Win7 almost loads desktop (after malware cleanup)


  1. ftcnet
    Posts : 3
    7 Home Premium x64 build 7601 SP1
       New #1

    Win7 almost loads desktop (after malware cleanup)


    My friend brings me his Win7Pro laptop with some newish variant of the Ukash malware (Trojan.Winlock). System Restore didn't work, so I used the Admin account to run Malwarebytes scan which helped. His usual login account (Fred) has admin privs, but just before it should load the desktop, it shows a black screen with just a CMD (DOS window) at the C:\Windows\system32 prompt. Typing 'explorer' loads desktop as expected.

    The Admin login goes to desktop -no problem, but Fred (admin) login stops at CMD (DOS Windows) and requires 'explorer' command to proceed to desktop.

    The registry entry Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor \
    had an AUTOBOOT entry to some random named file which I removed. Apparently there's still something else I need to find.

    Any suggestions or ideas on how to resolve this would be most appreciated. Thanks,
      My Computer
    Quote Quote

  3. centaur78
    Posts : 1,454
    Windows 7 ultimate x64
       New #2

    Please run Autoruns and then click on File> Save.. Save the file in .arn format and upload here. Will have a look
      My Computer
    Quote Quote

  4. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #3

    ftcnet said:
    My friend brings me his Win7Pro laptop with some newish variant of the Ukash malware (Trojan.Winlock). System Restore didn't work, so I used the Admin account to run Malwarebytes scan which helped. His usual login account (Fred) has admin privs, but just before it should load the desktop, it shows a black screen with just a CMD (DOS window) at the C:\Windows\system32 prompt. Typing 'explorer' loads desktop as expected.

    The Admin login goes to desktop -no problem, but Fred (admin) login stops at CMD (DOS Windows) and requires 'explorer' command to proceed to desktop.

    The registry entry Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor \
    had an AUTOBOOT entry to some random named file which I removed. Apparently there's still something else I need to find.

    Any suggestions or ideas on how to resolve this would be most appreciated. Thanks,
    In Fred account check:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    and
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    and

    HKEY_Current_User\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
      My Computer
    Quote Quote

  6. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #4

    display screenshot of fred's HKEY_CURRENT_USER\Software\Microsoft\Command Processor
      My Computer
    Quote Quote

  7. ftcnet
    Posts : 3
    7 Home Premium x64 build 7601 SP1
    Thread Starter
       New #5

    .. thanks all for the replies with useful suggestions. Fred says his boss is getting him a new laptop, so he's OK with it the way it is until the new laptop arrives in a day or so.
      My Computer
    Quote Quote

 

  Related Discussions
As soon as I log on, for the first 40 seconds, as the icons are loading the laptop is fine. A minute in the destop freezes, I can't do anything and the only thing that moves is the mouse. I've tried safemode and it works fine on safemode. Last night I turned off my Laptop manually before a...
Malware cleanup
in System Security

I had uninstalled the program yesterday and reinstalled it. This scan took about 10 minutes and then said "failed" after finding 27 processes. I ran it agin, but don't see a way to save a log. It said 17 processes, but this is all I see. I've included a pic.
desktop cleanup
in General Discussion

How do I disable the infernal obnoxious and useless desktop cleanup that keeps deleting the shortcuts I put on the desktop.
BSOD after desktop loads
in BSOD Help and Support

Hi all, Been getting the BSD for the last 3 months, roughly at one per month, always just after the desktop loads. It all seemed to start when I tried to overclock my ATI Radeon HD5670 graphics card to get a bit more oomph out of it. I used the official ATI Catalyst Overdrive software and let it...
Desktop Cleanup Wizard
in General Discussion

Ok, anybody.. where's the evasive Desktop Cleanup Wizard in 7?
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:26.
Find Us