Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP - problems with logging into desktop (Explorer.EXE Application Error)


  • This topic is locked This topic is locked
67 replies to this topic

#1 Doranwen

Doranwen

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 15 April 2013 - 01:41 AM

I have an XP desktop that suddenly froze, and upon rebooting twice (it wouldn't get to a login screen the first time for some reason), started presenting me with the network administrator-style login box instead of the standard XP Home login that I'm used to (but no Domain option like I see on my computer at work, just username/password).  My password would not work (gave me the standard message about passwords needing to be checked), but if I entered NO password, it would appear to log on, bring up my desktop background . . . and then give me this dialog:

 

Explorer.EXE - Application Error

The application failed to initialize properly (0xc0000006). Click on OK to terminate the application.

 

Clicking OK leaves me with a blank desktop.  At this point the only thing I can do is bring up Task Manager with Ctrl+Alt+Del.  I don't see anything suspicious in the running processes, but the moment I move to the File menu to try and start up a new process, the manager freezes.  (I can eventually get it to close and open a fresh one, but clearly there is no way to get explorer.exe to work--or even a terminal window.)

 

I'm unable to run any program inside that machine, but since it's sitting right next to this one, I can read and type in the list of running processes along with the username associated with them and the memory usage (CPU is negligible--all processes are 0% except for System Idle Process at 99%):

 

svchost.exe   LOCAL SERVICE   3,012K

svchost.exe   NETWORK SERVICE   2,984K

SbieSvc.exe   SYSTEM   2,536K

taskmgr.exe   my username   4,368K

svchost.exe   NETWORK SERVICE   3,892K

c2c_service.exe   SYSTEM   5,528K

svchost.exe   SYSTEM   4,472K

ati2evxx.exe  SYSTEM   3,160K

lsass.exe   SYSTEM   1,076K

services.exe   SYSTEM   3,840K

winlogon.exe   SYSTEM   1,272K

NitroPDFReaderDriverService.exe   SYSTEM   2,236K

csrss.exe   SYSTEM   3,412K

jqs.exe   SYSTEM   1,448K

mDNSResponder.exe   SYSTEM   2,874K

AppleMobileDeviceService.exe   SYSTEM   3,272K

svchost.exe   LOCAL SERVICE   3,424K

AvastSvc.exe   SYSTEM   1,376K

smss.exe   SYSTEM   432K

winvnc4.exe   SYSTEM   3,412K

svchost.exe   SYSTEM   3,420K

ati2evxx.exe   SYSTEM   4,880K

System   SYSTEM   256K

System Idle Process   SYSTEM   28K

 

I should note that of the above, I do have NitroPDF installed but never use it, I do have an iPod Nano hence the Apple device service, and I do have VNC running at startup (though I usually end up closing it right afterwards--never got around to removing it from the startup processes).

 

Since I was unable to get this to a usable state, I attempted scanning with two outside tools:

 

First, I already had a Linux Mint 13 Mate 32-bit live DVD, and am somewhat familiar with Mint, so I booted into it and "installed" the Linux equivalent of ClamWin to memory and did a scan.  Although it found a few of my archives (I have some zip files of old DOS games that trigger antivirus alarms, but I have never opened them so they do not worry me), there were no major suspicious results.  I was unable to save the results of the scan as I accidentally tried opening a large pdf file that froze the OS and I had to reboot.

 

I also tried running the AVG Rescue CD v120.12083.  It did a full scan, found one file--in a Downloads folder--that was suspicious and healed it.  However, this file was not one I had run for years, if that, so I'm quite positive that that had nothing to do with the current issues.

 

I'm still very suspicious that this is a virus, or else the operating system has gotten seriously corrupted.  I can find lots of hits on google for this error but they all seem to presume that one can actually log in, if not to normal mode, to safe mode.  However, I get the SAME results in safe mode.  So whatever this is, it's quite serious.

 

When this first occurred, I was on the verge of getting a new computer anyway, so I just accelerated the process and am now running Mint 13 Mate 64-bit on a new desktop I built but would like to recover the old XP box for some games that I can't run in either Wine or a VM.  If I have to, I'm willing to re-install (provided that I have a way to retrieve the product key, since I don't think I have it written down anywhere).  But it would really be nice if I could figure out what virus (or whatever else it could be) is doing this and clean it up without a complete reinstall.


