Troubleshoot Explorer.exe is not a valid win32 application. Please help!!!

[CycloneTutorials]

The other day I was scanning my PC and removing my threats, after I removed then and I rebooted. The next day and I was copying my files to my USB and shut downed my PC.

The next day when I rebooted it, the whole PC went black, I can't see anything, task bar, explorer, my computers, icons etc. And when I open Task Manager and type explorer.exe it says "explorer.exe is not a valid win32 application". Can anyone help me with this? I went to repair my PC using Windows 7 DVD but the results were the same. I googled it about the help but no similar results found. Does anyone know how to fix it? I think my explorer.exe is corrupted, how do I get a fresh new explorer.exe?

I tried to system restore but it said no restore points found.

The only thing I use to open firefox, games etc is Task Manager > CMD. I can't open any folders or file, I have to go to the directory in CMD and run it.

Thank You.
P.S. I have posted this post on every security forum, MalwareTips is my last hope.

 

[win7holic]

why not to save such as; music, pict, others document on DVD-R? burn into it. the, after you format you can burn into your machine again you can still have copy .
I do it for all my laptops. Move thousands musics to other laptop with easily.

 

[Jack]

Looks like a side effect of the malware.With what exactly were you infected??
Is explorer.exe listed under the processes tab in Task Manager? If not, run CMD and enter explorer on the command line. If that doesn't work, explorer.exe could have been violated of there could be rogue shell extension at work.

1. When you've run Windows Repair All in One you've also Reset the registry permissions??


2. A.Did you try to run SFC /SCANNOW in Safe Mode?
Try tapping F8 on boot and enter Safe Mode. Try sfc /scannow again or sfc /scanboot and reboot. You can find details on how to run the scan in this thread.

B.If it still won't want to work , you can check the registry

Lets open Regedit (Press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.EXE and press Enter.) and then navigate to this key:

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\
Winlogon

Look for the SFCDisable key and make sure its value is set to 0 (Zero)

Reboot and try SFC /Scannow again.

C. If still doesn't work please try to run SFC with offline option.

sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows

Please note that sometimes, a second scan run of SFC is necessary, even if SFC completes the first time, in order to replace all missing or corrupted files. If SFC completes, you can safely run it a second time for good measure.

3.Check in your Event viewer to see if Windows can give you more details about this error.

4. Run SIGVERIF and see if that uncovers any issues with system files.
To access it, type sigverif in CMD box and hit enter.On completion of the scan, it will list down those which are not digitally signed. Is explorer.exe on that list?

4.Lets check if everything is really ok on your system.
Scan with OTL:

1. Please download OTL and save it to your Desktop.
2. Right-click on OTL.exe and select Run as Administrator to start OTL.
3. Double click on OTL.exe to run it.
4. Under Output, ensure that Minimal Output is selected.
5. Under Extra Registry section, select Use SafeList.
6. Click the Scan All Users checkbox.
7. Click on Run Scan at the top left hand corner.
8. When done, two Notepad files will open.
   • OTListIt.txt <-- Will be opened
   • Extra.txt <-- Will be minimized
9. Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back :
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

 

[Vextor]

http://www.youtube.com/watch?v=FT42A6iYWj8&feature=feedu
Here's a video that might help.

 

[Deleted member 178]

ummmmm... CycloneTutorials trying to fix his computer : http://www.youtube.com/watch?v=IMe032S9krc

thanks thanks, no photoshots please

 

[WinAndLinuxTutorials]

ummmmm... CycloneTutorials trying to fix his computer : http://www.youtube.com/watch?v=IMe032S9krc

lol

 

[CycloneTutorials]

Thank you Jack for the reply.

It's not infected with malware, I scanned it with MalwareBytes, Emsisoft 6, before the day explorer.exe got corrupted.

No, explorer.exe is not listed, when I type explorer.exe in Task Manager, it says "explorer.exe is not a valid win32 application".

1. Yes I did. I got the same results.

2.A. Yes, I did. It scanned fine. It said me to reboot to complete. But I still got the same error.

I went to Regedit/winlogon but there is not file like SFCDisable Key.

C. Tried sfc in offline it said "The arguments passed to sfc are invalid. The offline windows directory specified points to the online system."

3. Sorry, I can't open Event Viewer because I can't see the task bar, when I go to Task Manager and type control.exe it said its not a valid win32 application. Any idea how to open using CMD?

4. Sorry Jack, sigverif is not recognized as an internal or external command, operable program or batch file.

5. OTL: I attached the file OTL.txt and Extras.txt. The rest is up toa you.

Thanks for the reply, again.

 

[CycloneTutorials]

ummmmm... CycloneTutorials trying to fix his computer : http://www.youtube.com/watch?v=IMe032S9krc

thanks thanks, no photoshots please

Fun time over. Help here is more important. We can do fun later. Agreed? And I am not FAT! xD

 

[Deleted member 178]

can you create another account?

or try this : http://eric-taylor.com/2008/01/the-all-famous-windows-xp-explorerexe-killer/

 

[win7holic]

can you create another account?

or try this : http://eric-taylor.com/2008/01/the-all-famous-windows-xp-explorerexe-killer/

on there. eric said

Well now your in for a reformat Mark. It has been my experience as a computer technician that when you start to run into the “…. is not a valid Win32 application” error, you have major OS corruption that is best fixed by reformatting the machine.

Format machine is good thing to do for you CT

 

[Jack]

Try to run the below OTL fix.
Btw..you should really go more easy with the toolbars,most of them come bundled with Adware or other crapware.
I see that you have Rollback Rx running in the background did you try to use it ?

