BleepingComputer.com: Explorer Will not run

Windows will start and the desktop background will come up but explorer will not run.

I recently cleaned the computer of malware.

What happens when you boot the computer into Safe Mode?

How to start Windows in Safe Mode

If you can get into Safe Mode okay try this. Right click on the C drive in Explorer and go Properties > Tools > Check Now (under Error Checking). Check both boxes then click "Start Now". A message will pop up saying that Error Checking will run after you restart the computer. Restart the computer and Error Checking will run automatically after the restart. After it’s finished it will restart into Windows automatically.

Explorer will run in safe mode.

I ran the error checking. It finished, restarted and explorer is still not running. I can use task manager to run some programs but not all. Also when I try to run explorer using Task manager it appears in the processes but nothing happens.

I even tried to restore from a previous restore point and it still will not work.

It's possible that you have a virus.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

• Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  
• Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  
• The Express scan will automatically begin.
  (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)

• After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  
• In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  
• Please be patient as this scan could take a long time to complete.
  
• When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  
• Click Select All, then choose Cure > Move incurable.
  
• In the top menu, click file and choose save report list.
  
• Save the DrWeb.csv report to your desktop.
  
• Exit Dr.Web Cureit when done.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Ran Dr. Web CureIt. It found no virus. After the scan I clicked file but I could not save the report list.

The log will be posted around 5:00pm Eastern

Try the fix at Kelly's Korner.

Restore Desktop Icons and Taskbar - #195 on the right.

Right click on it and save the .vbs file to your desktop. Then, double click on the file icon (on your desktop) to run the script. You may need to reboot your computer for the changes to take affect.

With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.

The Kelly's Korner tip did not work.

I have noticed that I am able to download programs but I am unable to run them in Normal start. However I can run and download all programs in Safe mode with networking.

Safe mode with networking will not let me post the CureIt log. I can select and copy the log but when I try to paste it, firefox freezes (non responsive) and then closes. I can do a little at a time. If you would like the whole log let me know. Here is the end of the log.


Scan statistics
-----------------------------------------------------------------------------
Scanned: 461195
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 102 Kb/s
Scan time: 02:12:00
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Scanned: 923429
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 105 Kb/s
Scan time: 04:33:12
=============================================================================

How to Use SFC.EXE to Repair System Files

I used SFC.EXE Scannow and it scanned the computer, and then closed out. It did not find any problems.

Also I do not know if this will help but I cleaned my computer of virus and rootkit a few weeks ago, right before this problem started. Here is the link to the help that i received.
Maybe the cure was worse than the disease.

http://www.bleepingcomputer.com/forums/topic233076.html

Go Start > Run and type "regedit". Navigate to the following:

HKEY_LOCAL_MACHINE > SOFTWARE > MICROSOFT > Windows NT > CurrentVersion > Winlogon

And make sure that the Shell Key says "explorer.exe"

Yep, that is what it says.

Also I have noticed in Task Manager that there is occasionally two explorer.exe processes. On has memory usage of 4,580 and the other memory usage is 10,020. Both have zero in CPU usage at start up and throughout the entire time I am running the computer.

Run a search on your hard drive for files named explorer.exe. Make sure you search hidden and system files. Post back what you find.

Search returned 39 results several were documents. Quite a few were shortcuts to Internet Explorer and Windows Explorer. There was a Internet Explorer file folder. Things labeled explorer:

EXPLORER.EXE C:\i386 352kb EX_File
EXPLORER.SC C:\i386 1kb SC_File
explorer C:\WINDOWS\$NTServicepackuninstall 1009kb Application
explorer C:\WINDOWS\$NTunistalkb93828 1008 Application
explorer C:\WINDOWS\ServicePackFiles\i386 1010 Application
explorer C:\WINDOWS\$NF_migkps938828\SP2 1009 Application
Explorer.exe-021210.1A.pf C:\WINDOWS\Prefetch 39 PF file
explorer C:\WINDOWS 1 Windows Explorer Command