server 2003 and explorer.exe problems. Blank Desktop

[kc0eks]

Hello All,

Upon rebooting a clients server, I logged in and was greated by a blank desktop.
I can access task manager with ctrl-altl-del and tried to start explorer.exe which doesnt do anything. Explorer is also not listed as running.

I also can not launch anything .msc. I can launch most applications and .cpl.
SQL and network access is unaffected.

Any ideas?

Thanks

 

[kc0eks]

Yes I have scanned it with everything I can possibly think of. I dont find anything unusual.

 

[seedubya]

Any chance you could log in via RDP? It will start a seperate instance of explorer. I've seen this work once or twice.

 

[kc0eks]

Any chance you could log in via RDP? It will start a seperate instance of explorer. I've seen this work once or twice.

Seemed like a reasonable try, but it also loaded a blank desktop.

I will also note I tried loggin in with a normal user, admin, and created a whole new admin user just to see if it was the profile. They all do the same thing.

 

[seedubya]

I've had a quick google and can't find anything particularly helpful. Have you tried re-booting since this happened? Perhaps it's just a one-off. Can you boot to a desktop in safe mode or will the .msc run? Sorry just grasping here.

 

[kc0eks]

I've had a quick google and can't find anything particularly helpful. Have you tried re-booting since this happened? Perhaps it's just a one-off. Can you boot to a desktop in safe mode or will the .msc run? Sorry just grasping here.

I have rebooted multiple times. I also powered down and drained the power just to really be sure it was all cleared out.

Safe mode also loads blank, and trying to manually start explorer.exe doesnt do anything. And the .msc problem is also in safe mode.

I am for any help or ideas, so no worries!

Thanks

 

[seedubya]

You can't access the logs via eventvwr.msc but 2003 saves all log files to C:\Windows\System32\Config\LogName.EVT. If you can get to these via the command line you could copy them to a USB key and then open them up in Vistas new and improved event viewer. Maybe that would give you an indicaiton of what's going on?

 

[kc0eks]

You can't access the logs via eventvwr.msc but 2003 saves all log files to C:\Windows\System32\Config\LogName.EVT. If you can get to these via the command line you could copy them to a USB key and then open them up in Vistas new and improved event viewer. Maybe that would give you an indicaiton of what's going on?

Sounds like a great idea, I will try it out just as soon as comcast fixes the internet and I can remote in again....

Thanks for the suggestion, sounds reasonable, hope it works

 

[kc0eks]

Out of nowhere I remembered that computer management can connect to a remote pc...soo...I used that. The only errors I see are as follows, I have yet to research what any of them mean.
--These are all just from boot up, running explorer.exe does not generate any new errors--

The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

The COM+ Event System failed to create an instance of the subscriber {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. StandardCreateInstance returned HRESULT 80070422.

DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service SENS with arguments "" in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

So I think we may have some paths to explore...or I do anyway...

 

[Methical]

One of these maybe useful to you:

XP_TASKBAR_DESKTOP_FIXALL.VBS
NoDesktop.Reg


Actually, maybe not. 'Cos there from kellys korner and for XP. But it could be useful for others with explorer.exe problems.

 

[Methical]

But some sort of registry fixer program should hopefully set you straight.

 

[kc0eks]

Running procmon comes up with all sorts of stuff, of course now I have to decide what is normal and what isnt.

When I ran procmon only when i tried to start explorer.exe I see quite a bit of stuff, but this one seems like a lead:

Date & Time: 3/7/2009 3:30:08 AM
Event Class: File System
Operation: DeviceIoControl
Result: INVALID PARAMETER
Path: C:\WINDOWS\explorer.exe
TID: 4648
Duration: 0.0000045
Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME

And this one was next:
Date & Time: 3/7/2009 3:30:08 AM
Event Class: File System
Operation: CreateFile
Result: NAME INVALID
Path: C:\WINDOWS\explorer.exe
TID: 4648
Duration: 0.0000129
Desired Access: Read Attributes, Synchronize
Disposition: Open
Options: Synchronous IO Non-Alert, Open Reparse Point
Attributes: N
ShareMode: Read, Write
AllocationSize: n/a

Then thisate & Time: 3/7/2009 3:30:08 AM
Event Class: File System
Operation: QueryNameInformationFile
Result: BUFFER OVERFLOW
Path: C:\WINDOWS\explorer.exe
TID: 4648
Duration: 0.0000111
Name: \W

And finally:
Date & Time: 3/7/2009 3:30:08 AM
Event Class: File System
Operation: UnlockFileSingle
Result: RANGE NOT LOCKED
Path: C:\WINDOWS\WiseHook.ini
TID: 3556
Duration: 0.0000048
Offset: 0
Length: 4,294,967,295

The wisehook.ini thing looks to be part of Alteris deployment, so maybe thats causing an issue. maybe..


