What might cause Explorer.exe to fail to start?

Posted on

QUESTION :

When I boot up my computer, all I get is a black screen, and just one of a few programs that should start when logging on. Using CTRL + ALT + DEL and running Explorer.exe works as intended.

However, my Windows theme is skewed, and when I right click the desktop, it which comes up with a notice that the desktop window manager was disabled. Running a troubleshooter under the Personalize command in this right-click context menu then fixes the problem for me, but my computer runs more slowly than usual, and certain programs refuse to run altogether.

Based on several Google searches, the most popular fix seemed to be to use regedit and check that certain values were correct, such as HKEY_LOCAL_MACHINE etc. They all seemed to be fine, but I did find a result that suggested that maybe malware had replaced and disguised itself as Explorer.exe. I ran Hitman Pro and found what I think is a .dll file which was disguised and flagged as malware. This was then deleted and several other scans from other programs turned up nothing else.

The problem persisted however, and I found a suggestion to begin in safe mode. This worked perfectly with explorer.exe working perfectly, which leads me to believe that somehow where my laptop is supposed to read the command to run, Explorer.exe has been damaged, or is not being read properly. Additionally, there don’t seem to be any system restore points.

Most of what I’ve done is just my uneducated guessing, however.

Has anyone else experienced this, and what can I do to fix it?

ANSWER :

The actual explorer.exe process is typically started by userinit.exe, based off of the value at HKLMSOFTWAREMicrosoftWindows NT CurrentVersionWinlogonShell which should be a REG_SZ with the value explorer.exe. There is an excerpt from Windows Internals located on this blog which details the session initialization process.

This would not explain any issues with DWM or sluggishness, but if malware initially caused the change, it could still be causing issues or have damaged key portions of the system. Your best bet is to reinstall, but you could also do a quick check with autoruns.exe.

Leave a Reply

Your email address will not be published.