Starts up without explorer.exe

[ykarim]

Upon start, after I log-in, all I get is a black screen. On the lower right, I do see the Windows 7 build number 7022. The my documents folder opens up. There is nothing else. The only way that I have figured out to load anything is to go to the Windows Task Manager and start a new task: explorer.exe. Then everything loads fine, no error messages.

I have just installed this copy of Windows 7, I am dual-booting with Windows XP SP3 x86 Professional.

Is anyone else experiening this same problem. Any help would be greatly appreciated.

I will post a screenshot soon.

 

[Mark]

Open Elevated Command prompt and type sfc /scannow to see if that helps. http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

 

[ykarim]

Thanks for the quick reply. I will try your suggestion and get back to you.

 

[ykarim]

I ran the scan like you suggested.

Windows Resource Protection did not find any integrity violations.

 

[Chappy]

Hi ykarim and Welcome to the forums!

Do you know how to get into the registry?
If so, go to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

and make sure there is a value in there called - shell=explorer.exe

If it's not there and you do not know how to add a new key vakue or need help, post back please.

 

[ykarim]

This is what I see in the registry:

 

[Dzomlija]

This is what I see in the registry:

The "Shell" entry is all wrong.

Double-click on "Shell", then edit the text so that it's value is only "explorer.exe" (WITHOUT THE QUOTES).

Reboot, and post back with the results.

 

[ykarim]

I created a new user account, and the same thing hapened, expect that there was no my documents folder open on startup.

I corrected the registry with explorer.exe. The issue is now resolved. I have no idea why it would have changed in the first place. There had to have been something, but cannot pinpoint the source. Just happy it is resolved. Thanks for your help.

 

[Dzomlija]

I created a new user account, and the same thing hapened, expect that there was no my documents folder open on startup.

I corrected the registry with explorer.exe. The issue is now resolved. I have no idea why it would have changed in the first place. There had to have been something, but cannot pinpoint the source. Just happy it is resolved. Thanks for your help.

When you look and the original value of the "Shell" key in the registry, it was set to "explorer.exe c:\windows\winlogon.exe", which should have been your first clue.

First, WINLOGON.EXE has it's own entry in the registry. And second, WINLOGON.EXE is in the C:\Windows\System32" folder. The fact that something modified your registry to have explorer attempt to run a fake WINLOGON.EXE at startup is indicative of some sort of virus or other malware infection.

I'd check to see that WINLOGON does exist in "C:\Windows\System32", and then delete the rouge "C:\Windows\WinLogon.exe" which most defintely does not belong there. It is common practice for malware writers to use legitimate Windows system filenames to try and hide the true intent of the programs from unsuspecting users that believe them to be genuine system files, thus preventing them from deleting them.

Your safest bet in this case would be (if possible) to slave your hard disk to a known malware-free computer, with up-to-date virus protection, and then to perform a thorough scan of the drive to root out any suspect software. When you reconnect you drive to your hardware, install and update better anti-virus software, because whatever you have has not done it's job by allowing something through.

Keeping UAC set to it's maximum level (one setting above the Windows 7 default) is also a good idea. That way, if anything tries to perform an action (like modify the registry), you will be prompted for authorization to allow it to continue or not. That way, you can stop rogue software that your anti-virus software may have missed.

 

[Chappy]

Nice catch Peter!

I knew someone knowledgable would come in and help if we found the registry entry was incorrect, but allot of times that file placement would slip past some. That's an important lesson that HJT has taught over the years, always know the proper directory placement of system files, and know the Bad guys use this tactic often.

I think we deserve a little "Rep" here...don't you?