To simplify this is everything procmon shows when i run explorer.exe.
4:12:40.5395346 AM explorer.exe 4264 UnlockFileSingle C:\WINDOWS\WiseHook.ini RANGE NOT LOCKED Offset: 0, Length: 4,294,967,295
4:12:40.5755826 AM explorer.exe 4264 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack NO MORE ENTRIES Index: 0, Length: 220
4:12:40.6302826 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell BUFFER OVERFLOW Length: 16
4:12:40.6304420 AM explorer.exe 4264 RegQueryKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon BUFFER OVERFLOW Query: Basic, Length: 24
4:12:40.6304709 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell BUFFER OVERFLOW Length: 16
4:12:40.6915542 AM explorer.exe 4264 RegEnumKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers NO MORE ENTRIES Index: 1, Length: 288
4:12:40.7319272 AM explorer.exe 4264 CreateFile C:\WINDOWS\Debug\UserMode\ChkAcc.bak SHARING VIOLATION Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
4:12:40.7415604 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7419119 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7426377 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7429777 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7440665 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7443604 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7452268 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7463137 AM explorer.exe 4264 RegQueryValue HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\StubPath BUFFER OVERFLOW Length: 144
4:12:40.7507131 AM explorer.exe 4264 RegEnumKey HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components NO MORE ENTRIES Index: 49, Length: 288
4:12:40.7754492 AM explorer.exe 4264 RegQueryValue HKCU\Software\Classes\http\shell\open\command\(Default) BUFFER OVERFLOW Length: 144
4:12:40.8278791 AM explorer.exe 4264 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\IconStreams BUFFER OVERFLOW Length: 144
4:12:40.8281281 AM explorer.exe 4264 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\IconStreams BUFFER OVERFLOW Length: 144
4:12:40.8285286 AM explorer.exe 4264 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\PastIconsStream BUFFER OVERFLOW Length: 144
4:12:40.8293490 AM explorer.exe 4264 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\PastIconsStream BUFFER OVERFLOW Length: 144

 

[kc0eks]

Well I have not gotten anywhere with this. Reg cleaner was also something I have tried.

Not sure what is wrong or how to fix it, not a combo I like!

 

[arrow_runner]

Have you tried SFC yet? It's probably worth a shot.

 

[kc0eks]

Have you tried SFC yet? It's probably worth a shot.

The owner is out of town and so I have to wait til monday to get the server discs and such, then I will indeed try that.

Such an annoying problem

 

[arrow_runner]

Good luck. Let me know if that works. I hope it does. I know I wish I would have found out about sfc sooner.

 

[kc0eks]

ok ran sfc and got no where. It completes fine it seems, but still cant get a desktop, or launch explorer.

any ideas? I dont know what else to try minus re-installing which is not really something I enjoy on servers...

 

[kc0eks]

How long as this problem been happening? I know this sounds silly, but here is a few extra things I would try.

see if anything is starting explorer.exe on bootup. Perhaps it's starting twice, which messes it all up?

Can you get a task manager, and just start ending procs that don't see to fit, or be of importance?

How current is the backups?


And just to be clear; When you say no desktop, you mean like icons, and start menu, and such? Again, I know this may sound silly, but is the taskbar hidden, and the icons as well? Can you right click on the desktop?

I have backups of data but not a very current image of the whole server.

Explorer.exe doesnt seem to start at all, it isnt listed in task manager and starting it manually doesnt work. I will try ending processes's tonight after they close, and see if that helps...I havent tried that yet.

And by no desktop I mean no icons, taskbar, etc. Taskbar is not hidden.

Silly or not I appreciate the input

 

[kc0eks]

After the problem I ran the few updates that I had not already done. So it is now current.

 

[kc0eks]

Ending all tasks but system required tasks also did not help.

Ok so I came accross this batch script, which completely fixed it...simple...but yet so hard to find the solution. So for anyone else who may have this problem, put the following in a .bat and run it.

