Windows explorer won't start for nonadministrator accounts

[Fred Ma]

Hello,

I've corrupted my newly installed Windows 2000 installation somehow.
When I log into a power-user account, I get a blue screen without any
taskbar or desktop icons. Right-click doesn't give a context menu. I
can do Ctrl-Alt-Del to get the task manager; there are no suspicious
processes. From the task manager, I launch a cygwin window (or
msconfig, or anything else that can be launched from a command line).
If I try to launch explorer, I see it momentarily on the task list,
then it disappears.

I tried creating a new power-user account, but it doesn't fare any
better. Upon searching the web, I tried "sfc /purgecache". After
rebooting, I see WINLOGON.EXE taking up half the processor capacity if
I log in as administrator. However, explorer still doesn't run if I
log in as power-user (but neither does WINLOGON.EXE take up a good 50%
of the CPU).

As well, I also tried a windows repair, but that didn't solve the
problem. Can anyone suggest further fixes? I cringe at reinstalling
windows. The reinstallation process takes one night, but it takes a
number of days to reinstall everything else after that, and to
customize the tools and work environment

Fred

 

[Dave Patrick]

Tell us the details and some may be able to help.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


:
<snip>
| I've corrupted my newly installed Windows 2000 installation somehow.
<snip>

 

[dc]

First look at the Google search
http://www.google.com/search?hl=en&ie=UTF-8&q=WINLOGON.EXE++virus


W2K doesn't natively use msconfig.exe. Have you installed the XP version?
If it is just the power user account of one user, set up another user account and
then delete the old own in the control panel/users and passwords.

If you have other issues and are not perfectly sure that you have NO infection or
could have contracted foreign files do this. First run an online virus scan at this
URL, http://securityresponse.symantec.com/ . If you do not find anything go to step
two. If you find anything, be careful to print out a fix sheet and do exactly what
they say to do all in the exact order, or it will be back with a vengeance.

Now we are going to do an Inplace Upgrade Installation. This will not change your
data. Use this URL as a guide http://support.microsoft.com/default.aspx?kbid=292175.
To do this, shut your computer down after printing this. Start your computer, and
start tapping the "delete" key to enter the BIOS. Once in change the First Boot
Device to CD-ROM and place your W2K install CD in the tray. Power the computer down.
Start the computer, and start tapping the spacebar (any key is okay) and when the
posting gets to looking for the boot device it will go into loading the files that
are contained on the four boot diskettes, but faster. At the completion you will be
asked to choose the setup of repair. Choose the setup installation. Go through the
other questions, and when you are asked the second time if you want to continue with
a new install or a "repair" choose REPAIR. It will reload your operating system.
Afterward you will need download SP4 and all of the hotpatches you need to run your
computer (that doesn't mean choose all of them). Only download the hotpatches that
you need. Most all of the Security Patches. You can ask in this forum which
hotpatches are problematic. After you are through with the Installation, go back
into the BIOS and replace the original First Boot Device.



If you use I.E. and O.E., it wouldn't hurt to download and install it over the top.
Sometimes it takes doing that twice to completely get this refreshed. And of course
do a Windows Update at http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
and make sure all Security Updates are installed.

If you are not completely safe with AVP, firewall, and malware removing software,
you may want to look at www.spychecker.com and d/l and install an AVP like the one
from grisoft called AVG (they have a free version), Zone Alarm (there is a free
version), AdAware (be careful to understand the files that your are "quarantining",
and SpyBot S&D. These are not mandatory, but they are the easiest way to keep data
miners, and other nasty things off your machine.


Hello,

I've corrupted my newly installed Windows 2000 installation somehow.
When I log into a power-user account, I get a blue screen without any
taskbar or desktop icons. Right-click doesn't give a context menu. I
can do Ctrl-Alt-Del to get the task manager; there are no suspicious
processes. From the task manager, I launch a cygwin window (or
msconfig, or anything else that can be launched from a command line).
If I try to launch explorer, I see it momentarily on the task list,
then it disappears.

