On two of my Win10 systems, I can swap between Powershell and command
prompt. But on the third there's a most peculiar problem. Settings/Personalisation/Taskbar has the option to switch between the
two. When I set it to CMD, CMD appears for a second in a tiny window and
then disappears. I can't get it to stay put.

I've run DISM and sfc, have the latest 22H2 19045.5796 build.

Ed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 4/25/2025 5:36 AM, Ed Cryer wrote:

On two of my Win10 systems, I can swap between Powershell and command prompt. But on the third there's a most peculiar problem.
Settings/Personalisation/Taskbar has the option to switch between the two. When I set it to CMD, CMD appears for a second in a tiny window and then disappears. I can't get it to stay put.

I've run DISM and sfc, have the latest 22H2 19045.5796 build.

Ed

Okay, open the Settings, type "Relia" in the search box
and locate the Reliability Monitor. Check the events of
today, and see if anything is recorded for your disappearing
shells. If the entry for the cmd.exe croaking has an error
number, run it through Google and see what the error indicates.
(As long as it is not "Something Happened" of course.)

Another way to look at an error number, is with the
command line error number lookup tool (which you would
have to run on another computer at the moment).

https://www.microsoft.com/en-us/download/details.aspx?id=100432

Err_6.4.5.exe File Size: 2.2 MB

There are lots of errors that aren't in there,
like the newly created error numbers.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer <ed@somewhere.in.the.uk> wrote:

On two of my Win10 systems, I can swap between Powershell and command
prompt. But on the third there's a most peculiar problem. Settings/Personalisation/Taskbar has the option to switch between the
two. When I set it to CMD, CMD appears for a second in a tiny window and
then disappears. I can't get it to stay put.

I've run DISM and sfc, have the latest 22H2 19045.5796 build.

Not sure what config wizard setting to which you refer. When I
right-click on a blank area of the Taskbar, click on Taskbar Settings in
the context menu, I don't see a toggle choosing between Command or
Powershell. I see:

Replace Command Prompt with Windows PowerShell in the menu
when I right-click the start button or press Windows key+X.

The only times I start cmd.exe this way is when reading some online help
file on starting cmd.exe. I use a shortcut to cmd.exe, and the shortcut
is in a toolbar in the Taskbar configured to run with admin privs (so
the UAC prompt appears). I can also click on the Start menu button, and
enter "cmd" which shows Command Prompt as a match. The first match
opens in non-admin mode. Another match let me click on its rightward
chevron to get more choices, like Open or Run as administrator.

How are you starting cmd.exe? If using a shortcut, make sure to add the
/k command-line argument to keep open the console window, like:

cmd.exe /k

Normally, when cmd is done running whatever your told it to run, the
console window closes, because the cmd shell unloads after running
whatever you told cmd.exe to run. You want to keep the shell loaded, so
add /k switch. Also check which cmd.exe the shortcut specifies. Have
it point at the one under the system32 folder.

In Task Manager, check if any instances of cmd.exe are running. If so,
kill them. You don't say how you run cmd. Try the following:

- Bring up the Task Manager (Ctrl+Shift+Esc).
o Select the Details tab.
o Click on the Name column header to sort by process name.
o Scroll down to where the C's would start.
o Check there are no running instances of cmd.exe
- Run cmd.exe:
o Bring up the Run dialog (Win+R).
o Or, use the File -> Run new task menu in Task Manager.
- Enter: cmd.exe. Include the .exe extension. Click OK.

See a console window now?
Did the console window stay open?
In Task Manager, did you see cmd.exe show up?

If you saw cmd.exe show up in Task Manager, but only temporarily, and
its console window did not stay open, do the above again; however,
instead of relying on pathing to find the cmd.exe executable file, enter
the full path to the executable: c:\windows\system32\cmd.exe.

Look in Event Viewer to see if an error got reported when trying to load cmd.exe.

cmd.exe is one of the programs often attacked by malware to prevent the
user from have a low-level tool to undo the malware. Run a full scan
using your anti-virus software. If using Windows Defender, see:

https://learn.microsoft.com/en-us/defender-endpoint/command-line-arguments-microsoft-defender-antivirus

and run:

mpcmdrun.exe -scan -scantype 2

Defender's manual scan is slow, so it will take a long time to complete.
If its console window disappears after it completes, so you don't get to
see its output, pipe stdout into a file to open in Notepad, like:

mpcmdrun.exe -scan -scantype 2 > %temp%\mpscan.txt & notepad %temp%\mpscan.txt

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

VanguardLH wrote:

mpcmdrun.exe -scan -scantype 2 > %temp%\mpscan.txt & notepad %temp%\mpscan.txt

Thanks for jumping to help.

No sign of CMD in Task Manager, nor in Reliability Monitor.
The shortcut points to the version in system32, which I tried by
clicking on it in situ; same brief flash.
Cmd.exe and cmd.exe/k produce the same phenomenon.
I've run DISM and sfc /scannow again, plus done a full chkdsk c: /f /r.
I'm now running a full Windows Defender scan; fingers crossed.

Ed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 25/04/2025 14:42, Ed Cryer wrote:

VanguardLH wrote:

mpcmdrun.exe -scan -scantype 2 > %temp%\mpscan.txt & notepad
%temp%\mpscan.txt

Thanks for jumping to help.

No sign of CMD in Task Manager, nor in Reliability Monitor.
The shortcut points to the version in system32, which I tried by
clicking on it in situ; same brief flash.
Cmd.exe and cmd.exe/k produce the same phenomenon.
I've run DISM and sfc /scannow again, plus done a full chkdsk c: /f /r.
I'm now running a full Windows Defender scan; fingers crossed.