rem Script used to manually reregister Internet Explorer and Shell related *.dlls
rem Also included the Digital Signing and Cryptographic Provider *. dlls if needed
rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\System32\dacui.dll
rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\Catroot\icatalog.mdb
rem regsvr32 setupwbv.dll /s
rem regsvr32 wininet.dll /s
regsvr32 comcat.dll /s
regsvr32 CSSEQCHK.DLL /s
regsvr32 shdoc401.dll /s
regsvr32 shdoc401.dll /i /s
regsvr32 asctrls.ocx /s
regsvr32 oleaut32.dll /s
regsvr32 shdocvw.dll /I /s
regsvr32 shdocvw.dll /s
regsvr32 browseui.dll /s
regsvr32 browsewm.dll /s
regsvr32 browseui.dll /I /s
regsvr32 msrating.dll /s
regsvr32 mlang.dll /s
regsvr32 hlink.dll /s
rem regsvr32 mshtml.dll /s
regsvr32 mshtmled.dll /s
regsvr32 urlmon.dll /s
regsvr32 plugin.ocx /s
regsvr32 sendmail.dll /s
rem regsvr32 comctl32.dll /i /s
rem regsvr32 inetcpl.cpl /i /s
rem regsvr32 mshtml.dll /i /s
regsvr32 scrobj.dll /s
regsvr32 mmefxe.ocx /s
rem regsvr32 proctexe.ocx mshta.exe /register /s
regsvr32 corpol.dll /s
regsvr32 jscript.dll /s
regsvr32 msxml.dll /s
regsvr32 imgutil.dll /s
regsvr32 thumbvw.dll /s
regsvr32 cryptext.dll /s
regsvr32 rsabase.dll /s
rem regsvr32 triedit.dll /s
rem regsvr32 dhtmled.ocx /s
regsvr32 inseng.dll /s
regsvr32 iesetup.dll /i /s
rem regsvr32 hmmapi.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 actxprxy.dll /s
regsvr32 dispex.dll /s
regsvr32 occache.dll /s
regsvr32 occache.dll /i /s
regsvr32 iepeers.dll /s
rem regsvr32 wininet.dll /i /s
regsvr32 urlmon.dll /i /s
rem regsvr32 digest.dll /i /s
regsvr32 cdfview.dll /s
regsvr32 webcheck.dll /s
regsvr32 mobsync.dll /s
regsvr32 pngfilt.dll /s
regsvr32 licmgr10.dll /s
regsvr32 icmfilter.dll /s
regsvr32 hhctrl.ocx /s
regsvr32 inetcfg.dll /s
rem regsvr32 trialoc.dll /s
regsvr32 tdc.ocx /s
regsvr32 MSR2C.DLL /s
regsvr32 msident.dll /s
regsvr32 msieftp.dll /s
regsvr32 xmsconf.ocx /s
regsvr32 ils.dll /s
regsvr32 msoeacct.dll /s
rem regsvr32 wab32.dll /s
rem regsvr32 wabimp.dll /s
rem regsvr32 wabfind.dll /s
rem regsvr32 oemiglib.dll /s
rem regsvr32 directdb.dll /s
regsvr32 inetcomm.dll /s
rem regsvr32 msoe.dll /s
rem regsvr32 oeimport.dll /s
regsvr32 msdxm.ocx /s
regsvr32 dxmasf.dll /s
rem regsvr32 laprxy.dll /s
regsvr32 l3codecx.ax /s
regsvr32 acelpdec.ax /s
regsvr32 mpg4ds32.ax /s
regsvr32 voxmsdec.ax /s
regsvr32 danim.dll /s
regsvr32 Daxctle.ocx /s
regsvr32 lmrt.dll /s
regsvr32 datime.dll /s
regsvr32 dxtrans.dll /s
regsvr32 dxtmsft.dll /s
rem regsvr32 vgx.dll /s
regsvr32 WEBPOST.DLL /s
regsvr32 WPWIZDLL.DLL /s
regsvr32 POSTWPP.DLL /s
regsvr32 CRSWPP.DLL /s
regsvr32 FTPWPP.DLL /s
regsvr32 FPWPP.DLL /s
rem regsvr32 FLUPL.OCX /s
regsvr32 wshom.ocx /s
regsvr32 wshext.dll /s
regsvr32 vbscript.dll /s
regsvr32 scrrun.dll mstinit.exe /setup /s
regsvr32 msnsspc.dll /SspcCreateSspiReg /s
regsvr32 msapsspc.dll /SspcCreateSspiReg /s
regsvr32 licdll.dll /s
regsvr32 regwizc.dll /s
regsvr32 softpub.dll /s
regsvr32 IEDKCS32.DLL /s
regsvr32 MSTIME.DLL /s
regsvr32 WINTRUST.DLL /s
regsvr32 INITPKI.DLL /s
regsvr32 DSSENH.DLL /s
regsvr32 RSAENH.DLL /s
regsvr32 CRYPTDLG.DLL /s
regsvr32 Gpkcsp.dll /s
regsvr32 Sccbase.dll /s
regsvr32 Slbcsp.dll /s
exit


From: http://www.windowsnetworking.com/articles_tutorials/Internet-Explorer-corrupted-fix.html