Edited by Doranwen, 15 April 2013 - 01:43 AM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 18 April 2013 - 07:04 PM

You may as well post a DDS log on that machine. This will get a deeper look so all junk can be removed.

 

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Doranwen

Doranwen
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 18 April 2013 - 10:22 PM

Erm, I can't run ANYTHING on that machine.  Running an Internet browser is impossible.  I can run programs on a live CD but not from the XP OS.  So I can't download or run any program you ask unless it's something that will run on Linux (I do have several Linux live DVDs and can easily burn and run any rescue CD necessary, but it looks like the tool you wanted me to run would need to be running on Windows itself and I can't make that happen at all).

 

Looking at running processes is the only thing I can do on there, and that only through Task Manager because Ctrl+Alt+Del does bring it up.  If I'd had the foresight to set Process Explorer to run on startup that might've helped but still probably not since Explorer crashes before I ever see a taskbar or system tray or any of that and I suspect I'd be unable to make that window visible.  Since the task manager freezes on just trying to start up any process (and stays frozen for a little bit then closes itself), I can't start anything else up.  Recovery is thus limited to tools that can be run outside the OS itself, sadly.


Edited by Doranwen, 19 April 2013 - 02:25 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 19 April 2013 - 12:41 PM

I have asked another to look here tha specializes in the Non Booter.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,391 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 19 April 2013 - 01:54 PM

Hello, 

Have you tried manually replacing the explorer.exe file using the live CD? If not or if you're not sure how to do this, please let me know (be sure to include also what live CD you are using).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Doranwen

Doranwen
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 19 April 2013 - 06:01 PM

That I had not done yet.  I find it generally easy to work with the Linux Mint 13 Mate disc that I have (I have a 32-bit version I'm using to boot that computer, though it should theoretically handle the 64-bit just fine), so I booted my parents' computer off it (they have XP Home SP3 32-bit as well so should be identical to my XP Home SP3 32-bit) and copied the explorer.exe from it onto a USB stick.  Then I moved the live DVD to the ailing comp and backed up the explorer.exe that was on there to the USB stick--just in case I need it again--and copied my parents' copy onto the problem computer.

Unfortunately, I get the same results:

- the login window is the NT/network style box with a blue background, rather than the welcoming login screen

- it thinks for a really really long time when logging in, showing just the desktop background

- explorer.exe eventually crashes and gives the same error box about it failing to initialize properly

- Ctrl+Alt+Del brings up task manager, which promptly freezes if I try to start up a new task

 

Whatever the problem is, that didn't cure it. :(

 

Fyi:  I won't be able to reply to this until tomorrow evening, most likely.  Thank you for your attempts to help so far. :)



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,391 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 20 April 2013 - 01:49 AM

Have you tried Safe mode to see if that will work? 

 

You may also want to try to execute sfc /scannow from a run box (in taskmanager click File > Run). This will check your windows system files for errors.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Doranwen

Doranwen
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 21 April 2013 - 01:38 AM

Previously I had been able to get it to start in Safe mode--with the exact same issues, except that the desktop background didn't look right because of the reduced graphics capabilities.

Now, I can select Safe Mode, but it starts loading, then prompts with a "Hit Enter to continue loading sptd.sys".  If I don't hit anything, it locks up.  If I do hit it, it locks up.  So Safe mode is out.

 

Note:  Eventually the lockup cleared to display a blue screen with this text:

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

 

UNMOUNTABLE_BOOT_VOLUME"

 

It continues on with the typical text from this sort of screen.

 

Running *anything* on regular startup, even a command, is impossible.  As soon as I click File > Run, the task manager freezes.  No chance to type or click browse at all.  So I am unable to try that.


Edited by Doranwen, 21 April 2013 - 01:46 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,391 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 21 April 2013 - 02:50 AM

Do you have an XP CD or the possibility to burn a CD?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Doranwen

Doranwen
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 21 April 2013 - 03:26 AM

I do have an XP Home SP3 CD (matches the comp with the trouble).  What do you suggest I do with it?



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,391 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 21 April 2013 - 03:29 AM

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  • When prompted to choose a windows installation, type 1 and press enter.
  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.
  • A command prompt will open
Type chkdsk /r and press enter.