Ed

There are often multiple copies of cmd.exe in the Windows folder. Try
another one, eg C:\Windows\SysWOW64\cmd.exe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer wrote:

VanguardLH wrote:

mpcmdrun.exe -scan -scantype 2 > %temp%\mpscan.txt & notepad %temp%
\mpscan.txt

Thanks for jumping to help.

No sign of CMD in Task Manager, nor in Reliability Monitor.
The shortcut points to the version in system32, which I tried by
clicking on it in situ; same brief flash.
Cmd.exe and cmd.exe/k produce the same phenomenon.
I've run DISM and sfc /scannow again, plus done a full chkdsk c: /f /r.
I'm now running a full Windows Defender scan; fingers crossed.

Ed

Full scan ok. 57 mins. Zero threats found.
No mention of CMD in Event Viewer.
The version of CMD in SysWOW64 has the same disappearing behaviour.

However, I installed Administrator account and it works just fine from
there. And the file location is the same as my user.

I'm pondering whether to run a full system repair - download Win10
latest. But there's no sign of any other problem, and this one seems too
minor to warrant such extensive attention. I can use Powershell, and, in
case of necessity, CMD in Administrator account.

Ed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Li4ud2luc3RvbiB3cm90ZToNCj4gVmFuZ3VhcmRMSCB3cm90ZToNCj4+IEVkIENyeWVyIDxl ZEBzb21ld2hlcmUuaW4udGhlLnVrPiB3cm90ZToNCj4+DQo+Pj4gT24gdHdvIG9mIG15IFdp bjEwIHN5c3RlbXMsIEkgY2FuIHN3YXAgYmV0d2VlbiBQb3dlcnNoZWxsIGFuZCBjb21tYW5k DQo+Pj4gcHJvbXB0LiBCdXQgb24gdGhlIHRoaXJkIHRoZXJlJ3MgYSBtb3N0IHBlY3VsaWFy IHByb2JsZW0uDQo+Pj4gU2V0dGluZ3MvUGVyc29uYWxpc2F0aW9uL1Rhc2tiYXIgaGFzIHRo ZSBvcHRpb24gdG8gc3dpdGNoIGJldHdlZW4gdGhlDQo+Pj4gdHdvLiBXaGVuIEkgc2V0IGl0 IHRvIENNRCwgQ01EIGFwcGVhcnMgZm9yIGEgc2Vjb25kIGluIGEgdGlueSB3aW5kb3cgYW5k DQo+Pj4gdGhlbiBkaXNhcHBlYXJzLiBJIGNhbid0IGdldCBpdCB0byBzdGF5IHB1dC4NCj4+ Pg0KPj4+IEkndmUgcnVuIERJU00gYW5kIHNmYywgaGF2ZSB0aGUgbGF0ZXN0IDIySDIgMTkw NDUuNTc5NiBidWlsZC4NCj4+DQo+PiBOb3Qgc3VyZSB3aGF0IGNvbmZpZyB3aXphcmQgc2V0 dGluZyB0byB3aGljaCB5b3UgcmVmZXIuwqAgV2hlbiBJDQo+PiByaWdodC1jbGljayBvbiBh IGJsYW5rIGFyZWEgb2YgdGhlIFRhc2tiYXIsIGNsaWNrIG9uIFRhc2tiYXIgU2V0dGluZ3Mg aW4NCj4+IHRoZSBjb250ZXh0IG1lbnUsIEkgZG9uJ3Qgc2VlIGEgdG9nZ2xlIGNob29zaW5n IGJldHdlZW4gQ29tbWFuZCBvcg0KPj4gUG93ZXJzaGVsbC7CoCBJIHNlZToNCj4+DQo+PiDC oMKgIFJlcGxhY2UgQ29tbWFuZCBQcm9tcHQgd2l0aCBXaW5kb3dzIFBvd2VyU2hlbGwgaW4g dGhlIG1lbnUNCj4+IMKgwqAgd2hlbiBJIHJpZ2h0LWNsaWNrIHRoZSBzdGFydCBidXR0b24g b3IgcHJlc3MgV2luZG93cyBrZXkrWC4NCj4+DQo+PiBUaGUgb25seSB0aW1lcyBJIHN0YXJ0 IGNtZC5leGUgdGhpcyB3YXkgaXMgd2hlbiByZWFkaW5nIHNvbWUgb25saW5lIGhlbHANCj4+ IGZpbGUgb24gc3RhcnRpbmcgY21kLmV4ZS7CoCBJIHVzZSBhIHNob3J0Y3V0IHRvIGNtZC5l eGUsIGFuZCB0aGUgc2hvcnRjdXQNCj4+IGlzIGluIGEgdG9vbGJhciBpbiB0aGUgVGFza2Jh ciBjb25maWd1cmVkIHRvIHJ1biB3aXRoIGFkbWluIHByaXZzIChzbw0KPj4gdGhlIFVBQyBw