Explorer.exe error at startup, no icons, desktop and Dr. Watson Postmortem debugger error

Posted on 2009-04-07
Last Modified: 2013-12-04
Have an XP Pro laptop receiving an error message at startup. Exporer.exe is crashing, and if the error report is sent, a Dr. Watson Postmortem Debugger crash also occurs. No icons, no desktop. Can access taskmanager, but nothing changes when I try to run explorer.exe. I have run Malwarebyes scan, with no infections found. Can't run superantispyware because it say's "Administrator has disabled this ability" which doesn't make sense, because I'm on as admin, and no infections were found. Any help would be appreciated.
Question by:lskair
  • 8
  • 8

Author Comment

ID: 24093630
One other thing, I can logon in safe mode under administrator account, and icons appear. But user account still receives errors, even though they have admin credentials.

Expert Comment

ID: 24093697
Download latest antivirus from for trial. install it in safe mode.. Then enable boot scan.. i think it is virus that have removed admin credentials... Please get back if done.

Author Comment

ID: 24093717
Was able to run SuperAntispyware in user profile. I'm able to execute programs through task manager. Maybe it just wasn't installing since I was in safe mode, but the "Admin Disabled. . " message was strange, and I would agree it looks like a virus. I'm scanning now with Superantispyware and will also download from your recommendation once it's finished. Will update when the scan completes in a bit.

Author Comment

ID: 24093936
Scan with both Malwarebytes and Superantispyware came out clean. Explorer.exe still crashes when computer starts up. No icons, no taskbar. Nothing. When trying to send the error report, Dr. Watson also crashes, and shows an error report. Let me know if you need more details or the error. Comp seems to be clean of any malware. Any advice of what to try next?
LVL 27

Expert Comment

ID: 24094504
The laptop certainly shows symptoms of an infection, but often these remain hidden to a number of scanners.    Even though HijackThis can also miss them, it seems a good idea to install and run Trend HijackThis 2.02, so that we can at least decide on a more appropriate tool to use(if necessary):

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and there it can be analysed.  We may be looking for a Trojan.
LVL 27

Expert Comment

ID: 24094570
You may have to rename "HijackThis" to run it, or even download it to a suitable media on another machine.

Located an earlier thread containing some more ideas.  Although i'm not suggesting a reinstall is necessary, it does highlight the depth of a possible infection >

"Windows XP No Desktop Icons, Explorer.exe will not open, program closes it":

Author Comment

ID: 24097504
Ran Hijack this. Log is attached. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:16:21 AM, on 4/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:









C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe




C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe


C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe


C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe


c:\program files\linksys\wpc54gsv2\wpc54gsv2.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE






R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


End of file - 7287 bytes

Open in new window


Author Comment

ID: 24097572
Also, Hijackthis ran fine with no need to rename or change users. I am going to increase the point value and I am hoping someone can provide a way to solve without reinstall of OS. All other files seem ok. Have run CHKDSK /r from recovery console earlier, and nothing. Seems strange, but also seems like it's just explorer and Dr. Watson postmortem debugger which are both preventing Windows from running properly. I am able to navigate around and run programs through task manager. But still no icons, taskbar. Desktop background is still the same. It has not been effected.
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

LVL 27

Expert Comment

ID: 24097743
The HijackThis logfile certainly looks clean.

See if these links help>
Restore Desktop Icons and Taskbar (see Line 195)

Restore the Taskbar to Default Functionality (see Line 164)

Hide All or Show All Desktop Icons (see Line 172)
LVL 27

Expert Comment

ID: 24097845
"Hide All or Show All Desktop Icons" doesn't now appear on Line 172, but you could try "Enable/Disable Desktop Icons" on Line Desktop Icons
LVL 27

Expert Comment

ID: 24097866
>on Line Desktop Icons<         .. should read ..        >on Line 72.<
LVL 27

Accepted Solution

Jonvee earned 400 total points
ID: 24097964
You could ensure that the auto-hide option is not enabled for Taskbar and Start Menu Properties.  Details >;EN-US;Q318027

More suggestions>
Boot to desktop - no taskbar...:

XP Home, no task bar, no desktop icons, no start button


Author Comment

ID: 24098239
Thanks Jonvee. I am looking at some of the articles now. I am wondering if I can create a new profile and just move the files over. I know when I logged on under administrator profile in safe mode it worked. So, is there anyway to create a new profile through task manager, since that is the only access I have? If so, I can try doing that. Sounds like it worked for some people. Thanks.

Author Comment

ID: 24099808
Created a new profile, and was able to logon with no explorer or dr. watson errors. However, did receive Windows error, and error reporting said that there is a problem with the RAM, so I ran Windows Mem Test and no errors found. Also reseated RAM. Still receives same error for the original profiles, but seems to be running ok under new profile. I will test it out and see how it operates, and get back in a bit.
LVL 27

Expert Comment

ID: 24100311
Thanks for the feedback, it sounds much better.    
Memtest is certainly good but it's not an absolute guaranteee that a RAM is satisfactory.  
Reseating RAM is a good idea, even removing all but one RAM stick & then rebooting with it in a different RAM socket.
Presume there have been no BSODs ?      

Author Comment

ID: 24100407
No more BSODs. It's looking good. I will keep an eye on the RAM and swap it out if I need to. I think this might have done it. I'm going to award the points to Jonvee for pointing me in the right direction and advising me of where to go next to finally solve this! Many thanks!
LVL 27

Expert Comment

ID: 24101928
Good.   i'm glad you were able to use the information successfully.   Thank you!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now