Page 1 of 2 12 LastLast
  1.    27 Sep 2017 #1
    Join Date : Dec 2015
    Posts : 24
    Windows 10

    Boot problems: Black screen + CMD no explorer.exe


    Hi, tonight i ran malwarebytes to scan for malware. After the scan multible threats were detected. After malware bytes took the appropriate actions my computer froze while trying to reboot. After waiting I hold the power button with now this as consequence:

    Click image for larger version. 

Name:	vlc_2017-09-27_22-17-22.jpg 
Views:	4 
Size:	443.5 KB 
ID:	155293

    After running the following command:
    Code:
    start explorer.exe
    it looks normal again.

    This problem also occurs in safe mode (what really has me worried).

    I made this video to give you some better insight. https://streamable.com/1z254

    Looking forward to tips, everything is welcome!
    Last edited by lukelumia950XL; 27 Sep 2017 at 16:01.
      My ComputerSystem Spec
  2.    27 Sep 2017 #2
    Join Date : Oct 2014
    Trnava
    Posts : 2,871
    Windows 10.4 Home 1709 x64

    These entries are required to start Windows, might have been damaged by malware.

    Code:
    reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "explorer.exe" /f
    reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t REG_SZ /d "C:\Windows\System32\userinit.exe," /f
    reg add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "explorer.exe" /f
    reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "BootExecute" /t REG_MULTI_SZ /d "autocheck autochk *" /f
    reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "SETUPEXECUTE" /t REG_MULTI_SZ /d "" /f
      My ComputerSystem Spec
  3.    27 Sep 2017 #3
    Join Date : Dec 2015
    Posts : 24
    Windows 10
    Thread Starter

    All these Registry's exist and have the same value. But just to clarify, windows is starting just not the GUI/ explorer.exe and CMD is randomly starting at boot.
      My ComputerSystem Spec
  4.    27 Sep 2017 #4
    Join Date : Oct 2014
    Trnava
    Posts : 2,871
    Windows 10.4 Home 1709 x64

    Check out possible explorer's hooks, like via Autoruns.

    I would suggest to remove everything, but that will really remove everything.

    Code:
    takeown /f "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup" /a /r /d y
    icacls "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup" /inheritance:r /grant:r Administrators:(OI)(CI)F /t /l /q /c
    del "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup\*" /s /f /q
    del "%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\*" /s /f /q
    reg delete "HKCU\Software\Microsoft\Command Processor" /v "AutoRun" /f
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /f
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved" /f
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /f
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" /f
    reg delete "HKCU\Software\Policies" /f
    reg delete "HKLM\Software\Microsoft\Command Processor" /v "AutoRun" /f
    reg delete "HKLM\Software\Microsoft\Policies" /f
    reg delete "HKLM\Software\Microsoft\Tracing" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\AppModelUnlock" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" /f
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "VMApplet" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" /f
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" /f
    reg delete "HKLM\Software\Policies" /f
    reg delete "HKLM\Software\WOW6432Node\Microsoft\Policies" /f
    reg delete "HKLM\Software\WOW6432Node\Microsoft\Tracing" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx" /f
    reg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" /f
    reg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "VMApplet" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" /f
    reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" /f
    reg delete "HKLM\Software\WOW6432Node\Policies" /f
    reg delete "HKLM\System\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /f
    reg delete "HKLM\System\CurrentControlSet\Control\SafeBoot" /v "AlternateShell" /f
    reg delete "HKLM\System\CurrentControlSet\Control\Session Manager" /v "BootExecute" /f
    reg delete "HKLM\System\CurrentControlSet\Control\Session Manager" /v "Execute" /f
    reg delete "HKLM\System\CurrentControlSet\Control\Session Manager" /v "SETUPEXECUTE" /f
    reg delete "HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" /v "StartupPrograms" /f
    reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "explorer.exe" /f
    reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t REG_SZ /d "C:\Windows\System32\userinit.exe," /f
    reg add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "explorer.exe" /f
    reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "BootExecute" /t REG_MULTI_SZ /d "autocheck autochk *" /f
    reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "SETUPEXECUTE" /t REG_MULTI_SZ /d "" /f
    bcdedit /deletevalue {current} safeboot
    bcdedit /deletevalue {current} safebootalternateshell
    bcdedit /deletevalue {default} safeboot
    bcdedit /deletevalue {default} safebootalternateshell
    bcdedit /set {default} advancedoptions false
    bcdedit /set {default} bootems no
    bcdedit /set {default} bootstatuspolicy DisplayAllFailures
    bcdedit /set {bootmgr} displaybootmenu no
    bcdedit /set {current} advancedoptions false
    bcdedit /set {current} bootems no
    bcdedit /set {current} bootstatuspolicy DisplayAllFailures
      My ComputerSystem Spec
  5.    27 Sep 2017 #5
    Join Date : Dec 2015
    Posts : 24
    Windows 10
    Thread Starter