cm9tcHQgYXBwZWFycykuwqAgSSBjYW4gYWxzbyBjbGljayBvbiB0aGUgU3RhcnQgbWVudSBi dXR0b24sIGFuZA0KPj4gZW50ZXIgImNtZCIgd2hpY2ggc2hvd3MgQ29tbWFuZCBQcm9tcHQg YXMgYSBtYXRjaC7CoCBUaGUgZmlyc3QgbWF0Y2gNCj4+IG9wZW5zIGluIG5vbi1hZG1pbiBt b2RlLsKgIEFub3RoZXIgbWF0Y2ggbGV0IG1lIGNsaWNrIG9uIGl0cyByaWdodHdhcmQNCj4+ IGNoZXZyb24gdG8gZ2V0IG1vcmUgY2hvaWNlcywgbGlrZSBPcGVuIG9yIFJ1biBhcyBhZG1p bmlzdHJhdG9yLg0KPj4NCj4+IEhvdyBhcmUgeW91IHN0YXJ0aW5nIGNtZC5leGU/wqAgSWYg dXNpbmcgYSBzaG9ydGN1dCwgbWFrZSBzdXJlIHRvIGFkZCB0aGUNCj4+IC9rIGNvbW1hbmQt bGluZSBhcmd1bWVudCB0byBrZWVwIG9wZW4gdGhlIGNvbnNvbGUgd2luZG93LCBsaWtlOg0K Pj4NCj4+IGNtZC5leGUgL2sNCj4+DQo+PiBOb3JtYWxseSwgd2hlbiBjbWQgaXMgZG9uZSBy dW5uaW5nIHdoYXRldmVyIHlvdXIgdG9sZCBpdCB0byBydW4sIHRoZQ0KPj4gY29uc29sZSB3 aW5kb3cgY2xvc2VzLCBiZWNhdXNlIHRoZSBjbWQgc2hlbGwgdW5sb2FkcyBhZnRlciBydW5u aW5nDQo+PiB3aGF0ZXZlciB5b3UgdG9sZCBjbWQuZXhlIHRvIHJ1bi7CoCBZb3Ugd2FudCB0 byBrZWVwIHRoZSBzaGVsbCBsb2FkZWQsIHNvDQo+PiBhZGQgL2sgc3dpdGNoLsKgIEFsc28g Y2hlY2sgd2hpY2ggY21kLmV4ZSB0aGUgc2hvcnRjdXQgc3BlY2lmaWVzLsKgIEhhdmUNCj4+ IGl0IHBvaW50IGF0IHRoZSBvbmUgdW5kZXIgdGhlIHN5c3RlbTMyIGZvbGRlci4NCj4+DQo+ PiBJbiBUYXNrIE1hbmFnZXIsIGNoZWNrIGlmIGFueSBpbnN0YW5jZXMgb2YgY21kLmV4ZSBh cmUgcnVubmluZy7CoCBJZiBzbywNCj4+IGtpbGwgdGhlbS7CoCBZb3UgZG9uJ3Qgc2F5IGhv dyB5b3UgcnVuIGNtZC7CoCBUcnkgdGhlIGZvbGxvd2luZzoNCj4+DQo+PiAtIEJyaW5nIHVw IHRoZSBUYXNrIE1hbmFnZXIgKEN0cmwrU2hpZnQrRXNjKS4NCj4+IMKgwqDCoMKgIG8gU2Vs ZWN0IHRoZSBEZXRhaWxzIHRhYi4NCj4+IMKgwqDCoMKgIG8gQ2xpY2sgb24gdGhlIE5hbWUg Y29sdW1uIGhlYWRlciB0byBzb3J0IGJ5IHByb2Nlc3MgbmFtZS4NCj4+IMKgwqDCoMKgIG8g U2Nyb2xsIGRvd24gdG8gd2hlcmUgdGhlIEMncyB3b3VsZCBzdGFydC4NCj4+IMKgwqDCoMKg IG8gQ2hlY2sgdGhlcmUgYXJlIG5vIHJ1bm5pbmcgaW5zdGFuY2VzIG9mIGNtZC5leGUNCj4+ IC0gUnVuIGNtZC5leGU6DQo+PiDCoMKgwqDCoCBvIEJyaW5nIHVwIHRoZSBSdW4gZGlhbG9n IChXaW4rUikuDQo+PiDCoMKgwqDCoCBvIE9yLCB1c2UgdGhlIEZpbGUgLT4gUnVuIG5ldyB0 YXNrIG1lbnUgaW4gVGFzayBNYW5hZ2VyLg0KPj4gLSBFbnRlcjogY21kLmV4ZS7CoCBJbmNs dWRlIHRoZSAuZXhlIGV4dGVuc2lvbi7CoCBDbGljayBPSy4NCj4+DQo+PiBTZWUgYSBjb25z b2xlIHdpbmRvdyBub3c/DQo+PiBEaWQgdGhlIGNvbnNvbGUgd2luZG93IHN0YXkgb3Blbj8N Cj4+IEluIFRhc2sgTWFuYWdlciwgZGlkIHlvdSBzZWUgY21kLmV4ZSBzaG93IHVwPw0KPj4N Cj4+IElmIHlvdSBzYXcgY21kLmV4ZSBzaG93IHVwIGluIFRhc2sgTWFuYWdlciwgYnV0IG9u bHkgdGVtcG9yYXJpbHksIGFuZA0KPj4gaXRzIGNvbnNvbGUgd2luZG93IGRpZCBub3Qgc3Rh eSBvcGVuLCBkbyB0aGUgYWJvdmUgYWdhaW47IGhvd2V2ZXIsDQo+PiBpbnN0ZWFkIG9mIHJl bHlpbmcgb24gcGF0aGluZyB0byBmaW5kIHRoZSBjbWQuZXhlIGV4ZWN1dGFibGUgZmlsZSwg ZW50ZXINCj4+IHRoZSBmdWxsIHBhdGggdG8gdGhlIGV4ZWN1dGFibGU6IGM6XHdpbmRvd3Nc c3lzdGVtMzJcY21kLmV4ZS4NCj4+DQo+PiBMb29rIGluIEV2ZW50IFZpZXdlciB0byBzZWUg aWYgYW4gZXJyb3IgZ290IHJlcG9ydGVkIHdoZW4gdHJ5aW5nIHRvIGxvYWQNCj4+IGNtZC5l eGUuDQo+Pg0KPj4gY21kLmV4ZSBpcyBvbmUgb2YgdGhlIHByb2dyYW1zIG9mdGVuIGF0dGFj a2VkIGJ5IG1hbHdhcmUgdG8gcHJldmVudCB0aGUNCj4+IHVzZXIgZnJvbSBoYXZlIGEgbG93 LWxldmVsIHRvb2wgdG8gdW5kbyB0aGUgbWFsd2FyZS7CoCBSdW4gYSBmdWxsIHNjYW4NCj4+ IHVzaW5nIHlvdXIgYW50aS12aXJ1cyBzb2Z0d2FyZS7CoCBJZiB1c2luZyBXaW5kb3dzIERl ZmVuZGVyLCBzZWU6DQo+Pg0KPj4gaHR0cHM6Ly9sZWFybi5taWNyb3NvZnQuY29tL2VuLXVz L2RlZmVuZGVyLWVuZHBvaW50L2NvbW1hbmQtbGluZS0gDQo+PiBhcmd1bWVudHMtbWljcm9z b2Z0LWRlZmVuZGVyLWFudGl2aXJ1cw0KPj4NCj4+IGFuZCBydW46DQo+Pg0KPj4gbXBjbWRy dW4uZXhlIC1zY2FuIC1zY2FudHlwZSAyDQo+Pg0KPj4gRGVmZW5kZXIncyBtYW51YWwgc2Nh biBpcyBzbG93LCBzbyBpdCB3aWxsIHRha2UgYSBsb25nIHRpbWUgdG8gY29tcGxldGUuDQo+ PiBJZiBpdHMgY29uc29sZSB3aW5kb3cgZGlzYXBwZWFycyBhZnRlciBpdCBjb21wbGV0ZXMs IHNvIHlvdSBkb24ndCBnZXQgdG8NCj4+IHNlZSBpdHMgb3V0cHV0LCBwaXBlIHN0ZG91dCBp bnRvIGEgZmlsZSB0byBvcGVuIGluIE5vdGVwYWQsIGxpa2U6DQo+Pg0KPj4gbXBjbWRydW4u ZXhlIC1zY2FuIC1zY2FudHlwZSAyID4gJXRlbXAlXG1wc2Nhbi50eHQgJiBub3RlcGFkICV0 ZW1wJSANCj4+IFxtcHNjYW4udHh0DQo+Pg0KPiANCj4gU2V0dGluZ3MvUGVyc29uYWxpemF0 aW9uL1Rhc2tiYXIvIHlpZWxkcyB0aGUgc2FtZSBzZXR0aW5ncyBvcHRpb25zIGFzIA0KPiBS dC5DbGljayBUYXNrYmFyL1Rhc2tiYXIgU2V0dGluZ3MNCj4gDQo+IFRoZSBvbmx5IHB1cnBv c2Ugb2YgdGhpcyBzZXR0aW5ncyBpcyB0byBjaGFuZ2Ugd2hhdCBpcyBzaG93bihDb21tYW5k LmNvbSANCj4gb3IgUG93ZXJzaGVsbCkgaW4gdGhlIHdpbmRvdyBmb3IgdGhlIFN0YXJ0IE1l bnUgYnV0dG9uKHJpZ2h0IGNsaWNrKSBvciANCj4gdGhlIFF1aWNrIE1lbnUoV2luZG93cyBr ZXkgKyBYKS4NCj4gIMKgaS5lLiBpdCBkb2Vzbid0IHJ1biBDb21tYW5kLmNvbSBvciBQb3dl cnNoZWxsDQo+IA0KPiANCj4gVGhlIHN5bXB0b20gb2YgcnVubmluZyBDb21tYW5kLmNvbSBm cm9tIHRoZSBhYm92ZSBtZW51IG9wdGlvbnMgYW5kIA0KPiByZXN1bHRpbmcgaW4gaXQgZGlz YXBwZWFyaW5nKGJyaWVmIHdpbmRvdykgd2FzIGEga25vd24gaXNzdWUgcXVpdGUgc29tZSAN Cj4gdGltZSBhZ28oY2lyY2EgMjBIMikNCj4gIMKgLSB0aGUgZml4IHdhcyB0byBhY2Nlc3Mg dGhlIGNvbW1hbmQuY29tIHNob3J0Y3V0IGFuZCBlbnN1cmUgaXQgd2FzIA0KPiBjb25maWd1 cmVkIHRvIHJ1biBpbiBhIG5vcm1hbCB3aW5kb3cgYnV0IG5vdCBydW4gaW4gYSBtaW5pbWl6 ZWQvIA0KPiBtYXhpbWl6ZWQgd2luZG93LiBJZiBzZXQgdG8gJ25vcm1hbCcgdGVtcG9yYXJp bHkgdG9nZ2xlIGl0IHRvIG1pbmltaXplZCANCj4gb3IgbWF4aW11bSwgcmVzdGFydCwgdGhl biByZXNldCBiYWNrIHRvIG5vcm1hbC4NCj4gIMKgLSBOb3RlOiBFdmVuIHdoZW4gY2hhbmdp bmcgdGhlIHNob3J0Y3V0IHByb3BlcnRpZXMgdG8gdXNlIHRoZSANCj4gY29tbWFuZC5jb20g L2sgb3B0aW9uLCBpdCB3YXMgc3RpbGwgbmVjZXNzYXJ5IHRvIHJlc2V0L3RvZ2dsZS90b2dn bGUgDQo+IGJhY2sgdGhlIHByb3BlcnRpZXMgd2luZG93IHNldHRpbmcuIFNpbmNlIG11bHRp cGxlIGFjY2VzcyBwb2ludHModG8gDQo+IGNvbW1hbmQuY29tKSBpbiBXaW5kb3dzIG9yIHVz ZXIgY29uZmlndXJlZC9jcmVhdGVkIHNob3J0Y3V0cyBleGlzdCwgYWxsIA0KPiBjb21tYW5k LmNvbSBzaG9ydGN1dHMgc2hvdWxkIGJlIGNvbmZpZ3VyZWQvcmVzZXQgdG8gcnVuIGluIHRo ZSBzYW1lIA0KPiB3aW5kb3coZS5nLiBOb3JtYWwpLiBGaW5hbGx5LCBjb25maWd1cmluZyB0 aGUgc2hvcnRjdXQgdG8gcnVuLWFzIEFkbWluIA0KPiBvciBub3QgaXMgbm90IHJlbGF0ZWQg dG8gdGhlIGRpc2FwcGVhcmluZyBpc3N1ZShpdCBjYW4gYmUgYWRtaW4gb3Igbm90KS4NCj4g DQoNCkkgdHJpZWQgdGhpcywgYnV0IGl0IGRpZG4ndCB3b3JrLg0KSSBldmVuIGNyZWF0ZWQg YSBzaG9ydGN1dCBvbiB0aGUgRGVza3RvcCwgYW5kIHBlcmZvcm1lZCB5b3VyIHJlY29tbWVu ZGVkIA0KYWN0aW9ucyB0aHJvdWdoIHRoYXQuDQoNCkVkDQoNCg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer wrote:

