After combofix explorer.exe won't load

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by baabakarissa, Sep 7, 2008.

  1. baabakarissa

    baabakarissa Private E-2

    I was following the Windows XP Cleaning Procedure on your site. When I finished with combofix and rebooted, all I get is my wallpaper - no icons, no taskbar, no right click menu, nothing except ctrl + alt + del. From Task Manager I can launch several of my apps, but cannot load explorer.exe. Here are the logs from the first three scans (never did MGtools because of my current problem).
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Based on your logs, nothing major was really removed except by SUPERAntiSpyware and they appear to be false detections and have nothing to do with Windows Explorer and also ComboFix removed C:\WINDOWS\system32\REGOBJ.DLL which may also be a false detection of a file from Microsoft.

    Does explorer load in safe mode?

    Try things in the order below.

    1. In Task Manager click File, New Task (Run...) and enter sfc /scannow and click OK. There is a space after the sfc. This may ask for your Windows CD so have it ready.
    2. Did that fix the problems with Explorer? If not, then continue on to step 3 otherwise stop.
    3. In Task Manager click File, New Task (Run...) and enter MSconfig and click OK. When System Configuration Utility comes up click Launch System Restore and restore your PC to a point in time before running the READ & RUN ME. Let me know what happens.
     
    Last edited: Sep 9, 2008
  3. baabakarissa

    baabakarissa Private E-2

    Thanks so much for helping me with this.

    Explorer does not load in safe mode and I can't launch it from task manager in safe mode either.

    I tried the sfc /scannow. It wanted the cd and at first could not find the cd drive (the system wasn't seeing it). After I rebooted, it found the drive and completed the scan, prompting me for the cd several times and continuing when I clicked on retry. Nothing changed. I logged out and back on, still nothing. I rebooted and still nothing.

    So then I launched system restore from msconfig. I had tried this before posting from command line with the same results. First click (or command) produced nothing. Second click brought up a blank window titled “System Restore”, but though the hard drive light seems to be on, and Task Manager shows System Restore is running, cpu usage for rstrui.exe is at 0% and I can't select a restore point. Nothing seems to be happening. If I click out, the same pattern repeats.

    Beginning to look like a reinstall? I'm willing, but really wanted to keep my settings, etc. if possible. My data is on separate partitions, so I don't lose anything there. It just takes so long to set everything back up again!

    Thanks again for your willingness to help.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let's see if we can get a log from MGtools. From your browser, click the below link:

    MGtools.exe

    But instead of selecting Save, select Open ( or Run) which will attempt to actually install and run MGtools. Make sure you wait for it to finish running. Do not close the command prompt window that hopefully pops up until it is finished ( as show here: Using MGtools )

    If it runs, attach the C:\MGlogs.zip file that is created.

    I also want you to try running the below commands one at a time from Task Manager:

    regsvr32 jscript.dll
    regsvr32 vbscript.dll
    regsvr32 /i mshtml.dll

    After running these commands, reboot your PC and then see if you can get System Restore to run without juts showing as a blank window. Additional info related to a blank calendar can be found in the below link:

    http://support.microsoft.com/?kbid=313853
     
  5. baabakarissa

    baabakarissa Private E-2

    Okay - I am attaching the MGlogs.zip file. My Firefox web browser wouldn't let me run it, only gave the option of saving. Since I had already (before all this happened) saved it to the root of c:, I went ahead and ran it from there. I wanted to post it here before trying the other commands.
     

    Attached Files:

    Last edited by a moderator: Sep 13, 2008
  6. baabakarissa

    baabakarissa Private E-2

    Okay, I tried the three commands. The third command, regsvr32 /i mshtml.dll, gives me the following error: mshtml.dll was loaded but the dllregisterserver entry point was not found. Rebooted and tried System Restore. Came up with blank window on first click this time (is this progress?).

    Followed the link to the MS support page about blank calendar. Checked the registry entries and the last two entries did not exist. I created them (typed in quotation marks and all, as some did not have the quotation marks). The third command I mention above still gives the same error, before and after booting. System Restore still gives me a blank window.

    Thanks for your patience with this.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not seeing any real problems in any of your logs. What problems were you having that brought you here to run the cleaning procedure? Also about when did you upgrade to Win XP SP3?

    From Task Manager select File, New Task (Run...) and enter cmd and click OK. This should open a command prompt window. If it opens enter the below commands. Note the spaces after the word copy, after the .vir

    copy C:\QooBox\Quarantine\C\WINDOWS\system32\regobj.dll.vir C:\Windows\system32\regobj.dll
    C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    After the second command did your Desktop appear?

    Now reboot your PC, does the Desktop appear?
     
  8. baabakarissa

    baabakarissa Private E-2

    Our family computer was running very sluggishly - the mouse moved jerkily and things took a long time to execute. Since several family members used it and it was possible it had been compromised, I was looking for something to clean it up. I downloaded the program "Secunia" which indicates which programs need updating. That's when I upgraded to SP3. Then I found your site and started the Read and Run Me procedure. In the process, I rebooted several times, but everything seemed okay until I rebooted after running combofix.

    Okay - I ran the two commands you gave me - actually copied and pasted them into the command prompt. They did not bring back the desktop, neither before or after the reboot.

    Thanks again for helping.
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is not looking good and we are running out of things to try. :(

    From Task Manager select File, New Task (Run...) and enter cmd and click OK. This should open a command prompt window. If it opens enter the below commands. Note the spaces after the word copy, after the explorer.exe

    copy C:\WINDOWS\explorer.exe C:\Windows\newexplorer.exe
    C:\Windows\newexplorer.exe


    Tell me exactly what happens.
     
  10. baabakarissa

    baabakarissa Private E-2

    Okay - here goes:

    After the first command (copy), I get as expected: "1 file(s) copied."

    After the second command there is nothing - it returns to the prompt and nothing has changed. Neither newexplorer.exe nor explorer.exe is shown as running in the processes in Task Manager.

    I'll wait for your response, but I don't want to waste more of your time. Just tell me we're out of options and it would be best to go ahead and reformat and reinstall and I will. All my data is backed up and on a separate partition anyhow. Thanks so much for tracking with me through all this.
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    At this point I think this would be best to avoid having you without a properly operating PC for any more time. While I would like to figure out what is preventing explorer from running, it just is not worth delaying anymore. Thus, yes go ahead with the reinstall now. And make sure you work thru the below after the reinstall:

    How to Protect yourself from malware!
     
  12. baabakarissa

    baabakarissa Private E-2

    Just wanted to thank you for taking the time to work with me. I know it's hard to stop before the problem is resolved. I've gone ahead with reformatting and installing a fresh copy of windows. I'll do my best to protect it.
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds