Explorer.exe error at startup, no icons, desktop and Dr. Watson Postmortem debugger error

Have an XP Pro laptop receiving an error message at startup. Exporer.exe is crashing, and if the error report is sent, a Dr. Watson Postmortem Debugger crash also occurs. No icons, no desktop. Can access taskmanager, but nothing changes when I try to run explorer.exe. I have run Malwarebyes scan, with no infections found. Can't run superantispyware because it say's "Administrator has disabled this ability" which doesn't make sense, because I'm on as admin, and no infections were found. Any help would be appreciated.
Who is Participating?
JonveeConnect With a Mentor Commented:
You could ensure that the auto-hide option is not enabled for Taskbar and Start Menu Properties.  Details >

More suggestions>
Boot to desktop - no icons...no taskbar...:

XP Home, no task bar, no desktop icons, no start button

lskairAuthor Commented:
One other thing, I can logon in safe mode under administrator account, and icons appear. But user account still receives errors, even though they have admin credentials.
Download latest antivirus from www.quickheal.com for trial. install it in safe mode.. Then enable boot scan.. i think it is virus that have removed admin credentials... Please get back if done.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

lskairAuthor Commented:
Was able to run SuperAntispyware in user profile. I'm able to execute programs through task manager. Maybe it just wasn't installing since I was in safe mode, but the "Admin Disabled. . " message was strange, and I would agree it looks like a virus. I'm scanning now with Superantispyware and will also download from your recommendation once it's finished. Will update when the scan completes in a bit.
lskairAuthor Commented:
Scan with both Malwarebytes and Superantispyware came out clean. Explorer.exe still crashes when computer starts up. No icons, no taskbar. Nothing. When trying to send the error report, Dr. Watson also crashes, and shows an error report. Let me know if you need more details or the error. Comp seems to be clean of any malware. Any advice of what to try next?
The laptop certainly shows symptoms of an infection, but often these remain hidden to a number of scanners.    Even though HijackThis can also miss them, it seems a good idea to install and run Trend HijackThis 2.02, so that we can at least decide on a more appropriate tool to use(if necessary):

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and there it can be analysed.  We may be looking for a Trojan.
You may have to rename "HijackThis" to run it, or even download it to a suitable media on another machine.

Located an earlier thread containing some more ideas.  Although i'm not suggesting a reinstall is necessary, it does highlight the depth of a possible infection >

"Windows XP No Desktop Icons, Explorer.exe will not open, program closes it":
lskairAuthor Commented:
Ran Hijack this. Log is attached. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:21 AM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\program files\linksys\wpc54gsv2\wpc54gsv2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198510495430
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
End of file - 7287 bytes

Open in new window

lskairAuthor Commented:
Also, Hijackthis ran fine with no need to rename or change users. I am going to increase the point value and I am hoping someone can provide a way to solve without reinstall of OS. All other files seem ok. Have run CHKDSK /r from recovery console earlier, and nothing. Seems strange, but also seems like it's just explorer and Dr. Watson postmortem debugger which are both preventing Windows from running properly. I am able to navigate around and run programs through task manager. But still no icons, taskbar. Desktop background is still the same. It has not been effected.
The HijackThis logfile certainly looks clean.

See if these links help>
Restore Desktop Icons and Taskbar (see Line 195)

Restore the Taskbar to Default Functionality (see Line 164)

Hide All or Show All Desktop Icons (see Line 172)
"Hide All or Show All Desktop Icons" doesn't now appear on Line 172, but you could try "Enable/Disable Desktop Icons" on Line 72.able Desktop Icons
>on Line 72.able Desktop Icons<         .. should read ..        >on Line 72.<
lskairAuthor Commented:
Thanks Jonvee. I am looking at some of the articles now. I am wondering if I can create a new profile and just move the files over. I know when I logged on under administrator profile in safe mode it worked. So, is there anyway to create a new profile through task manager, since that is the only access I have? If so, I can try doing that. Sounds like it worked for some people. Thanks.
lskairAuthor Commented:
Created a new profile, and was able to logon with no explorer or dr. watson errors. However, did receive Windows error, and error reporting said that there is a problem with the RAM, so I ran Windows Mem Test and no errors found. Also reseated RAM. Still receives same error for the original profiles, but seems to be running ok under new profile. I will test it out and see how it operates, and get back in a bit.
Thanks for the feedback, it sounds much better.    
Memtest is certainly good but it's not an absolute guaranteee that a RAM is satisfactory.  
Reseating RAM is a good idea, even removing all but one RAM stick & then rebooting with it in a different RAM socket.
Presume there have been no BSODs ?      
lskairAuthor Commented:
No more BSODs. It's looking good. I will keep an eye on the RAM and swap it out if I need to. I think this might have done it. I'm going to award the points to Jonvee for pointing me in the right direction and advising me of where to go next to finally solve this! Many thanks!
Good.   i'm glad you were able to use the information successfully.   Thank you!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.