Run this OTL Fix :

1. Start OTL again.
2. Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
   
   
   
   
   
   

   :OTL
   O2:[b]64bit:[/b] - BHO: (no name) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - No CLSID value found.
   O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
   O2 - BHO: (no name) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - No CLSID value found.
   O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
   O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
   O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll ()
   O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - No CLSID value found.
   O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
   O3 - HKLM\..\Toolbar: (Lion Skin DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll ()
   O3 - HKLM\..\Toolbar: (no name) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - No CLSID value found.
   O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
   O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
   O4 - HKLM..\Run: []  File not found
   O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
   O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
   O4 - HKU\S-1-5-21-1860540108-661472113-1056087487-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
   O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
   O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
   O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
   O32 - AutoRun File - [2011/02/03 22:32:29 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
   O32 - AutoRun File - [2011/02/03 22:32:29 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
   O32 - AutoRun File - [2011/02/03 22:32:29 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
   O32 - AutoRun File - [2011/08/30 18:37:18 | 028,391,224 | ---- | M] (Ubisoft) - H:\Autorun.exe -- [ NTFS ]
   O32 - AutoRun File - [2011/07/07 15:33:52 | 000,000,072 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
   O32 - AutoRun File - [2011/02/03 22:32:29 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
   O33 - MountPoints2\{5435937d-b69e-11e0-9aaf-001cc0976c22}\Shell - "" = AutoRun
   O33 - MountPoints2\{f6576e88-ae89-11e0-8c06-806e6f6e6963}\Shell - "" = AutoRun
   O33 - MountPoints2\{f6576e88-ae89-11e0-8c06-806e6f6e6963}\Shell\AutoRun\command - "" = J:\setup.exe
   :Services
   :Reg
   :Files
   :Commands
   [Purity]
   [EmptyFlash]
   [ResetHosts]
   [emptytemp]
   [Start Explorer]
   [reboot]

3. Then click the Run Fix button at the top
4. Let the program run unhindered, reboot when it is done
5. Attach the new log produced by OTL in your next reply.

 

[WinAndLinuxTutorials]

Before reformat, you can copy the important files from the system drive using an archive manager. It's easy

 

[CycloneTutorials]

Yes, I know. Will do that later. If Jack finds the solution, he is the only hope for me. If he still doesn't know how to fix my problem. Then it will be better if I format my system.

 

[jamescv7]

If you have a another computer, how about try to copy the clean explorer.exe and paste it from your current one.

If it could work, but Jack was providing a solution so hopefully the problem may solve

 

[CycloneTutorials]

Alright, I did an OTL Fix, it was doing its thing.
I don't have any toolbars installed Firefox. O_O
I have Rollback Rx, how can Rollback Rx help with this? The last restore point created was in July.

Followed the process. It rebooted. I can't see any changes made in my system. It is just the same.

Here is the attachment.

---

If you have a another computer, how about try to copy the clean explorer.exe and paste it from your current one.

If it could word, but Jack was providing a solution so hopefully the problem may solve

I did it. Didn't work.

 

[Deleted member 178]

dont lose any more time, just reformat, reinstall (your system will be faster), create a separate partition for the downloaded datas (movies, music, pictures, softs, etc...), optimize the system by disabling useless services and features, add right away your security apps and main softwares, install a backup software then run it and save the image of the system in the second partition ( or on DVDs or external HDD if you have enough space).

 

[WinAndLinuxTutorials]

I have Rollback Rx, how can Rollback Rx help with this? The last restore point created was in July.

In July?????? I think it will work if you restored the PC to that state, but it is VERY old. Just create a snapshot before attempting to restore the system. And please, be careful when doing this, as I never tried to play a lot with Rollback Rx. Create a backup of your important files present in the system drive and proceed at your own risk.

 

[WinAndLinuxTutorials]

After I saw the attachment in your previous post, I saw that there are some infections. Try something like avast! Online Scanner and ESET Online Scanner.

 

[CycloneTutorials]

If you have a another computer, how about try to copy the clean explorer.exe and paste it from your current one.

If it could work, but Jack was providing a solution so hopefully the problem may solve

I took a fresh copy of explorer.exe from another PC but still it didn't work.

Yep, Jack is the only hope.

 

[Jack]

I took a fresh copy of explorer.exe from another PC but still it didn't work.

The PC had that same specs right?Where did you copy explorer.exe (path) ?Is explorer.exe loading in Safe Mode?

1.It is always recommended that you take a backup of the Registry before editing any of the values because any improper editing can cause strange behaviour and at worst could even corrupt your operating system completely, requiring you to re-install Windows.
We encourage you to try out the registry changes, but only if you know what you are doing and if you do it with care.

Go to the following in the registry editor:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
In Winlogon, on the right side, there should be a value called "Shell".
Double click this value. Make sure only 'Explorer.exe' is the value of Shell, if anything else is there , simply delete it and leave 'Explorer.exe' .
Restart the computer for the changes to take effect.Once that's done start Taskmanager and under the Processes tab, check if the explorer.exe process is running , if it's not, then cilck File-> New Task, type explorer.exe and click OK.


2.Launch the Autoruns Sysinternals tool.
http://technet.microsoft.com/en-us/sysinternals/bb963902

On the Options menu select Hide Microsoft and Windows entries.

On the File menu click Refresh (or just hit F5).

Look at the Explorer tab for things that are loading under Explorer.exe . What's listed?

 

[malbky]

Are u able to open firefox, do u see any strange toolbars or abnormal behaviour, can u launch ieexplore.exe.