Explorer not loading automatically

By mandeep
Apr 13, 2009
  1. i am using windows vista basic[/quote]

    actually i took lots of time to download and perform scan by all the softwares prescribed in your 8 steps
    here are the logs obtained
    please tell wat to do next.

    can u plz check my logs and tell me if there is any problem or not

    actually i have disabled mcafee anti virus and installed bit defender
    Should i remove mcafee or remain it disabled only?
    waiting for more suggestions
    thanks for ur suggestion

    A couple of weeks ago I had been attacked by spyware. McAfee Security Center and Windows Defender, does not detect any spyware . The problem was that explorer.exe does not load automatically on login. This means I get my wallpaper but nothing else – no icons, no start menu, no taskbar. No task manager was there to run explorer.exe, .Then i opened i computer through safe mode with command prompt.then put the command to open explorer. Besides the fact that I don’t really want to manually jump start explorer.exe every time I log in, it makes me wonder if there is a bigger problem lurking in the background.then i saw a registry error, i made it correct but i have still many viruses in my d:/ drive like gphone.exe ,new folder.exe and many other viruses so i adopted "UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions"and logs are posted above.

    anyone have any suggestions on what this might be?

  2. touch

    touch TS Rookie Posts: 978

    Hello mandeep

    I´ll suggest you remove mcafee, using this guide:

    Reboot, attach new hijackthis log, and tell, have you make modifications to explorer exe:
    F2 - REG:system.ini: Shell=Explorer.exe

    Also, are you using proxy server, or are the computer running as server ?
  3. mandeep

    mandeep TS Rookie Topic Starter

    yes i have made modification in shell
    Earlier it was Shell=explorer.exe gphone.exe
    i made it correct to explorer.exe
    actually gphone.exe is a virus which is in my d drive after the attack of this virus my explorer was not opening so i opened it with command prompt and made change in explorer is working but some virus are there
    i am using proxy server
    thanks for your reply

  4. touch

    touch TS Rookie Posts: 978

    Ok. Let´s dig deeper then ->

    Please download combofix here ->

    Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
    It may take a while to complete scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
    scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
  5. mandeep

    mandeep TS Rookie Topic Starter

    comofix scan done

    i have done combofix scan
    log file is attached
    is there any problem in registry :shell=explorer.exe
    or everything is all right.?
  6. mandeep

    mandeep TS Rookie Topic Starter

    roxio UPnp has stopped working and closed.window will notify if solution is available.
    this message always come after booting
    wat should i do
  7. touch

    touch TS Rookie Posts: 978

    P2P software/programs are a major contributor to your infections.

    We reserve the right to withdraw our support:
    If such programs are found in your logs
    Should you not agree to their removal.
    As they are normally set to bypass your Firewall and Anti-Virus software
    Filesharing/P2P Programs serves as a constant threat to your computer

    c:\program files\BitTorrent

    You decide ;)
  8. mandeep

    mandeep TS Rookie Topic Starter


    i have deleted c:\ programfiles\bit torrent
    wat about p2p i am not getting.
  9. touch

    touch TS Rookie Posts: 978

    P2p is also fileharing. Run combofix again, and attach the log it produce
  10. mandeep

    mandeep TS Rookie Topic Starter

    i ran combofix again and
    here is a log
    also photo of my d drive is attached ,in which gphone .exe is a virus and in every folder there are virus of its name
    eg. in dell folder there is dell.exe
  11. mandeep

    mandeep TS Rookie Topic Starter


    photo of d drive is attached here
  12. mandeep

    mandeep TS Rookie Topic Starter


    have u seen virus named gphone.exe in d :/ drive
  13. touch

    touch TS Rookie Posts: 978

    Sorry, I´ve missed you :(

    Download Flash_Disinfector.exe by sUBs from
    and save it to your desktop.

    Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.

    Wait until it has finished scanning and then exit the program.
    Reboot your computer when done.
    Attach fresh combofix log

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this will help protect your drives from future infection.
  14. mandeep

    mandeep TS Rookie Topic Starter

    i have downloaded flash disinfector.exe ,as u have told
    but it is not showing anything on double-clicking
    then i have searched autorun.inf in c:/ drive but i get 'autorun.inf.vir'(96 bytes) which is created on the date on which virus has entered in my computer.
    plz tell is has virus done something ?
    thnks for ur reply.
  15. touch

    touch TS Rookie Posts: 978

    I can´t tell before I see a fresh combofix log.
  16. mandeep

    mandeep TS Rookie Topic Starter

    then i have searched autorun.inf in c:/ drive but i get 'autorun.inf.vir'(96 bytes) which is created on the date on which virus has entered in my computer
    photo is attached.
    fresh combofix log is also attached
  17. o4u2sweat

    o4u2sweat TS Rookie

    Backup data to folder on c:\ drive create a new user ( Admin access ) blow away all other profiles and logon with the new Admin profile.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...