Windows unable to run explorer.exe or IE



Dave Sell
07-09-2005, 11:49 PM
Windows is unable to execute explorere or ie. Desktop icons do not show on
reboots. This all started after trojen removal but not certain that is what
broke this PC. I can execute a few things from taskmgr like Norton AV and
currently claims machine virus free. But if I try to start explorer.exe
from taskmgr I get "Windows cannot find C:\WINDOWS\explorere.exe. Check
spelling.....". Same with IE. I have been able to update to SP2 via cmd
prompt. Currrent config: WinXP Home with SP2.

I had Trojan.StartPage with files: Tmntsrv32.EXE, SMSSU.EXE, & xmlib.dll.
Problems seem to have started after I lilled these processes then restarted.
Several techsupport sites suggested killing with taskmgr or hijack but since
both only kill one process at a time it doesn't work with this since the 3
files associatied with the trojan seem to monitor each other and restart as
soon as one is killed. I was unable to fine removal tool so wrote batch file
that renamed each with .tmp extension then copied FREECELL.EXE to each of
the 3 original names and gained control of the PC then able to run NAV. But
on next boot the icons on desktop didn't show up and seems there might be
where all this started.

One other thing is that both the original CD with XP Home and SP2 have
problems updateing several programs and hardware dirvers with error saying
that file being installed has not passed Windows certification. I read
where I could rename the 2 catroot folders in SYSTEM32 to .TMP extension
might clear that up when I try to reinstall. but want to confirm first.

I'm not ready to start from scratch yet. I have tried a repair with the
original CD. A complete reinstall creates a new user account and I dont
think I want that yet. I'd like to maintain the current structure as much as
possible. What's up with my machine?

Dave Sell
davesell01@adelphia.net

NotMe
07-09-2005, 11:49 PM
strange...explorer.exe IS windows, if it's not running, you aren't in
windows.

iexplore.exe on the other hand is internet explorer.
it sounds like you may still be infected.

--
For evil to prosper requires only that good men remain silent!
"Dave Sell" <davesell01@adelphia.net> wrote in message
news:u9dXJk9YFHA.3932@TK2MSFTNGP10.phx.gbl...
> Windows is unable to execute explorere or ie. Desktop icons do not show
> on reboots. This all started after trojen removal but not certain that is
> what broke this PC. I can execute a few things from taskmgr like Norton
> AV and currently claims machine virus free. But if I try to start
> explorer.exe from taskmgr I get "Windows cannot find
> C:\WINDOWS\explorere.exe. Check spelling.....". Same with IE. I have been
> able to update to SP2 via cmd prompt. Currrent config: WinXP Home with
> SP2.
>
> I had Trojan.StartPage with files: Tmntsrv32.EXE, SMSSU.EXE, & xmlib.dll.
> Problems seem to have started after I lilled these processes then
> restarted. Several techsupport sites suggested killing with taskmgr or
> hijack but since both only kill one process at a time it doesn't work with
> this since the 3 files associatied with the trojan seem to monitor each
> other and restart as soon as one is killed. I was unable to fine removal
> tool so wrote batch file that renamed each with .tmp extension then copied
> FREECELL.EXE to each of the 3 original names and gained control of the PC
> then able to run NAV. But on next boot the icons on desktop didn't show up
> and seems there might be where all this started.
>
> One other thing is that both the original CD with XP Home and SP2 have
> problems updateing several programs and hardware dirvers with error saying
> that file being installed has not passed Windows certification. I read
> where I could rename the 2 catroot folders in SYSTEM32 to .TMP extension
> might clear that up when I try to reinstall. but want to confirm first.
>
> I'm not ready to start from scratch yet. I have tried a repair with the
> original CD. A complete reinstall creates a new user account and I dont
> think I want that yet. I'd like to maintain the current structure as much
> as possible. What's up with my machine?
>
> Dave Sell
> davesell01@adelphia.net
>

Dave Sell
07-09-2005, 11:49 PM
Partial reply to NotMe

As I understand Windows is a conglom of many processes including
explorer.exe & iexplore.exe. What I get on a reboot is my desktop
background and the mouse pointer in the middle of the screen. I am able to
move the mouse and <CTRL+ALT+DEL> brings up taskmgr. So mouse and keyboard
portions of Win is working. A program called explorer.exe and iexplore.exe
exist. Their versions claim current Microsoft. I get the feeling that those
versions have been denied access maybe by the virus or by some other action.
I have looked at properties and both have the same properties as NOTEPAD.EXE
and FREECELL.EXE which both work. Where else would access rights to progrmas
be? What other reason would they now run? Is there a way to check if any
other files have been denied access? Or maybe something simpler is broke?

