This morning our customer called me and said their computer was “blue screening”. When you hear someone is having a blue screen that is never good news, but I decided to try figuring it out. They told me the computer would start up just fine and would come up to the log on screen. Once they unlocked the computer and logged in, it would instantly “blue screen”.
I had the customer restart the computer and tap F8 until they got the “advanced boot options” in Windows 7. I had them select the option, “Safe Mode with Networking”. The computer booted up and our customer logged in just fine.
I connected with our remote program. I thought it might be just a graphics driver issue. I uninstalled the current graphics driver and installed a newer driver. I rebooted and to my chagrin nothing changed. I ran a Malwarebytes and Kaaspersky TDSSKiller scan. Malwarebytes found two small threats. I removed them. I also went into msconfig and disabled some of the startup items and services that weren’t necessary. I opened Event Viewer and checked on the logs. The logs didn’t tell me much. I rebooted the computer.
We let the computer start normally. I had the customer log into the computer and once again it “blue screened”. I questioned our customer a little more and she said it came up to a “blue screen” but the “blue screen” had no words on it. I became suspious that something else was wrong. I told her to go CTRL+ALT+DEL and let me know if anything came up. She listed the normal programs the come up in Windows 7. I told her to open Task Manager. I had her open Internet Explorer by selecting “New Task” and typing in “iexplore”. I had her run our remote program and I connected once again.
I looked around and became quite puzzled. I could start new tasks by using task manager but there was no start menu, taskbar, or wallpaper. There was just the stupid blue desktop background. After a bunch of troubleshooting, I was almost at my wit’s ends. I decided to go into Task Manager again. I went under the Processes tab and I noticed there were multiple explorer.exe processes running. I decided I would start killing the explorer.exe processes. After I killed the second one, boom; everything came in. The start menu, task bar, and the normal desktop background. I thought I had the problem solved. My hypothesis was, that for some reason the explorer.exe process got hung up in the memory even after the reboots. When I killed the old explorer.exe process everything came in just fine. I told the customer they were all fixed up.
It wasn’t much later and the customer had rebooted for some Windows Updates. She told me after she logged in, she got the blue background but nothing else. I was quite puzzled, I didn’t know what was happening. Here is some of the aditional troubleshooting I did and then the eventual fix I found.
- I tried the old trick of killing the explorer.exe process and starting a new explorer process. When I did that everything would come in normally. (Weird) However, when I would reboot ; I would be back to my blue desktop background.
- I found a Microsoft support article detailing what I was running into. I downloaded the hotfix and installed it. I rebooted and once again I had my blue background.
- I checked the Event Viewer and Msconfig again. I saw I had an error with the usb 3.0 driver. I decided to uninstall the USB 3.0 software to see if that made a difference, but it didn’t.
- I checked about doing a System Restore, but sadly the last restore point had been months before.
- I found another Microsoft support article about some registry fixes that would fix Windows 7 black screens. I checked the registry fix Microsoft suggested, and my computer was just fine.
Step One: Log into Windows and go CTRL+ALT+DEL. Select Task Manager.
Type regedit and select OK.
Step Three: Follow these registry edits.
When I was about ready to give up a came across this awesome forum thread. A fellow called “Lastresort” (how fitting ) had a couple registry edits that had fixed similar issues for him.
Here are the registry keys that need deleted.
I checked this first registry string and my computer was fine.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
My computer had the following registry string.
I then did two restarts and both times the customer was able to log onto the computer just fine.
Once those key(s) are deleted your desktop and Internet Explorer should come back to life. Thank you so much for the awesome tip, lastrestort.
Update 2/7/2015: I ran into the same issue again recently. After the customer would log into his Windows 7 computer only a black background with a cursor would appear. However, the resolution for his issue was different.
First I had to go into Task Manager and kill the existing explorer.exe process. Then I started a new task and launch explorer.exe again. This brought Windows 7 back to normal.
The customer tried to download Mozilla Firefox and in the process downloaded Taplika software. Taplika is a PUP (Potentially Unwanted Program). This program changes your search engines, pops up advertisements, and in general slows down your computer. This program was preventing Windows Explorer from launching correctly and then our customer was getting a black wallpaper with his cursor. Once I had this program uninstalled everything worked fine again.
I do advise you to reset your browsers to factory defaults and run a full computer scan with Malwarebytes. I did a reboot of his computer and everything was back to normal.
Just a small update since this last post update. I have had a couple instances the past couple weeks with Taplika or a similar malware program messing up the Explorer.exe shell. I recommend also running Adware Cleaner to remove this infection. Here is a forum thread that may describe what some of you are running into.
Let me know if this post helps you, by posting in the comments. This was posted by techspeeder.