I ran this on Powershell.

echo off
reg delete "HKCU\Console" /f
reg delete "HKCU\Software\Microsoft\Command Processor" /v "AutoRun" /f
reg delete "HKLM\Software\Microsoft\Command Processor" /v "AutoRun" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" /f
echo done

Ed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer <ed@somewhere.in.the.uk> wrote:

Ed Cryer wrote:

VanguardLH wrote:

mpcmdrun.exe -scan -scantype 2 > %temp%\mpscan.txt & notepad %temp%
\mpscan.txt

Thanks for jumping to help.

No sign of CMD in Task Manager, nor in Reliability Monitor.
The shortcut points to the version in system32, which I tried by
clicking on it in situ; same brief flash.
Cmd.exe and cmd.exe/k produce the same phenomenon.
I've run DISM and sfc /scannow again, plus done a full chkdsk c: /f /r.
I'm now running a full Windows Defender scan; fingers crossed.

Ed

Full scan ok. 57 mins. Zero threats found.
No mention of CMD in Event Viewer.
The version of CMD in SysWOW64 has the same disappearing behaviour.

However, I installed Administrator account and it works just fine from
there. And the file location is the same as my user.

I'm pondering whether to run a full system repair - download Win10
latest. But there's no sign of any other problem, and this one seems too minor to warrant such extensive attention. I can use Powershell, and, in
case of necessity, CMD in Administrator account.

Ed

winston mentions there might be a window sizing problem. Possibly the
console window is minimized leaving only its Taskbar button.

In addition, after you run cmd.exe, and the window opens and disappears,
is cmd.exe still listed as a running process in Task Manager?

Is there still a Taskbar button for cmd.exe? Or is it the Taskbar
button you see appear and quickly disappear (and never do see the
console window)?

If there is a Taskbar button for cmd.exe's console window, but you don't
see the window, could be it is minimized, or it is offscreen. Click the Taskbar button for cmd.exe to make it the active window, hit
Alt+Spacebar to activate its Control Menu, hit M (to select the Move
menu entry), and use the arrow keys to move the window around. Most
windows still have the Control Menu, but often the "-" at the left end
of the titlebar is not shown. Alternatively, you can Shift+rightclick
on the Taskbar button to see the Control Menu for that window.

You could also try using Win+arrowkey to move around a window. Click
the Taskbar button for the program, and use: Win+left to snap the window
to the upper left side of the screen, Win+right to snap to the upper
right side, Win+up to maximize to full screen height, and Win+down to normalize.

https://www.howtogeek.com/310/bring-misplaced-off-screen-windows-back-to-your-desktop-keyboard-trick/

Besides the other methods mentioned, it notes using WinLister. I forgot
I had this tool. I have most of Nirsoft's tools, and this one, too.
The "Centered Selected Windows" context menu item would snap and resize
those windows to the center of your monitor.

Do you have dual monitors? For multiple monitors, Win+Shift+left/right
moves the window between monitors. Win+P gives a menu of where you want
to project the screen.

You say cmd.exe loads okay in a new Windows account. There is always an Administrator account. It is created when you install Windows. It
prompts you to create another account. So, I'm not sure what you mean
by you installed an Administrator account when it should've already
existed. When booting Windows, does it automatically log into your
Windows account (i.e., never ask you which account to use)? Automatic
login won't show accounts you can log into.

Run netplwiz to see a list of accounts. For the one called
Administrator, you just created that account, or you just logged into it
for the first time? For the "User must enter a username ..." option, is
it selected, or not?

Are you using Applocker?

https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview
https://www.youtube.com/watch?v=xVVgXnorpvA

Or Software Restriction Policies (SRPs)?

https://learn.microsoft.com/en-us/windows-server/identity/software-restriction-policies/software-restriction-policies
https://www.youtube.com/watch?v=L--wgJJrosY https://www.tenforums.com/tutorials/124008-use-applocker-allow-block-executable-files-windows-10-a.html

You didn't say which edition of Windows 10 you have. Home editions
don't have either the gpedit.msc or secpol.msc policy editors. When I
had a Pro edition, I played with Applocker for a short time, but decided
it was too complicated to bother with, and I didn't need to lockdown my computer that hard, anyway. However, if you log into a domain account
it is possible security policies get pushed to your workstation. You
probably are logging into a local account, but something or someone
could still add registry entries for policies. According to:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/ee844171(v=ws.11)

Applocker settings are stored under:

\HKEY_LOCAL_Machine\Software\Policies\Microsoft\Windows\SrpV2

The key name hints Applocker is the 2nd version of SRP (Software
Restriction Policy).

