Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

explorer.exe will not initialize upon boot

2K views 15 replies 7 participants last post by  iMacg3 
#1 · (Edited)
Hello, I'm in a strange situation where when I logon to Windows 7, explorer.exe does not initialize. There is only a black screen and a CMD window, and I have to actually enter explorer.exe into the CMD window for Windows to finish booting. I'm not sure why this is happening. I actually checked the task manager to be sure it wasn't just some massive lag, but no, explorer.exe was not running.

I suspect it may have to do with a miner I recently dug out with Malwarebytes called SoundModule. It messed up CMD so it wouldn't launch at all, but I solved that problem by emptying an AutoRun regedit key via a tutorial, but now there's this issue. It's as if whatever line of code that is supposed to initialize explorer, was erased. So logic says it was in that AutoRun key I emptied. >.<;

It's here:
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\

Any help would be appreciated. Thanks!

*EDIT* Okay, I did some looking around and apparently that's not the cause of it; that key specifically relates to how cmd functions. Even if I put
C:\WINDOWS\explorer.exe in the key, it does launch explorer on logon when the cmd window opens, but it also launches an explorer window every time I pull up a cmd which is not how it should be haha. So I am not sure.
 
See less See more
#2 · (Edited)
#4 ·
I found this instructions:
Go to the following in the registry editor:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In Winlogon, on the right side, there should be a value called "Shell"
Double click this value. Make sure only 'Explorer.exe' is the value of Shell, if anything else is there , simply delete it and leave 'Explorer.exe' .

Restart and explorer should now start after you log in.
 
#5 ·
Hey I didn't realize there was this reply until just now. Okay, I tried that, but the shell value already had only explorer.exe, and nothing else, and the problem persists.

I found this instructions:
Go to the following in the registry editor:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In Winlogon, on the right side, there should be a value called "Shell"
Double click this value. Make sure only 'Explorer.exe' is the value of Shell, if anything else is there , simply delete it and leave 'Explorer.exe' .

Restart and explorer should now start after you log in.
 
#6 ·
This is the contents of Command Processor in my Windows 7 registry :-
Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"CompletionChar"=dword:00000009
"DefaultColor"=dword:00000000
"EnableExtensions"=dword:00000001
"PathCompletionChar"=dword:00000009
How does that compare with yours ?
 
#8 ·
Does explorer.exe start in safe mode?
If it does,then something is interfering with it's startup.

Check if any add-ons may be interfering with its starting up. Often, 3rd-party shell extensions can cause Explorer to crash on particular actions. Several programs add items to the right-click context menu.

See if a System Restore helps you

Open command prompt as admin and Run sfc /scannow.See if that works.
 
#9 ·
Not sure if it's relevant now but you can try changing your registry values to the same as mine in post #6 then restart then if it makes no difference change them back.
 
#10 ·
Hey, Explorer does not start in safe mode. All my extensions seem to be the same as before morning new. Sfc scan result shows

And the two registry values that are different are the ones that say completion character and path completion character. What effect does changing those have?

Also, wouldn't this just come down to some autorun entry set to initialize Explorer on boot? Like do you guys have an entry like that in your run or runonce?
Would doing a registry search for Explorer.exe reveal where that command is being executed?
 
#11 ·
This needs attention from one of our Malware Specialists as there will be many registry keys/values that need to be removed or repaired as well as files related to this malware. A tool call FRST will be run which will reveal all of the hidden locations. It's best to go that route rather than trying to find every instance yourself and possibly causing harm in the process. Would you like me to move this to the Virus & Other Malware Removal forum for assistance?
 
#13 · (Edited)
As I said, you will need the guidance of one of our Malware Specialists who will have you run that tool and subsequent fix with it. I'll move this to the Virus & Other Malware Removal forum. However, it's advised to reply in a more timely manner during the clean up process as much can change over time when malware is present.
 
#14 ·
Welcome. :)

If you are able to boot the computer normally please download and run a scan with FRST. If not let me know.

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top