....
0
 
johnb6767Commented:
See if you can extract a good copy from the CD.....

Rename the existing one, to have a backup of it....

rename c:\windows\system32\userinit.exe to c:\windows\system32\userinit.old

Then.....

Extract a copy from the CD, or I386 directory.
If the CDRom is D....

expand d:\i386\userinit.ex__ c:\windows\system32\userinit.exe
0
 
Steve MutchlerIT TechAuthor Commented:
Thnax for the ideas...

I have the Dell recovery CD and I cannot do a repair install from that...and I don;t have a retail XP Media CD...

I'll work on the reg edits tomorrow...let you know then...
0
 
orangutangCommented:
Oops, see if you can send your AutoRuns log in normal mode.
0
 
orangutangCommented:
Hey! I was getting there! I just wanted to do it the slow way! :(
:)
0
 
athar_anisConnect With a Mentor Commented:
hey... avoid all the hessle and download combofix . just google it and download it from the website something like, www.combofixdownload.com or something... (i dun remember)
Give it a go!!
0
 
ydramuCommented:
try to boot your system in safe mode and remove the video drivers and boot to normal mode and check. If it doesn't work

I think better you take your backup connecting the hard disk to another system and format the HDD. If not you may loose your data also.

Because your system is effected with boot up virus....


Gud luck
0
 
ermondiCommented:
download antimalware malwarebytes from here
put it on your usb drive.
put the usb drive on your computer than go to task manager news task.click browse, find your usb drive and from ther install antimalware malwarebytes.
after that try to scan your computer with antimalware malwarebytes

if this cannot help i agree with athar_anis download combofix from here
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

and do the same thing like above with task manager

0
 
jcimarronConnect With a Mentor Commented:
stevem5000--I assume that dark blue desktop is not the normal Dell desktop, which is dark/medium blue, but says "Dell"
Perhaps these ideas will help
http://www.kellys-korner-xp.com/taskbarplus!.htm
http://www.daniweb.com/forums/thread31351.html
0
 
Steve MutchlerIT TechAuthor Commented:
Well, this is interesting...

Could not get into Safe Mode...previously when I hit F8 to boot into Safe Mode, I would get only "Profile 1" and no other choices...
I tried to boot from Cd into Recover mode, hit F12 and got an option for Safe Mode...???...booted ok into Safe Mode...

Ran Combofix in Safe Mode...did it;s thing, got a log, went thru it, nothing seemed out of place...but not sure...

THIS TIME, I tried to boot into Safe Mode with F8 key, and it worked and gave me the full choices...Tried Last Known Good...no joy...

johnb6767...working on your suggestions...
1.  Tast Manager>File>New> explorer.exe...does not open up, shows 50% CPU utilization, but does nothing...
2. HKLM\XP\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\  the subkey explorer.exe does NOT exist...
3. Can't find Explorer.exe in System32...expanded it from the CD\i386...rebooted and still NO JOY...

Ok...I have data backed up, I don't think I can do a repair install from the Dell Restore DVD, gonna try, otherwise, I rebuild...

Probaby can rebuild it in less time it will take me to chase down a bunch of things trying to fix it...

BUT, I'm still open for ideas...

Thanx everyone...
0
 
Steve MutchlerIT TechAuthor Commented:
Looks like I CAN do a repair install from the Dell Restoratin DVD...doing it now...

Problem...after the DVD loads up and copies files to the HD...during the
"installing windows" step...I get 2 errors...

Procedure Entry Point GetRequestedRuntineVersion could not be located in the dynamic link library mscoree.dll

And .NET framework initialization error...

BUT the installation seem to be progressing other than that...

Ok...looks like I got a good repair install...everything seems to be working ok...
Now gonna get everything updated and see if it stays stable...

Thanx everyone for your comments...I think I tried everything you'all suggested...

I'll split the points around...
0
 
johnb6767Commented:
FYI.....

"Can't find Explorer.exe in System32...expanded it from the CD\i386...rebooted and still NO JOY..."

Should not be in System32, should be in C:\Windows.....

Glad you got it repaired....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.