Stuck at System 32

Hi

Our Dell family laptop has either got a bug or some kind of software/hardware failure.

Two days ago when it booted up it got to the desktop screen and then started to freeze with the icon beach balling.

After a few restart attempts it is now stuck on a black screen with a cmd.exe mini screen with the C:\Windows\system32> up. This is the same on each reboot.

We have downloaded the programmes recommended Roguekiller etc but don't know how to run these from the screen we are at. Can anyone help?

 

It's a Dell Xpsl502x

Windows7

The screen behind the cmd.exe box is completely black.

 

F8 brings Windows Error Recovery up but options I have tried lead back to the same screen. Good chance I am choosing the wrong option however.

 

Instead of the completely black screen it has safe mode in each corner when using F8

 

Do you have any sort of boot disk available, like a program rescue disk or a Windows 7 repair disk? Windows Installation disks?

If you are posting messages from a computer that's running Windows 7 you can make a Repair Disk using the optical drive of the computer you are posting from (assuming that the computer you're on has an optical drive). If the laptop has no CD/DVD drive then the repair disk won't help you in this instance but it's always good to have one handy, so go ahead and make one regardless.

http://windows.microsoft.com/en-us/windows7/create-a-system-repair-disc

If both computers have an optical drive and you were able to create a Repair Disk, then pop it into the laptop's CD/DVD drive and reboot the broken computer. That should boot up to the Windows Repair environment.

 

Sounds like a hung registry entry.

Type start explorer.exe
Does your desktop appear?

Type start regedit.exe
Does it open the Registry Editor?

Type tasklist
List off the names please (don't need the full info)

 

Desktop does appear and I can get Registry Editor. When I type tasklist a box springs up data zooms down and the box instantly disappears.

 

I unfortunately don't have a repair disk to hand.

 

Registry Editor opens correct?

****DO NOT MAKE ANY CHANGES SIMPLY REPORT****


Navigate to the following keys and tell me what is in there.
If you find any values that are weird looking or have a long file path, feel free to mention them

HK_Local_Machine\Software\Microsoft\Windows NT\Current Version\Winlogon\

Looking Under "Shell", should only have explorer.exe in the value

Userinit, post the entire string

HK_Current_User\Software\Microsoft\Windows NT\Current Version\Winlogon\

Looking Under "Shell", should only have explorer.exe in the value
(If you see no "shell" value here, this is fine)

Userinit, post the entire string
(If you see none, this is fine)


HK_Classes_Root\CLSID\{fbeba05-(forgot the rest)\Parameters\
The key value listed there should say "%Systemroot%\system32\shell32.dll" if it does not have that, post what it says



EDIT - I just re-read and saw that your desktop does appear now. You can skip the step I posted above and proceed with normal Malware removal steps, your choice.

 

Shell only has explorer.exe
Userinit C:\Windows\system32\userinit.exe,

No Shell and no Userinit in the second one.

No HK_Classes_Root\CLSID\{fbeba05 file path

But I have ran the scans and will attach in next message.

 

Attached are the logs requested in Malware scans.

Thanks for the continued assistance.

 

The no malware is good news but I still switch on and after I log on I get the black desktop screen with the cmd.exe black panel with C:\Windows\system32>

The way I have been getting to the desktop is to type explorer.exe. Once there all basics like sound, internet, avg, Intel turbo boost technology are not working.

I hope to source a windows 7 disk soon. This all started when my desktop started to freeze minutes after logging in.

 

Not sure exactly what you mean by "source a windows 7 disk" but if it's an installation disk you're after and you own a legal copy of Windows 7 then you can download a Windows 7 (32-bit & 64-bit) ISO file that you can burn to DVD and use legally by entering your own Microsoft Windows 7 product key:

http://www.askvg.com/direct-downloa...nd-untouched-windows-7-iso-32-bit-and-64-bit/

Here's the disclaimer from the site:

"DISCLAIMER: The download links given in this topic are genuine and absolutely legal. You should have a valid product key with you to be able to install Windows 7 using these ISO files. If you don't enter a product key, Windows will run only for 30 days.

When we purchase a new computer, it comes pre-installed with an OS, most of the times the OS is Microsoft Windows. Now almost all new computer systems are coming pre-installed with Windows 7.

Some computer manufacturers provide a recovery disc with their computers so that you can restore the OS in case you face problems while starting Windows.

But what would you do if you didn't get the recovery disc or if you lost the recovery disc. Even if you have your genuine product key noted down in your diary or printed on the backside of your computer, you can't use it to reinstall Windows because you don't have the setup disc.