NAV is current and a check of ALL files reveals nothing now. I am able to
access the internet for updates for both Wndows and Norton. Windows update
is set to auto download and install. I can run all the .CPL files so I can
make some changes. I can rename, delete, move files with taskmgr.

I have tried SFC.EXE with original WinXP Home CD. I think I'll have to load
SP2 again - I'm not sure if versions of all system files go back to
original. ...?
Dave Sell

------------------
NotMe
strange...explorer.exe IS windows, if it's not running, you aren't in
windows.

iexplore.exe on the other hand is internet explorer.
it sounds like you may still be infected.

--
For evil to prosper requires only that good men remain silent!
--------------------

Malke
07-09-2005, 11:49 PM
Dave Sell wrote:

> Partial reply to NotMe
>
> As I understand Windows is a conglom of many processes including
> explorer.exe & iexplore.exe. What I get on a reboot is my desktop
> background and the mouse pointer in the middle of the screen. I am
> able to
> move the mouse and <CTRL+ALT+DEL> brings up taskmgr. So mouse and
> keyboard
> portions of Win is working. A program called explorer.exe and
> iexplore.exe
> exist. Their versions claim current Microsoft. I get the feeling that
> those versions have been denied access maybe by the virus or by some
> other action. I have looked at properties and both have the same
> properties as NOTEPAD.EXE and FREECELL.EXE which both work. Where else
> would access rights to progrmas
> be? What other reason would they now run? Is there a way to check if
> any other files have been denied access? Or maybe something simpler is
> broke?
>
> NAV is current and a check of ALL files reveals nothing now. I am
> able to
> access the internet for updates for both Wndows and Norton. Windows
> update
> is set to auto download and install. I can run all the .CPL files so
> I can make some changes. I can rename, delete, move files with
> taskmgr.
>
> I have tried SFC.EXE with original WinXP Home CD. I think I'll have to
> load SP2 again - I'm not sure if versions of all system files go back
> to
> original. ...?
> Dave Sell
>
> ------------------
> NotMe
> strange...explorer.exe IS windows, if it's not running, you aren't in
> windows.
>
> iexplore.exe on the other hand is internet explorer.
> it sounds like you may still be infected.
>

Actually explorer.exe is just the Graphical User Interface (gui). It is
not "Windows". However, you need to have it run for normal operation.
Here's the thing - the OP didn't know this simple piece of information
but yet wrote a "batch file" to do who-knows-what and made numerous
other changes in his efforts to remove the trojan (for which there are
removal steps if you know where to look). I'm not saying this to hurt
Mr. Sells' feelings - I'm just stating an apparent fact and being
practical regarding remedies.

At this point, the system is in an unknown state. Undocumented changes
have been made, so unwinding from these will be most difficult. I would
back up any data first, either with Knoppix or a Bart's, and then try a
Repair Install. If the Repair Install doesn't work, the easiest and
probably best solution will be a Clean Install.

http://www.michaelstevenstech.com/XPrepairinstall.htm - Repair Install
http://michaelstevenstech.com/cleanxpinstall.html - Clean Install

http://www.knoppix.net
http://www.nu2.nu/pebuilder/

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Dave Sell
07-09-2005, 11:50 PM
If it would help the steps I took were
1) run Trend Micro Housecall. I was able to run it from SafeMode with
network. It was able to remove most of the junk except for 3 files needed
for Trojan.StartPage. NortonAV would not load at all or when it did load at
one point it would be disabled by Trojan.StartPage on subsequent reboot.
Still had explorer.exe.
2) Attempt to remove the 3 file associated with Trojan.StartPage that
continue to restore themselves. At that time the trojan processes running
were 2 instances of SMSSU.EXE, 1 of Tmntsrv32.EXE, & 1 of xmlib.dll. I tried
sharing drive C:\ (including Program Files, Documents and Settings, and
Windows) with my laptop which has current ver of NAV. - didn't work
3) There is such a mixed bag of sugggestions on how to remove these files
and none I tried worked. Several websites (not newsgroups) suggested use of
taksmgr or hijack to kill processes - didn't work. Another suggested using
hijack to delete files on reboot feature - didn't work. All sites seemed to
be in agreement as to the files involved so that is where I thought the
batch file would be able to run all the way through befor the trojan files
could replace themselves. All the batch file really did was copy
freecell.exe to Tmntsrv32.EXE, SMSSU.EXE, & xmlib.dll. That worked. I got 4
instances of freecell but trojan was stopped. and NortonAV loaded and was
able to clean a bunch more. On reboot this time none of my desktop icons
showed up. I was unable to run explorer.exe after that. Norton & Windows
were able to connect to web to update.

