Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Explorer.exe error at startup, no icons, desktop and Dr. Watson Postmortem debugger error

Posted on 2009-04-07
17
Medium Priority
?
1,968 Views
Last Modified: 2013-12-04
Have an XP Pro laptop receiving an error message at startup. Exporer.exe is crashing, and if the error report is sent, a Dr. Watson Postmortem Debugger crash also occurs. No icons, no desktop. Can access taskmanager, but nothing changes when I try to run explorer.exe. I have run Malwarebyes scan, with no infections found. Can't run superantispyware because it say's "Administrator has disabled this ability" which doesn't make sense, because I'm on as admin, and no infections were found. Any help would be appreciated.
0
Comment
Question by:lskair
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
17 Comments
 

Author Comment

by:lskair
ID: 24093630
One other thing, I can logon in safe mode under administrator account, and icons appear. But user account still receives errors, even though they have admin credentials.
0
 

Expert Comment

by:lovylove143
ID: 24093697
Download latest antivirus from www.quickheal.com for trial. install it in safe mode.. Then enable boot scan.. i think it is virus that have removed admin credentials... Please get back if done.
0
 

Author Comment

by:lskair
ID: 24093717
Was able to run SuperAntispyware in user profile. I'm able to execute programs through task manager. Maybe it just wasn't installing since I was in safe mode, but the "Admin Disabled. . " message was strange, and I would agree it looks like a virus. I'm scanning now with Superantispyware and will also download from your recommendation once it's finished. Will update when the scan completes in a bit.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:lskair
ID: 24093936
Scan with both Malwarebytes and Superantispyware came out clean. Explorer.exe still crashes when computer starts up. No icons, no taskbar. Nothing. When trying to send the error report, Dr. Watson also crashes, and shows an error report. Let me know if you need more details or the error. Comp seems to be clean of any malware. Any advice of what to try next?
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24094504
The laptop certainly shows symptoms of an infection, but often these remain hidden to a number of scanners.    Even though HijackThis can also miss them, it seems a good idea to install and run Trend HijackThis 2.02, so that we can at least decide on a more appropriate tool to use(if necessary):
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and there it can be analysed.  We may be looking for a Trojan.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24094570
You may have to rename "HijackThis" to run it, or even download it to a suitable media on another machine.

Located an earlier thread containing some more ideas.  Although i'm not suggesting a reinstall is necessary, it does highlight the depth of a possible infection >

"Windows XP No Desktop Icons, Explorer.exe will not open, program closes it":
http://www.experts-exchange.com/Hardware/Desktops/PCs/Q_22653513.html
0
 

Author Comment

by:lskair
ID: 24097504
Ran Hijack this. Log is attached. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:21 AM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\program files\linksys\wpc54gsv2\wpc54gsv2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\HijackTHis\HiJackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198510495430
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
--
End of file - 7287 bytes

Open in new window

0
 

Author Comment

by:lskair
ID: 24097572
Also, Hijackthis ran fine with no need to rename or change users. I am going to increase the point value and I am hoping someone can provide a way to solve without reinstall of OS. All other files seem ok. Have run CHKDSK /r from recovery console earlier, and nothing. Seems strange, but also seems like it's just explorer and Dr. Watson postmortem debugger which are both preventing Windows from running properly. I am able to navigate around and run programs through task manager. But still no icons, taskbar. Desktop background is still the same. It has not been effected.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097743
The HijackThis logfile certainly looks clean.

See if these links help>
Restore Desktop Icons and Taskbar (see Line 195)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Restore the Taskbar to Default Functionality (see Line 164)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Hide All or Show All Desktop Icons (see Line 172)
http://www.kellys-korner-xp.com/xp_tweaks.htm
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097845
"Hide All or Show All Desktop Icons" doesn't now appear on Line 172, but you could try "Enable/Disable Desktop Icons" on Line 72.able Desktop Icons
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097866
>on Line 72.able Desktop Icons<         .. should read ..        >on Line 72.<
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 1600 total points
ID: 24097964
You could ensure that the auto-hide option is not enabled for Taskbar and Start Menu Properties.  Details >
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q318027

More suggestions>
Boot to desktop - no icons...no taskbar...:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_24143366.html

XP Home, no task bar, no desktop icons, no start button
http://www.experts-exchange.com/Operating_Systems/Q_21201108.html

0
 

Author Comment

by:lskair
ID: 24098239
Thanks Jonvee. I am looking at some of the articles now. I am wondering if I can create a new profile and just move the files over. I know when I logged on under administrator profile in safe mode it worked. So, is there anyway to create a new profile through task manager, since that is the only access I have? If so, I can try doing that. Sounds like it worked for some people. Thanks.
0
 

Author Comment

by:lskair
ID: 24099808
Created a new profile, and was able to logon with no explorer or dr. watson errors. However, did receive Windows error, and error reporting said that there is a problem with the RAM, so I ran Windows Mem Test and no errors found. Also reseated RAM. Still receives same error for the original profiles, but seems to be running ok under new profile. I will test it out and see how it operates, and get back in a bit.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24100311
Thanks for the feedback, it sounds much better.    
Memtest is certainly good but it's not an absolute guaranteee that a RAM is satisfactory.  
Reseating RAM is a good idea, even removing all but one RAM stick & then rebooting with it in a different RAM socket.
Presume there have been no BSODs ?      
0
 

Author Comment

by:lskair
ID: 24100407
No more BSODs. It's looking good. I will keep an eye on the RAM and swap it out if I need to. I think this might have done it. I'm going to award the points to Jonvee for pointing me in the right direction and advising me of where to go next to finally solve this! Many thanks!
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24101928
Good.   i'm glad you were able to use the information successfully.   Thank you!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question