Solved

Explorer.exe error at startup, no icons, desktop and Dr. Watson Postmortem debugger error

Posted on 2009-04-07
17
1,958 Views
Last Modified: 2013-12-04
Have an XP Pro laptop receiving an error message at startup. Exporer.exe is crashing, and if the error report is sent, a Dr. Watson Postmortem Debugger crash also occurs. No icons, no desktop. Can access taskmanager, but nothing changes when I try to run explorer.exe. I have run Malwarebyes scan, with no infections found. Can't run superantispyware because it say's "Administrator has disabled this ability" which doesn't make sense, because I'm on as admin, and no infections were found. Any help would be appreciated.
0
Comment
Question by:lskair
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
17 Comments
 

Author Comment

by:lskair
ID: 24093630
One other thing, I can logon in safe mode under administrator account, and icons appear. But user account still receives errors, even though they have admin credentials.
0
 

Expert Comment

by:lovylove143
ID: 24093697
Download latest antivirus from www.quickheal.com for trial. install it in safe mode.. Then enable boot scan.. i think it is virus that have removed admin credentials... Please get back if done.
0
 

Author Comment

by:lskair
ID: 24093717
Was able to run SuperAntispyware in user profile. I'm able to execute programs through task manager. Maybe it just wasn't installing since I was in safe mode, but the "Admin Disabled. . " message was strange, and I would agree it looks like a virus. I'm scanning now with Superantispyware and will also download from your recommendation once it's finished. Will update when the scan completes in a bit.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:lskair
ID: 24093936
Scan with both Malwarebytes and Superantispyware came out clean. Explorer.exe still crashes when computer starts up. No icons, no taskbar. Nothing. When trying to send the error report, Dr. Watson also crashes, and shows an error report. Let me know if you need more details or the error. Comp seems to be clean of any malware. Any advice of what to try next?
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24094504
The laptop certainly shows symptoms of an infection, but often these remain hidden to a number of scanners.    Even though HijackThis can also miss them, it seems a good idea to install and run Trend HijackThis 2.02, so that we can at least decide on a more appropriate tool to use(if necessary):
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and there it can be analysed.  We may be looking for a Trojan.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24094570
You may have to rename "HijackThis" to run it, or even download it to a suitable media on another machine.

Located an earlier thread containing some more ideas.  Although i'm not suggesting a reinstall is necessary, it does highlight the depth of a possible infection >

"Windows XP No Desktop Icons, Explorer.exe will not open, program closes it":
http://www.experts-exchange.com/Hardware/Desktops/PCs/Q_22653513.html
0
 

Author Comment

by:lskair
ID: 24097504
Ran Hijack this. Log is attached. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:21 AM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\program files\linksys\wpc54gsv2\wpc54gsv2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\HijackTHis\HiJackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198510495430
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
--
End of file - 7287 bytes

Open in new window

0
 

Author Comment

by:lskair
ID: 24097572
Also, Hijackthis ran fine with no need to rename or change users. I am going to increase the point value and I am hoping someone can provide a way to solve without reinstall of OS. All other files seem ok. Have run CHKDSK /r from recovery console earlier, and nothing. Seems strange, but also seems like it's just explorer and Dr. Watson postmortem debugger which are both preventing Windows from running properly. I am able to navigate around and run programs through task manager. But still no icons, taskbar. Desktop background is still the same. It has not been effected.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097743
The HijackThis logfile certainly looks clean.

See if these links help>
Restore Desktop Icons and Taskbar (see Line 195)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Restore the Taskbar to Default Functionality (see Line 164)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Hide All or Show All Desktop Icons (see Line 172)
http://www.kellys-korner-xp.com/xp_tweaks.htm
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097845
"Hide All or Show All Desktop Icons" doesn't now appear on Line 172, but you could try "Enable/Disable Desktop Icons" on Line 72.able Desktop Icons
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24097866
>on Line 72.able Desktop Icons<         .. should read ..        >on Line 72.<
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 400 total points
ID: 24097964
You could ensure that the auto-hide option is not enabled for Taskbar and Start Menu Properties.  Details >
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q318027

More suggestions>
Boot to desktop - no icons...no taskbar...:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_24143366.html

XP Home, no task bar, no desktop icons, no start button
http://www.experts-exchange.com/Operating_Systems/Q_21201108.html

0
 

Author Comment

by:lskair
ID: 24098239
Thanks Jonvee. I am looking at some of the articles now. I am wondering if I can create a new profile and just move the files over. I know when I logged on under administrator profile in safe mode it worked. So, is there anyway to create a new profile through task manager, since that is the only access I have? If so, I can try doing that. Sounds like it worked for some people. Thanks.
0
 

Author Comment

by:lskair
ID: 24099808
Created a new profile, and was able to logon with no explorer or dr. watson errors. However, did receive Windows error, and error reporting said that there is a problem with the RAM, so I ran Windows Mem Test and no errors found. Also reseated RAM. Still receives same error for the original profiles, but seems to be running ok under new profile. I will test it out and see how it operates, and get back in a bit.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24100311
Thanks for the feedback, it sounds much better.    
Memtest is certainly good but it's not an absolute guaranteee that a RAM is satisfactory.  
Reseating RAM is a good idea, even removing all but one RAM stick & then rebooting with it in a different RAM socket.
Presume there have been no BSODs ?      
0
 

Author Comment

by:lskair
ID: 24100407
No more BSODs. It's looking good. I will keep an eye on the RAM and swap it out if I need to. I think this might have done it. I'm going to award the points to Jonvee for pointing me in the right direction and advising me of where to go next to finally solve this! Many thanks!
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24101928
Good.   i'm glad you were able to use the information successfully.   Thank you!
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question