A system was recently brought to me which had been badly infected with malware and other nasties. After much scanning and cleaning, the system was back in a usable state with one massive quirk:
Whenever an administrator logged onto the system the explorer shell wouldn't seem to launch - i'd just get a plain black screen. This was the case for all admin users, new or old.
On further investigation, there was an app running called "runonce", and when this was killed from the task manager the system booted correctly.
By checking the registry I found a left over key from all my cleaning work (HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce) which was launching a piece of software to take control of Chrome.
With this key removed, all of the admin profiles starting logging in correctly again
So I hope that helps someone; had I checked the key in the first place I wouldn't have experienced this problem the first place.
PS.
Massive shout out to Malware Bytes Anti-Rootkit (https://www.malwarebytes.org/antirootkit/) - best root kit removal software I've used to date and it's only beta.
Whenever an administrator logged onto the system the explorer shell wouldn't seem to launch - i'd just get a plain black screen. This was the case for all admin users, new or old.
On further investigation, there was an app running called "runonce", and when this was killed from the task manager the system booted correctly.
By checking the registry I found a left over key from all my cleaning work (HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce) which was launching a piece of software to take control of Chrome.
With this key removed, all of the admin profiles starting logging in correctly again
So I hope that helps someone; had I checked the key in the first place I wouldn't have experienced this problem the first place.
PS.
Massive shout out to Malware Bytes Anti-Rootkit (https://www.malwarebytes.org/antirootkit/) - best root kit removal software I've used to date and it's only beta.
