Solved

Explorer.exe error at startup, no icons, desktop and Dr. Watson Postmortem debugger error

Posted on 2009-04-07
17
1,931 Views
Last Modified: 2013-12-04
Have an XP Pro laptop receiving an error message at startup. Exporer.exe is crashing, and if the error report is sent, a Dr. Watson Postmortem Debugger crash also occurs. No icons, no desktop. Can access taskmanager, but nothing changes when I try to run explorer.exe. I have run Malwarebyes scan, with no infections found. Can't run superantispyware because it say's "Administrator has disabled this ability" which doesn't make sense, because I'm on as admin, and no infections were found. Any help would be appreciated.
0
Comment
Question by:lskair
  • 8
  • 8
17 Comments
 

Author Comment

by:lskair
ID: 24093630
One other thing, I can logon in safe mode under administrator account, and icons appear. But user account still receives errors, even though they have admin credentials.
0
 

Expert Comment

by:lovylove143
ID: 24093697
Download latest antivirus from www.quickheal.com for trial. install it in safe mode.. Then enable boot scan.. i think it is virus that have removed admin credentials... Please get back if done.
0
 

Author Comment

by:lskair
ID: 24093717
Was able to run SuperAntispyware in user profile. I'm able to execute programs through task manager. Maybe it just wasn't installing since I was in safe mode, but the "Admin Disabled. . " message was strange, and I would agree it looks like a virus. I'm scanning now with Superantispyware and will also download from your recommendation once it's finished. Will update when the scan completes in a bit.
0
 

Author Comment

by:lskair
ID: 24093936
Scan with both Malwarebytes and Superantispyware came out clean. Explorer.exe still crashes when computer starts up. No icons, no taskbar. Nothing. When trying to send the error report, Dr. Watson also crashes, and shows an error report. Let me know if you need more details or the error. Comp seems to be clean of any malware. Any advice of what to try next?
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24094504
The laptop certainly shows symptoms of an infection, but often these remain hidden to a number of scanners.    Even though HijackThis can also miss them, it seems a good idea to install and run Trend HijackThis 2.02, so that we can at least decide on a more appropriate tool to use(if necessary):
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and there it can be analysed.  We may be looking for a Trojan.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24094570
You may have to rename "HijackThis" to run it, or even download it to a suitable media on another machine.

Located an earlier thread containing some more ideas.  Although i'm not suggesting a reinstall is necessary, it does highlight the depth of a possible infection >

"Windows XP No Desktop Icons, Explorer.exe will not open, program closes it":
http://www.experts-exchange.com/Hardware/Desktops/PCs/Q_22653513.html
0
 

Author Comment

by:lskair
ID: 24097504
Ran Hijack this. Log is attached. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:16:21 AM, on 4/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\CBTWlanSrv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

c:\program files\linksys\wpc54gsv2\wpc54gsv2.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\HijackTHis\HiJackThis.exe
 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198510495430

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 

--

End of file - 7287 bytes

Open in new window

0
 

Author Comment

by:lskair
ID: 24097572
Also, Hijackthis ran fine with no need to rename or change users. I am going to increase the point value and I am hoping someone can provide a way to solve without reinstall of OS. All other files seem ok. Have run CHKDSK /r from recovery console earlier, and nothing. Seems strange, but also seems like it's just explorer and Dr. Watson postmortem debugger which are both preventing Windows from running properly. I am able to navigate around and run programs through task manager. But still no icons, taskbar. Desktop background is still the same. It has not been effected.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 27

Expert Comment

by:Jonvee
ID: 24097743
The HijackThis logfile certainly looks clean.

See if these links help>
Restore Desktop Icons and Taskbar (see Line 195)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Restore the Taskbar to Default Functionality (see Line 164)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Hide All or Show All Desktop Icons (see Line 172)
http://www.kellys-korner-xp.com/xp_tweaks.htm
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097845
"Hide All or Show All Desktop Icons" doesn't now appear on Line 172, but you could try "Enable/Disable Desktop Icons" on Line 72.able Desktop Icons
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097866
>on Line 72.able Desktop Icons<         .. should read ..        >on Line 72.<
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 400 total points
ID: 24097964
You could ensure that the auto-hide option is not enabled for Taskbar and Start Menu Properties.  Details >
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q318027

More suggestions>
Boot to desktop - no icons...no taskbar...:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_24143366.html

XP Home, no task bar, no desktop icons, no start button
http://www.experts-exchange.com/Operating_Systems/Q_21201108.html

0
 

Author Comment

by:lskair
ID: 24098239
Thanks Jonvee. I am looking at some of the articles now. I am wondering if I can create a new profile and just move the files over. I know when I logged on under administrator profile in safe mode it worked. So, is there anyway to create a new profile through task manager, since that is the only access I have? If so, I can try doing that. Sounds like it worked for some people. Thanks.
0
 

Author Comment

by:lskair
ID: 24099808
Created a new profile, and was able to logon with no explorer or dr. watson errors. However, did receive Windows error, and error reporting said that there is a problem with the RAM, so I ran Windows Mem Test and no errors found. Also reseated RAM. Still receives same error for the original profiles, but seems to be running ok under new profile. I will test it out and see how it operates, and get back in a bit.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24100311
Thanks for the feedback, it sounds much better.    
Memtest is certainly good but it's not an absolute guaranteee that a RAM is satisfactory.  
Reseating RAM is a good idea, even removing all but one RAM stick & then rebooting with it in a different RAM socket.
Presume there have been no BSODs ?      
0
 

Author Comment

by:lskair
ID: 24100407
No more BSODs. It's looking good. I will keep an eye on the RAM and swap it out if I need to. I think this might have done it. I'm going to award the points to Jonvee for pointing me in the right direction and advising me of where to go next to finally solve this! Many thanks!
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24101928
Good.   i'm glad you were able to use the information successfully.   Thank you!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now