So there a few things I did befor this went FUBAR. All the files I can run I
have to start from taskmgr. Control panel files run OK. Why can't I run
explorer.exe but notepad.exe runs just fine?

Dave Sell
---------------------

> Actually explorer.exe is just the Graphical User Interface (gui). It is
> not "Windows". However, you need to have it run for normal operation.
> Here's the thing - the OP didn't know this simple piece of information
> but yet wrote a "batch file" to do who-knows-what and made numerous
> other changes in his efforts to remove the trojan (for which there are
> removal steps if you know where to look). I'm not saying this to hurt
> Mr. Sells' feelings - I'm just stating an apparent fact and being
> practical regarding remedies.
>
> At this point, the system is in an unknown state. Undocumented changes
> have been made, so unwinding from these will be most difficult. I would
> back up any data first, either with Knoppix or a Bart's, and then try a
> Repair Install. If the Repair Install doesn't work, the easiest and
> probably best solution will be a Clean Install.
>
> http://www.michaelstevenstech.com/XPrepairinstall.htm - Repair Install
> http://michaelstevenstech.com/cleanxpinstall.html - Clean Install
>
> http://www.knoppix.net
> http://www.nu2.nu/pebuilder/
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User

Malke
07-09-2005, 11:50 PM
Dave Sell wrote:

> If it would help the steps I took were
> 1) run Trend Micro Housecall. I was able to run it from SafeMode with
> network. It was able to remove most of the junk except for 3 files
> needed for Trojan.StartPage. NortonAV would not load at all or when it
> did load at one point it would be disabled by Trojan.StartPage on
> subsequent reboot. Still had explorer.exe.
> 2) Attempt to remove the 3 file associated with Trojan.StartPage that
> continue to restore themselves. At that time the trojan processes
> running were 2 instances of SMSSU.EXE, 1 of Tmntsrv32.EXE, & 1 of
> xmlib.dll. I tried sharing drive C:\ (including Program Files,
> Documents and Settings, and Windows) with my laptop which has current
> ver of NAV. - didn't work 3) There is such a mixed bag of sugggestions
> on how to remove these files and none I tried worked. Several websites
> (not newsgroups) suggested use of taksmgr or hijack to kill processes
> - didn't work. Another suggested using hijack to delete files on
> reboot feature - didn't work. All sites seemed to be in agreement as
> to the files involved so that is where I thought the batch file would
> be able to run all the way through befor the trojan files could
> replace themselves. All the batch file really did was copy
> freecell.exe to Tmntsrv32.EXE, SMSSU.EXE, & xmlib.dll. That worked. I
> got 4 instances of freecell but trojan was stopped. and NortonAV
> loaded and was able to clean a bunch more. On reboot this time none of
> my desktop icons showed up. I was unable to run explorer.exe after
> that. Norton & Windows were able to connect to web to update.
>
> So there a few things I did befor this went FUBAR. All the files I can
> run I have to start from taskmgr. Control panel files run OK. Why
> can't I run explorer.exe but notepad.exe runs just fine?

I guess you can't run explorer.exe because it has been damaged. There
really isn't any way for me to give you a more definitive answer
without actually looking at the machine. Try:

1. Run the System File Checker. Since you can run the Task Manager, you
can make a new task of cmd and then sfc /scannow.

2. If that doesn't work, do the Repair Install.

3. If that doesn't work, clean install Windows and restore data from
backups.

Otherwise you may want to take the machine to a computer professional
(not your local equivalent of BigStoreUSA) and have them take a look.
They may see something in a hands-on situation that people reading
about the issues in a newsgroup might miss.

Good luck,

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Dave
07-09-2005, 11:55 PM
I'll try another angle..

I renamed explorer.exe to exp.exe and iexplore.exe to iexp.exe. Both work
like that but associations are not there. Is there some part of the rigistry
that would block usage of a program?


Windows unable to run explorer.exe or IE