Let the disk check run unhindered. Note that this may take a long time and that progress may seem to "jump back" (for example from 70 % to 50 %), this is normal.

When done note down the results (pay especially attention to the Bad Sector count) and type exit and press enter to restart.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Doranwen

Doranwen
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 21 April 2013 - 11:15 PM

After all the "checking the volume" stuff (it took hours to get through all of it), it says "CHKDSK found and fixed one or more errors on the volume."  Then it goes into the amount of kilobytes total disk space, how much is available, what's in each allocation unit, etc.  No list of Bad Sectors were given whatsoever.

 

BUT--this time it actually logged in more normally!  Mind you, it has two error messages on login--one saying the Generic Host Process for Win32 Services encountered a problem and needed to close, and the other one saying that Windows has closed Windows Explorer due to Data Execution Prevention.

 

I have not touched anything since that worked, since I don't know if I need to look at those dialogs in more detail before I close them or what.  But my startup programs did start up (I had PStart as a launcher and I can now see the list of programs and potentially launch any of them from that).  The desktop icons did not display, though, which is likely due to Explorer supposedly being closed (I'm sure once I click OK on that dialog it will vanish, but I should be able to start up Process Explorer from PStart now).

 

Note that it is still NOT connected to the Internet--I unplugged it since I had had a static IP set up to take advantage of port forwards--and my current Linux system now has that particular IP.  I'll need to switch it back to dynamic before I connect or there will be duelling computers, lol.

 

Is there anything specific I should be doing now?


Edited by Doranwen, 21 April 2013 - 11:24 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,391 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 22 April 2013 - 02:44 AM

Thats good news! <img data-cke-saved-src="http://www.bleepingcomputer.com/forums/public/style_emoticons/default/smile.png" src="http://www.bleepingcomputer.com/forums/public/style_emoticons/default/smile.png" class="bbc_emoticon" title=":)" /> The first thing I would do though is make sure you have a backup of all important data, it is possible the hard disk was involved in this problem.<br /><br />Second, make sure you have all XP updates installed and see how everything is running. You can just do this by running the Windows Update option in Start &gt; All Programs and look for Priority updates.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Doranwen

Doranwen
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 22 April 2013 - 03:44 AM

I backed up all of the important data by transferring it off via Filezilla (and a spare FTP server) while a Linux Mint live DVD was booted--over a month ago.  I've now settled into using this new Linux computer for my everyday needs so it's more that I would like to restore this older system to usability for gaming and just to have an extra machine for family to watch films on, etc.

 

As for updates . . . let's just say Explorer won't STOP crashing, lol.  I left PStart open (since it's a great shortcut to a bunch of programs), and started up Process Explorer from it, as it's much more manageable than Task Manager.  Upon attempting to re-open Windows Explorer, I'm immediately presented with the Data Execution Prevention dialog saying that Windows closed Explorer to protect my computer.  Closing that dialog gives me the more usual "Windows Explorer has encountered a problem and needs to close".  For a bit there I was having trouble with the Dr. Watson program (drwtsn32.exe) popping up and crashing as well, but trying it just now I don't.  No clue what's going on.  Obviously, updates are stalled until I can get Explorer working properly.  The improvement over the previous state is that I *can* start up programs from Process Explorer just fine now, and run commands in the terminal.

 

I attempted to change the IP address via commandline (since I can't access Network Connections at all without Explorer working), but although it appears I'm following the instructions correctly (looked on Microsoft and such sites for an explanation of the commands and parameters), ipconfig keeps presenting me with the same IP I always had--and which this computer also has.  I was able to still browse the 'net somewhat, but my IRC connections started having issues.  The troubled computer popped up a message that it couldn't update Java because of connection difficulties, so I can't tell if the 'net does or doesn't work on it.  I'm going to guess that anything involving the 'net *may* not work at this point, but I really have no idea.  I *do* have an alternate browser or to that I could turn to if I need to launch one (Opera is probably the best bet--last time I used Firefox on there I had tons of tabs on it and I'm not sure how well it'd all load with the computer acting weird like it is, whereas my Opera had only one or two tabs max).


Edited by Doranwen, 22 April 2013 - 03:49 AM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,391 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:18 AM

Posted 22 April 2013 - 05:40 AM

In that case lets investigate this a bit more. I will move this topic to a more appropriate forum in the mean time.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users