To solve your problem, we are going to list direct download links for Windows 7. These are genuine and official download links. Its completely LEGAL to use them as they are hosted by "Digital River" online store which is an official distribution partner of Microsoft. These ISO files don't come with a product key. You'll need to use your own product key to activate Windows. The links provide an untouched Windows 7 ISO which is a fully functional 30-day trial version which can be converted into full version after entering your product key and activating it."

Here' the file list of what can be downloaded from this site:

Download Windows 7 Professional with Service Pack 1 (SP1):

English 32-bit
English 64-bit
Chinese 32-bit
Chinese 64-bit
Danish 32-bit
Danish 64-bit
Dutch 32-bit
Dutch 64-bit
Finnish 32-bit
Finnish 64-bit
French 32-bit
French 64-bit
German 32-bit
German 64-bit
Italian 32-bit
Italian 64-bit
Korean 32-bit
Korean 64-bit
Norwegian 32-bit
Norwegian 64-bit
Portuguese 32-bit
Portuguese 64-bit
Spanish 32-bit
Spanish 64-bit
Swedish 32-bit
Swedish 64-bit

Download Windows 7 Home Premium with Service Pack 1 (SP1):

English 32-bit
English 64-bit
French 32-bit
French 64-bit
Spanish 32-bit
Spanish 64-bit

Download Windows 7 Ultimate with Service Pack 1 (SP1):

English 32-bit
English 64-bit
French 32-bit
French 64-bit
Spanish 32-bit
Spanish 64-bit

Download Windows 7 Professional RTM without SP1:

English 32-bit
English 64-bit
Chinese 32-bit
Chinese 64-bit
Danish 32-bit
Danish 64-bit
Dutch 32-bit
Dutch 64-bit
Finnish 32-bit
Finnish 64-bit
French 32-bit
French 64-bit
German 32-bit
German 64-bit
Italian 32-bit
Italian 64-bit
Korean 32-bit
Korean 64-bit
Norwegian 32-bit
Norwegian 64-bit
Portuguese 32-bit
Portuguese 64-bit
Spanish 32-bit
Spanish 64-bit
Swedish 32-bit
Swedish 64-bit

Download Windows 7 Home Premium RTM without SP1:

English 32-bit
English 64-bit
German 32-bit
German 64-bit
French 32-bit
French 64-bit
Spanish 32-bit
Spanish 64-bit

I've downloaded a copy, burned it, and used it successfully, so it's legit. Hope that helps.

 

Thanks to you both. I will try the latter suggestion first and see how I get on but i have the product key and will definitely do the former also for any future difficulties.

I will let you know how I get on.

 

I have run Windows Repair - it didn't take that long to complete. Unfortunately there does not seem to be any change after running the repair.

Attached is the requested log and I have also attached a picture of what the desktop screen looks like after logging in.

I have also deleted the user account with no password.

 

plodr: I checked both those keys and could see neither - I have attached pictures of what was in both just to be sure. Not sure where to go next....

Rustysavage: I have also downloaded the ISO. When I run the burned CD it comes up with Install Now. Is this a complete reinstall?

 

The data is currently explorer.exe in that path.

 

There is a system32\hkcmd.exe in one of 3 Intel Common User Interface startup items. ??

 

There is way too many things that need to be checked in a time like this.

Walking through these steps over forums is a bit tedious at best.


If the PC has an internet connection and if you are willing, I will offer to do a remote desktop connection sometime and take a look.
All of my expierence comes from remoting to PC's and troubleshooting from there.

Up to you

 

Plodr: No sign of it that I can see in autoruns and checked entry and image paths five times.

I don't have much stored in the laptop so getting to the stage of accepting a complete reinstall might be the best option.

 

Allow me to second that suggestion (and third and fourth it as well).
Here are a few suggestions for backup programs that do disk imaging:

AOMEI Backupper (freeware) http://www.backup-utility.com
Macrium Reflect (freeware) http://www.majorgeeks.com/files/details/macrium_reflect_free_edition.html
Paragon Drive Backup (freeware) http://www.majorgeeks.com/files/details/paragon_drive_backup.html
O&O DiskImage Express (freeware) http://www.majorgeeks.com/files/details/oo_diskimage_express.html
EaseUS ToDo Backup (freeware) http://www.majorgeeks.com/files/details/easeus_todo_backup_free_edition.html
Acronis TrueImage (shareware) http://www.majorgeeks.com/files/details/acronis_true_image_home_2013.html
NovaStor NovaBACKUP (shareware) http://www.majorgeeks.com/files/details/novabackup.html