I tried creating a new power-user account, but it doesn't fare any
better. Upon searching the web, I tried "sfc /purgecache". After
rebooting, I see WINLOGON.EXE taking up half the processor capacity if
I log in as administrator. However, explorer still doesn't run if I
log in as power-user (but neither does WINLOGON.EXE take up a good 50%
of the CPU).

As well, I also tried a windows repair, but that didn't solve the
problem. Can anyone suggest further fixes? I cringe at reinstalling
windows. The reinstallation process takes one night, but it takes a
number of days to reinstall everything else after that, and to
customize the tools and work environment

Fred

 

[Fred Ma]

Tell us the details and some may be able to help.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

It's hard to say what did it. I installed quite a number of things,
including Kerio personal firewall, Avast antivirus, something else
(I think it's called ad-aware or something similar), cygwin, acrobat
reader, winzip (I think it was 9), uninstalled that and installed
winzip 8, TightVNC, ghostscript, gsview32, gvim & plugins, power
point viewer, and I can't recall what else.

Right now, I can't even log on. I did two windows repairs back to
back, and now it stops with a stop:c000026c error when booting.
According to microsoft's knowledge base, this errors is for missing
drivers. I was advised by Dell to reinstall.

Fred

 

[Dave Patrick]

Since it's a new install that's what I would do. After the clean install be
sure to apply these before connecting to any network and or internet.

http://www.microsoft.com/technet/security/bulletin/MS03-043.mspx
http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


:
| It's hard to say what did it. I installed quite a number of things,
| including Kerio personal firewall, Avast antivirus, something else
| (I think it's called ad-aware or something similar), cygwin, acrobat
| reader, winzip (I think it was 9), uninstalled that and installed
| winzip 8, TightVNC, ghostscript, gsview32, gvim & plugins, power
| point viewer, and I can't recall what else.
|
| Right now, I can't even log on. I did two windows repairs back to
| back, and now it stops with a stop:c000026c error when booting.
| According to microsoft's knowledge base, this errors is for missing
| drivers. I was advised by Dell to reinstall.
|
| Fred
| --
| Fred Ma
| Dept. of Electronics, Carleton University
| Ottawa, Ontario, Canada

 

[Fred Ma]

First look at the Google search
http://www.google.com/search?hl=en&ie=UTF-8&q=WINLOGON.EXE++virus

Well I'll be doggone. I didn't receive any mail, so I'm confused as
to how the virus could have gotten in, though I did have the firewall
and antivirus down for a while when troubleshooting. The symptom seems
right, though.

W2K doesn't natively use msconfig.exe. Have you installed the XP version?

I can't remember....I keep a folder of useful things around.

If it is just the power user account of one user, set up another user account and
then delete the old own in the control panel/users and passwords.

I thought the same, but it afflicted all new power-user accounts.

If you have other issues and are not perfectly sure that you have NO infection or
could have contracted foreign files do this. First run an online virus scan at this
URL, http://securityresponse.symantec.com/ . If you do not find anything go to step
two. If you find anything, be careful to print out a fix sheet and do exactly what
they say to do all in the exact order, or it will be back with a vengeance.

Well, I think the situation got worse. I tried a windows 2000 repair, and it caused
further corruption so that I can't boot. I found a description and supposed solution
at http://www.jsiinc.com/SUBI/tip4200/rh4212 (missing drivers). I copied those drivers
from another PC (CmBatt.sys complaint during normal boot, and Battc.sys for safe mode),
but that didn't quell the errors. Funny thing is that when I do "listsvc" at the
repair console, CmBatt is shown as disabled (so I'm already fixed up according to the
above website!).

The only reason I'm not going straight to a clean reformat is so that I can retrieve
some files from the HDD first.

I guess I've already tried the repair route below. I normally operate with a firewall
and antivirus, and I also run SpyBot. However, I had the barriers down for a while
when troubleshooting. Perhaps it was an infection.

Thanks for your advice.

Fred

 

[Fred Ma]

Since it's a new install that's what I would do. After the clean install be
sure to apply these before connecting to any network and or internet.

http://www.microsoft.com/technet/security/bulletin/MS03-043.mspx
http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

Thanks, Patrick. I did a full SP4 upgrade with all patches 1 week
ago (the first installation attempt). I also normally run with firewall
and antivirus, and SpyBot and some other ad-aware (or something like that).

I was hoping to be able to boot in order to retrieve some files over
the LAN before reformating, but the missing drivers is preventing it
from booting. According to http://www.jsiinc.com/SUBI/tip4200/rh4212.htm,
I can disable the services that require those files, but an listsvc at the
repair console shows the associated services to be already disabled
(e.g. the "missing" CmBatt.sys during normal bootup is for a disabled
batter service). I even copied those files from another PC, but still the
same error. During safe-mode boot, the complaint changes to Battc.sys.

Anyway, it looks like I can't get the boot sequence to work and retrieve
my files.

Fred

 

[Fred Ma]

The error message also said to try disabling BIOS caching and shadowing.
I will try repair one more time before looking into doing that....

Fred

 

[dc]

Sorry....

Sometime there is no instant answer.

After driving myself crazy, I found it simpler to plan for these things and make an
image after I had found it tool less time to grab the data, .wab, .ini, mail
folders, etc. and done a Clean Install. But, you know men usually run out of gas
before asking for directions. It must be a "guy" thing. LOL

Seems like folks have to be a dang astronaut to run a simple computer. Guess I must
enjoy it, or would have given it up a long time ago.

Good luck,
don

The error message also said to try disabling BIOS caching and shadowing.
I will try repair one more time before looking into doing that....

Fred

 

[Fred Ma]

Sorry....

Sometime there is no instant answer.

After driving myself crazy, I found it simpler to plan for these things and make an
image after I had found it tool less time to grab the data, .wab, .ini, mail
folders, etc. and done a Clean Install. But, you know men usually run out of gas
before asking for directions. It must be a "guy" thing. LOL

I don't mind getting into those practices eventually, but I'm not a native
PC guy, and don't have much cash to buy extra accessories (and it's a school
laptop, just I manage to monopolize it). Also, I'm trying to finish a degree
and prepare a few papers, that pretty well leaves no time to explore new things
(or much time for sleep, either), necessary though they may be. But thanks for
thinking up some ideas. I'm posting a related problem on a separate thread
about how to get the right missing drivers....

Fred

 

[Fred Ma]

Guess I lied about starting a new thread. It's too related.
According to
http://www.wintrouble.net/discus/messages/2237/2905.html?997210513,
both battc.sys and CmBatt.sys can be found in the windows installation
CD in X:\win2000\i386\sp1.cab. You just need to expand it out.

In my Dell Win2K reinstallation CD, the file is called "SP1/CAB"
(the slash is part of the file name rather than a directory delimiter)
and it is located in d:/I386. Unfortunately, the slash prevents the
name from being recognized as a file; the only way I could find it was
to search for sp1*. I cannot pass the filename as an argument to
"expand". How can one circumvent this in order to get the right sys
files? I tried right-clicking the file and doing "Open
with...->Browse", then browsed to the windows "expand" command.
Nothing seemed to happen. Hopefully it didn't expand into the current
PC, as it is a different computer than the target machine (which is a
Dell laptop).

I tried cygwin's "ls -i" to get the inode number, hopefully to
find a way to rename or copy the file using cygwin's "find", but
the "ls" command didn't like it either:

ls: SP1/CAB: No such file or directory

Thanks for any ideas. I might still not have gone ahead with the
straight reinstall by the time I see them. Who knows, maybe a straight
install without reformatting willl leave my data intact. I can install
to a point where I can retrieve my data, then wipe the disk clean and
start from scratch.

Fred

 

[Fred Ma]

In my Dell Win2K reinstallation CD, the file is called "SP1/CAB"
(the slash is part of the file name rather than a directory delimiter)
and it is located in d:/I386. Unfortunately, the slash prevents the
name from being recognized as a file; the only way I could find it was
to search for sp1*. I cannot pass the filename as an argument to
"expand". How can one circumvent this in order to get the right sys
files? I tried right-clicking the file and doing "Open
with...->Browse", then browsed to the windows "expand" command.
Nothing seemed to happen.

I can't drag-and-drop it onto the desktop either. ("Cannot copy file.
Cannot read form source file or disk").