I've used SRPs in the past to block a program from loading. I added a
Path rule to specify which .exe I did not want to allow to load. These
were locally defined by me, not pushed by a domain login. All policies
are defined in the registry, but SRPs are hash protected.

Local group policies are stored under C:\Windows\System32\GroupPolicy to
get merged into the registry during startup for computer policies or
during logon for user policies. When using gpedit.msc, you are viewing
what is under C:\Windows\System32\GroupPolicy, not what is currently
loaded in the registry.

SRPs are not applied when booting into Windows safe mode. Try that and
logging into your account to retest cmd.exe.

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994620(v=ws.11)?redirectedfrom=MSDN#if-you-experience-problems-with-applied-policy-settings-restart-windows-in-safe-mode

Microsoft tried to neuter SRPs, but there are hacks to keep it working.
They want you to use Applocker. But if you used SRPs before, and
upgraded Windows instead of a fresh install, possibly some SRPs survived
into the upgrade.

https://borncity.com/win/2023/02/24/software-restriction-policies-safer-still-possible-under-windows-11-22h2/

3rd-party security software could also effect the same disable/block on starting programs.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

VanguardLH wrote:

Ed Cryer <ed@somewhere.in.the.uk> wrote:

Ed Cryer wrote:

VanguardLH wrote:

mpcmdrun.exe -scan -scantype 2 > %temp%\mpscan.txt & notepad %temp%
\mpscan.txt

Thanks for jumping to help.

No sign of CMD in Task Manager, nor in Reliability Monitor.
The shortcut points to the version in system32, which I tried by
clicking on it in situ; same brief flash.
Cmd.exe and cmd.exe/k produce the same phenomenon.
I've run DISM and sfc /scannow again, plus done a full chkdsk c: /f /r.
I'm now running a full Windows Defender scan; fingers crossed.

Ed

Full scan ok. 57 mins. Zero threats found.
No mention of CMD in Event Viewer.
The version of CMD in SysWOW64 has the same disappearing behaviour.

However, I installed Administrator account and it works just fine from
there. And the file location is the same as my user.

I'm pondering whether to run a full system repair - download Win10
latest. But there's no sign of any other problem, and this one seems too
minor to warrant such extensive attention. I can use Powershell, and, in
case of necessity, CMD in Administrator account.

Ed

winston mentions there might be a window sizing problem. Possibly the console window is minimized leaving only its Taskbar button.

In addition, after you run cmd.exe, and the window opens and disappears,
is cmd.exe still listed as a running process in Task Manager?

Is there still a Taskbar button for cmd.exe? Or is it the Taskbar
button you see appear and quickly disappear (and never do see the
console window)?

If there is a Taskbar button for cmd.exe's console window, but you don't
see the window, could be it is minimized, or it is offscreen. Click the Taskbar button for cmd.exe to make it the active window, hit
Alt+Spacebar to activate its Control Menu, hit M (to select the Move
menu entry), and use the arrow keys to move the window around. Most
windows still have the Control Menu, but often the "-" at the left end
of the titlebar is not shown. Alternatively, you can Shift+rightclick
on the Taskbar button to see the Control Menu for that window.

You could also try using Win+arrowkey to move around a window. Click
the Taskbar button for the program, and use: Win+left to snap the window
to the upper left side of the screen, Win+right to snap to the upper
right side, Win+up to maximize to full screen height, and Win+down to normalize.

https://www.howtogeek.com/310/bring-misplaced-off-screen-windows-back-to-your-desktop-keyboard-trick/

Besides the other methods mentioned, it notes using WinLister. I forgot
I had this tool. I have most of Nirsoft's tools, and this one, too.
The "Centered Selected Windows" context menu item would snap and resize
those windows to the center of your monitor.

Do you have dual monitors? For multiple monitors, Win+Shift+left/right
moves the window between monitors. Win+P gives a menu of where you want
to project the screen.

You say cmd.exe loads okay in a new Windows account. There is always an Administrator account. It is created when you install Windows. It
prompts you to create another account. So, I'm not sure what you mean
by you installed an Administrator account when it should've already
existed. When booting Windows, does it automatically log into your
Windows account (i.e., never ask you which account to use)? Automatic
login won't show accounts you can log into.

Run netplwiz to see a list of accounts. For the one called
Administrator, you just created that account, or you just logged into it
for the first time? For the "User must enter a username ..." option, is
it selected, or not?

Are you using Applocker?

https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview
https://www.youtube.com/watch?v=xVVgXnorpvA

Or Software Restriction Policies (SRPs)?

https://learn.microsoft.com/en-us/windows-server/identity/software-restriction-policies/software-restriction-policies
https://www.youtube.com/watch?v=L--wgJJrosY https://www.tenforums.com/tutorials/124008-use-applocker-allow-block-executable-files-windows-10-a.html

You didn't say which edition of Windows 10 you have. Home editions
don't have either the gpedit.msc or secpol.msc policy editors. When I
had a Pro edition, I played with Applocker for a short time, but decided
it was too complicated to bother with, and I didn't need to lockdown my computer that hard, anyway. However, if you log into a domain account
it is possible security policies get pushed to your workstation. You probably are logging into a local account, but something or someone
could still add registry entries for policies. According to:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/ee844171(v=ws.11)

Applocker settings are stored under:

\HKEY_LOCAL_Machine\Software\Policies\Microsoft\Windows\SrpV2

The key name hints Applocker is the 2nd version of SRP (Software
Restriction Policy).