    I ran the code, but didn't fix it. How do i check for possible explorer hooks? (I have autoruns) I uploaded the video My Movie - Streamable
      My ComputerSystem Spec
  6.    27 Sep 2017 #6
    Join Date : Oct 2014
    Trnava
    Posts : 2,871
    Windows 10.4 Home 1709 x64

    It looks to me like explorer.exe was replaced by cmd.exe, but SFC scan should fix that.

    Check out Autoruns, un-check to hide Microsoft entries and look for CMD, like this:
    Attached Thumbnails Attached Thumbnails capture_09272017_232309.jpg  
      My ComputerSystem Spec
  7.    27 Sep 2017 #7
    Join Date : Dec 2015
    Posts : 24
    Windows 10
    Thread Starter

    https://i.imgur.com/hOBiwYi.png
    https://i.imgur.com/Z1nfWI4.png

    This is what i get,

    i thought sfc should fix this aswell, but i updated sfc and ran it multible times and still no fix :/
    Attached Thumbnails Attached Thumbnails image.png  
      My ComputerSystem Spec
  8.    27 Sep 2017 #8
    Join Date : Oct 2014
    Trnava
    Posts : 2,871
    Windows 10.4 Home 1709 x64

    That "%comspec%" should not be there. If you type it into run, you will get just what you get at startup.

    Did you run my code in cmd as admin, because this one should fix that.

    Code:
    reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "explorer.exe" /f
      My ComputerSystem Spec
  9.    27 Sep 2017 #9
    Join Date : Dec 2015
    Posts : 24
    Windows 10
    Thread Starter

    I ran all 3 codes as admin now, (my mistake before..) But it dit not fix the problem. This is Autoruns now:
    Click image for larger version. 

Name:	image.png 
Views:	6 
Size:	231.5 KB 
ID:	155307
    It still shows comspec

    on this file location: HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    which is not changed in the code i believe
      My ComputerSystem Spec
  10.    27 Sep 2017 #10
    Join Date : Oct 2014
    Trnava
    Posts : 2,871
    Windows 10.4 Home 1709 x64

    Remove it via autoruns, but you might need to run explorer via task manager, if that cmd window will not start.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved Restart during boot (black screen before normal boot)
Good afternoon, Since couple of days my desktop PC has a problem that does not compromise its use but rather annoying When I press the button to turn it on it immediately restarts showing a black screen and after this reboot it starts booting up...
General Support
Can't access startup screen, boot up leads to black screen
Before explaining how i got here, i will explain what exactly is happening. When I boot up my computer i see the logo then text saying Preparing Automatic Repair with a loading icon. Then i would get a black screen that would sometimes show a cursor...
Performance & Maintenance
Screen Will Flash Black Several Times and Go Black (NOT ON BOOT)
Brand new Dell desktop with Windows 10 Without warning screen will flash black a few times and then go black. Only way to bring back is turn off and then back on. Happens maybe once a day....seems to be more on IE 11 but that could be...
General Support
Solved Black screen no cursor (Graphics card driver problems?)
Hey ya'll! I just updated from Windows 7 to Windows 10. Here's my specs: Alienware M15x - R1 Notebook Nvidia GeForce 8600M GT Intel Core2 Duo CPU T8100 @ 2.10GHz (if you need more specs let me know) So, I had problems going from Vista to...
Installation and Upgrade
Black screen on boot before login screen
Laptop: ​Gigabyte U2442 The issue is pretty much as stated in the title "​Black screen on boot before login screen". I've booted into safe mode and changed the startup up to diagnostic boot and it gets further. When in diagnostic mode it...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:43.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums