Question Cant startup win10. Problem with REGEDIT and CMD..

[orion_o]

Since a few days ago i noticed i cant open my cmd window, or to be more exact, it opens and closes after a split second.
Googling about this led me to this article, which basically told me to mess with a registry key (i didnt really know what i was doing so i just followed whatever was in this link) and remove the autorun key.
The problem was solved as i could access cmd, but a new and more serious problem emerged: After rebooting the PC, it sent me directly to a cmd window with no further access to my pc. Closing this window just gave me the black screen that is behind it with no options to get to my desktop at all. This also happens in safe mode.

Side note: I do have a backup system in the same pc (running on an HDD), while this main system is running on an SSD. So right now i do have access to all my files using my slow system on my HDD.

I've tried to repair my pc but the troubleshooting window didnt help much in 3 ways (used a bootable win10 iso installation on a USB stick to get to the repair pc option):

1) Actual torubleshooting window said it couldnt repair my pc.

2) System image restore didnt work because of this reason.

3) System restore (from a restore point) also didnt work because of this reason.
(which begs the question: How can i select sysetm restore after choosing my OS to run?)

 

[Eximo]

#1 thing I would suspect is malware. They often disable command prompt and other system utilities to make it harder to remove them.

Head over to bleepingcomputer.com and try out their combofix application. They'll also recommend using Anti-MalwareBytes to clean up any common nasties.

 

[britechguy]

If you seek help at Bleeping Computer do so on their Virus, Trojan, Spyware, and Malware Removal Help forum and follow the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.

It makes the whole experience much easier for those assisting and the individual seeking help.

 

[orion_o]

Doesnt seem to be supported by win10 (gave me an error msg).
If its a malware, i can try other programs like malwarebytes, right?
Also, i just want to emphasize that the problem is human error, of solving another problem that may or may not be malware related... So i doubt this will fix the base problem of removing an important registry key.

 

[britechguy]

The following is not written to rub salt in an open wound, but it is a teachable moment: Never, ever, ever start poking around in the system registry if you have no idea about what you're doing, and proceed with great caution, and only after having taken a registry backup, even if you do.

You should also, regardless of who you are, be taking routine full system image backups so you have them to recover from when disaster strikes, whether that disaster is self-inflicted or not. If you have a full system image backup from which to recover then that's what you should do.

 

[orion_o]

Yea well thats one of the issues, as stated in my original post, that i cant restore my image for some reason (reason specified in a screenshot but i cant really understand what it wants from me).
I'd like someone to look at these error messages and instruct me how to proceed from there.

As for the registry keys, yea i was aware that i was putting myself in a landmine, but i didnt know a backup for registry was a thing, and i was following orders from an online solution that seemed to work. I know it was my fault but yea 'what can you do about it', but a lesson for the future.

Also a very important side note: I cant tell for certain the issue derived from malware, and if it has, should a normal pc with no malware experience the same issue if the autorun key was removed that way?
I feel like i need to remind you that my issue right now is about the human error i've done myself, not a malicious program in my machine. So i really doubt posting this in their malware forum is a good idea.

 

[britechguy]

Just to make clear, I am not talking about Windows System Restore. Windows System Restore is great if and when it works, but it very often doesn't, and should never be relied upon as a first line of defense.

I am making reference to a full system image backup created using a utility such as Macrium Reflect, AOMEI Backupper, EaseUS To Do Backup, or the like which takes a "perfect snapshot image" of your system, as it exists when the backup is kicked off, and allows you to restore that image in the event of any sort of disaster (most often drive failure where the main system drive dies and must be replaced, but your own situation would be another example).

Unfortunately, I really don't have any good idea regarding getting you out of the situation you find yourself in if you do not have a full system image backup from which you could restore.

 

[orion_o]

So in other words i will wait for others to reply.
Gonna try that website u suggested and hope for the best.
Thanks anyway.

 

[britechguy]

The issue being that it's entirely unclear whether your own actions are the root cause of the issues (which is most likely) or not.

Definitely give the full scenario regarding what's come before no matter where you ask for help on this.

My guess is that, in the end, you will end up having to recover whatever user data files are on your system drive (if any at all) by copying them off when connecting that drive as an external drive to another computer, then putting it back and doing a completely clean install of Windows 10. I hope not, but everything that's been offered by you so far suggests to me that this is one of those "you can't un-ring a bell" situations.

 

[Eximo]

The way I look at it, a problem developed and you tried to tackle the symptom, not the cause. Your fix for the symptom may have broken the theoretical malware and is causing your system to not start properly, under any condition. Which would make other tasks a bit difficult.

Further reading on the stackoverflow thread that malware was the root cause:
"Glad I was able to help. In the end of the day I've also found the root cause of such behaviour. Some Chinese hacker was trying to hijack my machine by attacking exposed MSSQL ports and executing system cmd commands by SQL server. Good firewall and network protection solved issues immediately "

Command prompt doesn't just stop being launchable on its own.

You might be able to correct your registry change by editing the hive directly, but that is exposing whatever working system you have to potential infection.

Probably worth a fresh install.

 

[orion_o]

Update: I was able to gain access to my ssd system by typing 'explorer.exe' at the cmd window i get on startup (this solution was taken from my bleepingcomputer thread found here. I do know that whatever threat i have is still there tho. Am trying to fix this with the instructions i get from their helpers, unless i get a better solution from here.

Honestly, the best thing that happened from this situation is knowing more tech forums
Side question: Is there a facebook group for this website that people can post questions about pc issues (not just a fan page)?

 

[britechguy]

Do not, and I mean not, try following instructions from multiple sets of assistants at once, particularly in the case of virus/malware removal.

You need to see through a process from start to finish with a single assistant (or assistants on a single site). You can really screw things up royally if you are following conflicting (and I'm not saying wrong, but simply steps that conflict with each other) advice at the same time and neither side of the advice giving knows that this is going on.

See the process from BC through if you have started it and are being guided through.

 

[USAFRet]

First off, as alluded to above:

What is your backup situation at home?

What is your backup situation at home? And if you don't do that, why not? Every single day, I read multiple threads here of "How do I get my stuff back?" or "That drive had 5 years of photos of my kids!!" Be it a dead drive, dropped phone, virus, accidental deletion, formatting the wrong...

forums.tomshardware.com

Secondly, trying to "fix" whatever ails this system.
I'd seriously consider doing a full wipe and reinstall. Getting a cmd window at startup and having to enter explorer.exe to get tot he desktop smacks of deep underlying issues.
Even if you make that commandline window go away, the root cause is still there.

 

[britechguy]

I'd seriously consider doing a full wipe and reinstall.

That would, without question, be the safest thing to do at this juncture.

There has already been enough "mucking around" before the first post that I would not have any confidence in the long-term stability of that Windows 10 installation even if it appeared to be fixed.

There are times when extracting your user data so you have it to restore then starting with a completely clean slate is the least painful of the options (and that's not to say it's not without pain). Afterward, you, any you, had darned well better acquire an external backup drive, a third-party backup utility of your choosing, and institute a regular backup protocol for your machine.

 

[orion_o]

I do have, and use, a 1TB external hdd from time to time, as well as a mega.nz account, to back up some files i dont want in my pc, but they're are mostly big and non important files like games and movies. i dont have much valuable info in my pc that i cant really obtain again, i just didnt want to reinstall windows, again, because of this regedit mistake, but it seems you're all conviced its the right thing to do, so i may do just that in the following days.
As for image backups, im not really aware of how to do that. I have done a system image backup once, 2 months ago, but as my OP states, i cant have access to it via troubleshooting, so how much it is worth, i dont know (would love to get insight of why i cant access that image).
And as for periodic system restore points, i will also need to figure that out (thought i have already).

So.. about my side question... Is there a fb group for this site to also make posts about pc issues? That would be great.

 

[britechguy]

I have never known of any technical support group on Facebook (or not one worth anything, anyway).

Forums like Tom's Hardware, Tom's Guide, Bleeping Computer, Geeks To Go, and similar exist for a reason. Social media is not conducive to the sort of detailed interaction needed to dig through complex problems and, probably more importantly, not nearly so easy to search as the archival material on a forum is.

You are confusing a number of things:

1. Windows System Protection is what you use to take restore points and use those (or potentially use those - they often fail) to restore your system's registry. They are in no way a full backup mechanism. I consider System Protection to be a "possibly useful convenience" for undoing something like the install of a new piece of software. It should not be relied upon, as it is unreliable.

2. Full system images are exactly what their name states. The utilities (some of which I've previously mentioned) that take these are taking an exact image of your system's state including the entire operating system and user data as well at the point in time that you start taking one. When you need to recover using these, you most commonly use bootable media (whether USB or on optical media) that you create when you install the utility should the need to recover ever arise. The system images themselves are kept on a drive external to the machine which is being imaged. Given the rise of ransomware, those external backup drives should only be connected when taking a system image or recovering from one. Otherwise they could be encrypted if they're active and then your backups are as useless as all your other files are once encrypted.

3. User data backups as a separate thing are also vital, but are not a substitute for a full system image backup. I take a monthly full system image backup on all of my machines, alternating the backup drive used so that even month backups are on one and odd month backups are on the other. I use EaseUS To Do Backup to take those. My user data backups are taken using the built-in Windows 10 File History feature.

 

[USAFRet]

As for image backups, im not really aware of how to do that. I have done a system image backup once, 2 months ago, but as my OP states, i cant have access to it via troubleshooting, so how much it is worth, i dont know (would love to get insight of why i cant access that image).
And as for periodic system restore points, i will also need to figure that out (thought i have already).

So.. about my side question... Is there a fb group for this site to also make posts about pc issues? That would be great.

The 'How to' on backup images is outlined in my post link above.
My tool of choice is Macrium Reflect. The free version works just fine.
I have the paid version on my main system, and Free on all the other systems in the house.

My 3 main systems do some form of image backup every night. 10 drives, across all 3 systems.
All automated hands off, until I need to recover something.

So.. about my side question... Is there a fb group for this site to also make posts about pc issues? That would be great.

No there is not. And given how FB comments flow..I can't believe it would be any better than standing in a crowded room, whispering a question.

 

[orion_o]

Thanks i will check this app out.