I've used SRPs in the past to block a program from loading. I added a
Path rule to specify which .exe I did not want to allow to load. These
were locally defined by me, not pushed by a domain login. All policies
are defined in the registry, but SRPs are hash protected.

Local group policies are stored under C:\Windows\System32\GroupPolicy to
get merged into the registry during startup for computer policies or
during logon for user policies. When using gpedit.msc, you are viewing
what is under C:\Windows\System32\GroupPolicy, not what is currently
loaded in the registry.

SRPs are not applied when booting into Windows safe mode. Try that and logging into your account to retest cmd.exe.

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994620(v=ws.11)?redirectedfrom=MSDN#if-you-experience-problems-with-applied-policy-settings-restart-windows-in-safe-mode

Microsoft tried to neuter SRPs, but there are hacks to keep it working.
They want you to use Applocker. But if you used SRPs before, and
upgraded Windows instead of a fresh install, possibly some SRPs survived
into the upgrade.

https://borncity.com/win/2023/02/24/software-restriction-policies-safer-still-possible-under-windows-11-22h2/

3rd-party security software could also effect the same disable/block on starting programs.

Have you seen my SOLVED posting in this thread?
It worked for me. I found it in a Google search for this problem.
I'm no expert on Win10, but I should think that the things done therein
should reveal the underlying cause to someone who is.

Ed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 25 Apr 2025 10:36:11 +0100, Ed Cryer wrote:

On two of my Win10 systems, I can swap between Powershell and command
prompt. But on the third there's a most peculiar problem. Settings/Personalisation/Taskbar has the option to switch between the
two. When I set it to CMD, CMD appears for a second in a tiny window and
then disappears. I can't get it to stay put.

You need to invoke it with the /k option, and the only way I know to
do that is to put the command in a shortcut.

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
Shikata ga nai...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 4/25/2025 12:40 PM, Ed Cryer wrote:

Ed Cryer wrote:

I ran this on Powershell.

echo off
reg delete "HKCU\Console" /f
reg delete "HKCU\Software\Microsoft\Command Processor" /v "AutoRun" /f
reg delete "HKLM\Software\Microsoft\Command Processor" /v "AutoRun" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" /f
echo done

Ed

The last key in the sequence, is used for exploits.
"Image File Execution Options" is used by malware, for persistence.
So the item listed in the key, gets run any time there is an
attempt to launch a shell. I could put "mallory.exe" in the key
in place of "cmd.exe".

Instead of executing the renewal of that line, you would want to look in Regedit and see what was previously sandwiched in there.

Consider what the most recent "low reputation" installer or executable
file might have been.

I'm really surprised Windows Defender would let a random EXE near that.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer <ed@somewhere.in.the.uk> wrote:

Have you seen my SOLVED posting in this thread?
It worked for me. I found it in a Google search for this problem.
I'm no expert on Win10, but I should think that the things done therein should reveal the underlying cause to someone who is.

Ed

Yep, saw it. First response was you have a corrupted Windows account.
But I'm not sure that explains why an executable won't run other than
SRPs, Applocker, or something else you run under your Windows account
that blocks execution of some programs. You said you created the
Administrator account, but it should exist when you install Windows. It
is a default account. In fact, it is the only account that has the same
SID (Security Identifier) across all Windows installations.

https://learn.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts
"Every computer has an Administrator account (SID S-1-5-domain-500,
display name Administrator)."

When you said you "created" the Administrator account, maybe what you
meant was you got it added to the login screen, so you could pick it
from a list, like you ran "net user administrator /active:yes" in either
a cmd or Powershell shell (with admin privs). Or, it was the first time
you logged into the Administrator account which then created a profile
folder, and did the initial setup for the account. Unlikely you created
an account that already existed. You cannot delete Administrator, but
you can rename it.

The Administrator account should not be used as an everyday account.
You should create another user account to play with. Because Windows
profiles can get corrupted, and beyond the Administrator account the
setup creates at the start, I create a backup admin-level account. So,
I end up with Administrator, BkupAdmin, and 1 or more user accounts.

Update:

I have filters that will flag posts to hide them. I did not see your
"SOLVED" subthread, because one of my filters flags posts that have all uppercase in the Subject. One, that is YELLING. Two, spammers and
trolls are desparate to get attention. When I switched to a view that
showed ignore-flagged posts, I saw yours. I'll reply under that
subthread.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer <ed@somewhere.in.the.uk> wrote:

reg delete "HKCU\Console" /f

You wiped the default command shells. Under there, I have the following subkeys:

[HKEY_CURRENT_USER\Console]
several data items for config of command shells [HKEY_CURRENT_USER\Console\%%Startup] [HKEY_CURRENT_USER\Console\%SystemRoot%_system32_cmd.exe]
data items to define config for cmd.exe [HKEY_CURRENT_USER\Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe]
data items to define config for PS [HKEY_CURRENT_USER\Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe]
data items to define config for PS (alt location)

I did not see anything there that would prevent loading cmd.exe;
however, the key names themselves contain paths to the executable.
Since the Console key is now gone, no way to know if those subkeys were
named properly.

reg delete "HKCU\Software\Microsoft\Command Processor" /v "AutoRun" /f
reg delete "HKLM\Software\Microsoft\Command Processor" /v "AutoRun" /f

The Command Processor key is not defined in my Windows 10 setup. From
what I found, it was used in the past in older versions of Windows. It
was where the properties were stored for the command shell configs, but
are now under the Console key for Windows 10. The Command Processor
keys are not needed in Windows 10, and no longer supported hence
ignored. Are the Windows running on your computer fresh installs, or
are they upgrades? This carry-over of pollution or no-longer-supported registry entries along with all other orphaned entries in the registry,
like from dirty uninstalls, is why I always do fresh installs of the OS.

