Closed Desktop Vanishes, Windows Explorer Stops

[Angie Labelle]

My Desktop icons and taskbar periodically just disappear, leaving only my wallpaper image visible. The only way I have found to recover (without a power-off/on hard boot) is to bring up Task Manager and log off, then log back on at which point my Desktop is restored.

"Windows Explorer has Stopped Working" keeps popping up in mid-session, the only recovery option being to Restart Windows Explorer, thereby losing whatever I had been working on.

I have run sfc /scannow to see if any Windows files were corrupt, but it reports no problems found.

The only common factor I can find in the various "solutions" found on various sites for both of these issues is Malware, so here I am, on bended knee- "Help me, Obi-Wan Kenobi, you're my only hope!"

Logs are attached, please help. Thanks.

Addition.txt FRST.txt scan_200417-182828.txt

[ShadowPuterDude]

 

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

 

HKLM\...\Winlogon: [Shell] C:\Windows\system32\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation)
Task: {3953CC3B-F2BB-4BC2-A948-B43467C153B0} - System32\Tasks\{72252C91-D20C-4671-ACC8-03CB8AC020C9} => C:\Windows\system32\pcalua.exe -a C:\Users\Angie\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B8F3DAB8-8B0E-4FFB-B1AB-66B89A98C7B0} - System32\Tasks\{0E892750-4C72-45A6-AEC9-C1BC1B60D4E9} => C:\Windows\system32\pcalua.exe -a E:\Users\Angie\Documents\Downloads\Adobe\AcroRdrDC1901220036_en_US.exe -d E:\Users\Angie\Documents\Downloads\Adobe
Task: {E5E6CBA0-9F07-425C-9117-99FB6794396F} - System32\Tasks\{E5836DFB-2E19-4E4B-923A-658BDD3062B9} => C:\Windows\system32\pcalua.exe -a 
Task: {F1775FD4-A7C0-4787-9020-E5A777E825C0} - System32\Tasks\{112AA8D9-1CD8-41E8-B8CC-9B5490790DEA} => E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
2020-04-11 22:33 - 2020-04-11 22:33 - 000003352 _____ C:\Windows\system32\Tasks\{E5836DFB-2E19-4E4B-923A-658BDD3062B9}
2020-04-17 17:43 - 2017-05-03 22:22 - 000008218 _____ C:\Windows\system32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2019-03-08 14:20 - 2019-03-08 14:20 - 000000000 _____ () C:\Users\Angie\AppData\Local\{00D69DC6-5BB4-4471-BE10-27184B9DBD44}
2019-08-14 18:20 - 2019-08-14 18:20 - 000000000 _____ () C:\Users\Angie\AppData\Local\{7DE83350-EA52-4739-9434-D75A5272FD99}
2018-12-27 15:32 - 2018-12-27 15:32 - 000000000 _____ () C:\Users\Angie\AppData\Local\{B8B9FA99-74B2-42E6-8743-A3260308815B}
2019-05-01 01:16 - 2019-05-01 01:16 - 000000000 _____ () C:\Users\Angie\AppData\Local\{E15E2D84-D0F0-4F31-9DE7-797C0DA1FF7E}
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
MSCONFIG\Services: MBAMService => 3
MSCONFIG\startupreg: Malwarebytes TrayApp => E:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
FirewallRules: [TCP Query User{84B02445-6312-4D1C-A3C1-924FB7D61DF7}G:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) G:\games\steam\steamapps\common\fallout 4\fallout4.exe No File
FirewallRules: [UDP Query User{9E5E90D1-391D-440E-89B4-DE9855697D86}G:\games\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) G:\games\steam\steamapps\common\fallout 4\fallout4.exe No File
FirewallRules: [{BE5BD611-C726-4B35-8050-6E3D69C0C712}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe No File
FirewallRules: [{EC76E52B-55A6-44C9-8BC9-8917696BE326}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe No File
FirewallRules: [{F9835A7F-58A6-4F37-999E-8A34D7C7E89D}] => (Allow) C:\Users\Angie\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{AA0947B6-C999-401C-821C-EBED21A5DD39}] => (Allow) C:\Users\Angie\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
E:\Program Files (x86)\Malwarebytes Anti-Malware
E:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
E:\Program Files\Malwarebytes\Anti-Malware

 

Close Notepad.

 

NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

 

IMPORTANT: Save all of your work, as the next step may reboot your computer.

 

Run FRST and press the Fix button just once and wait.

 

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

 

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

 

NOTE: If the tool warns you about an outdated version please download and run the updated version.

 

Also, let me know how the machine is running now, and what remaining issues you've noticed.

[Angie Labelle]

I did as you instructed, and fixlog.txt is attached. Thank you very much for whatever you did.

Interestingly, as I was reading through the (report? action summary?) that popped up after pressing the FRST Fix button, my desktop icons and taskbar vanished before my eyes! It's the first time I have ever actually seen it- usually, it vanishes while hidden behind my browser or game window or whatever else I'm working on.

I'll let you know how it's doing since running the fix in a couple of days if that's OK with you- it'll take that long for me to see what's different.

Thanks again for your time & expertise.

Fixlog.txt

[ShadowPuterDude]

The icons and taskbar disappearing was expected, as I reset the Winlogon value to its default.

Run a fresh scan with FRST, attach the new FRST reports to your reply.

[Angie Labelle]

Well, the Desktop has disappeared once and "Windows Explorer has stopped working" twice in the 24 hours since I ran the fix.

Here are the new FRST reports, and again, whether "we" (lol) succeed in rooting out and fixing this scary issue or not, I really appreciate your help.

Addition.txt FRST.txt

[ShadowPuterDude]

Something is causing Explorer to crash.  Look at your logs it is not Malware related.  You will need to examine the crash dumps to determine what is causing Explorer.exe to crash.

Error: (04/21/2020 02:41:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000004c50fd8
Faulting process id: 0x1f9c
Faulting application start time: 0x01d6178fe100edc0
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report Id: 7f01b831-83a3-11ea-8ddc-d050993d8a37

Error: (04/20/2020 10:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000005680fd8
Faulting process id: 0x1450
Faulting application start time: 0x01d6178739703377
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report Id: 1ad0dbdf-8383-11ea-8ddc-d050993d8a37

 

[Angie Labelle]

OK, at least now I can stop worrying about malware. Thank you very much for your assistance. I'll just try to bumgle into a solution somewhere.

[ShadowPuterDude]

You are welcome.