System 32

Joined
Dec 29, 2015
Messages
1
Reaction score
0
Evedy time i start up i get a black window saying system 32 cmnd exe and then windows cant find it how can i stop this happening
 

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
13,411
Reaction score
2,319
Hello and welcome to the forum.
Is that a typo?
IF not there is not or at least should not be a file called "cmnd.exe" and may possibly be some type of malicious software
See if you can spot what's calling it.

Open taskmanager and check the startup tab, see if it is listed there.
Check C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
And
C:\Users\YourUserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
and failing either or both of those look to these registry locations but of course back it up, create a restore point manually, and export the key prior to editing for safe keeping.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You can also use AutoRuns from SysInternals, which may also help locate the problem. https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Hi johnroy,

CMD.exe is not a System file that would normally startup during boot time.

Have you had any malware/virus infections lately that you cleaned up?


Its possible something attempted to take over this shell and a antivirus program removed that but did not succeed in removing a registry entry created which is trying to call it.

As I'm typing this I see Trouble has also replied and he has mentioned the likely registry keys that may contain a String value or even a DWORD value which is calling this.

That certainly would be the first place I'd take a look too.

You can safely delete any entries in any of the registry keys Trouble mentioned that refer to this file, and after deleting it try restarting the computer.

Another possibility is a scheduled task has been created that is calling this file.


If something has truly gone wrong and removed cmd.exe from your C:\Windows\System32 folder, then this can be recovered by running Windows PowerShell in Administrator mode and then using the command:

Code:
SFC /SCANNOW

Press Enter key to execute.

You can type powershell in your Search field then right-click on Windows PowerShell in the search results and select Run as administrator to open Windows PowerShell in Administrator mode.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top