You said you ran DISM, but gave no details on just what arguments you
used. Did you run:

dism /Online /Cleanup-Image /CheckHealth (general checkup)
or
dism /Online /Cleanup-Image /ScanHealth (more detailed checkup)

dism /Online /Cleanup-Image /RestoreHealth
Connects to MS update servers to download and replace damaged files.
If it cannot replace damaged files, or you don't have an Internet
connection, you can specify a source image for reference. You can use
an install.wim or install.esd file from another computer, install
media, or ISO file; however, the source must match the version,
edition, and language of the instance of Windows you are trying to
repair. If you need to use a source other than the one included in
the current instance of Windows, use:
dism /Online /Cleanup-Image /RestoreHealth /Image:<offlineimagefile>
I've seen /Source used instead ____|____|

Optionally you could follow-up with:

dism /Online /Cleanup-Image /AnalyzeComponentStore
dism /Online /Cleanup-image /Startcomponentcleanup [/ResetBase]
Can take 1 to 2 hours to complete. The optional /ResetBase will
cleanout the C:\Windows\WinSxS folder by removing all superseded
versions of every component.

And lastly run:

sfc /scannow

All of this is doing brain surgery on the OS, so first save an image
backup. All this repairing could make things worse, so you may need to
restore from the image backup to, at least, get back to the prior state
of the OS even if it resumes whatever problem you are trying to resolve.

reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" /f

Since you deleted this subkey without looking at what data items were
defined under it, no way to tell if there was a cmd.exe named subkey,
and if it specified some untoward behavior -- but if it did then likely
you are infected. I'll bow to Paul on what this key is used for. I did
find:

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/xperf/image-file-execution-options

This key exists in my Windows 10 setup, and with 53 subkeys named for an executable file. However, I do not have subkeys named cmd.exe or
command.com under there. Maybe you did. *IF* there was a subkey named
cmd.exe then you deleted it. If there was not, there was nothing to
delete, and the 'reg delete' command was worthless.

https://securityblueteam.medium.com/utilizing-image-file-execution-options-ifeo-for-stealthy-persistence-331bc972554e

That touches on what Paul mentioned regarding persistence of malware.
IFEO (Image File Executions Options) lets developers attach a debugger
to an application or process. Allows running the debugger at the time
the application is running. More info at:

https://hejelylab.github.io/blog/IRC/Persistence-IFEO

With Windows Defender not catching anything in a manual scan, I'd
suggest getting a 2nd-opinion AV scanner. I've used Malwarebytes
Anti-Malware (MBAM) in the past. You only want ONE on-access (realtime)
AV scanner running at a time, so after installing MBAM you configure it
to NOT use its on-access scanner. You only want to use it as an
on-demand (manual) scanner to get a 2nd-opinion. I believe MBAM will
look at IEFO entries in the registry since they mention IEFO at:

https://www.malwarebytes.com/blog/news/2015/12/an-introduction-to-image-file-execution-options

Since IEFO has legitimate use for debugging, the only way I can think
that MBAM would detect a bad subkey here is if it pointed to some
malware, but then MBAM should find that source in a scan. The problem
in removing malware is that you chop the legs off of it, but remnants
left behind can cause problem. A cmd.exe named subkey with a data item pointing to an executable that no longer exists can cause problems
trying to run the program for which the subkey is named.

I could not find a search at https://forums.malwarebytes.com/ to see if
IEFO was discussed, and if MBAM covers looking at those subkeys.
Apparently you need a forum account to login to then do a search. I did
an external search using:

https://www.google.com/search?q=image%20file%20execution%20options%20iefo%20site%3Aforums.malwarebytes.com&sei=SFAMaMPIE-TnwN4P2Y2L0AE

and IEFO is discussed there. Perhaps MBAM looks at to where those IEFO
subkeys point, but more likely it detects the malware source to
eradicate which could then leave those IEFO subkeys pointing at no-longer-existing [debugger] executables. Disinfecting your computer
can leave behind scars.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 25 Apr 2025 13:14:45 -0700, Stan Brown
<the_stan_brown@fastmail.fm> wrote:

On Fri, 25 Apr 2025 10:36:11 +0100, Ed Cryer wrote:

On two of my Win10 systems, I can swap between Powershell and command
prompt. But on the third there's a most peculiar problem.
Settings/Personalisation/Taskbar has the option to switch between the
two. When I set it to CMD, CMD appears for a second in a tiny window and
then disappears. I can't get it to stay put.

You need to invoke it with the /k option, and the only way I know to
do that is to put the command in a shortcut.

I can't imagine why you'd need /k on a cmd shortcut. When you launch cmd
from a shortcut, it already stays open without the /k option.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Char,

I can't imagine why you'd need /k on a cmd shortcut.

What the OP describes happens when then an "execute this" part has been
addded without the /k argument.

IOW, the OP /might/ not have told us everything.

Besides, adding it (just after the first, ending on \CMD.EXE, part) sounds
like a good idea as a debugging step. If the console window than stays open ...


And for the record, I've got several cmd shortcuts using the /k argument and
a batchfile which does some initializing for me.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

VanguardLH wrote:

Ed Cryer <ed@somewhere.in.the.uk> wrote:

Have you seen my SOLVED posting in this thread?
It worked for me. I found it in a Google search for this problem.
I'm no expert on Win10, but I should think that the things done therein
should reveal the underlying cause to someone who is.

Ed

Yep, saw it. First response was you have a corrupted Windows account.
But I'm not sure that explains why an executable won't run other than
SRPs, Applocker, or something else you run under your Windows account
that blocks execution of some programs. You said you created the Administrator account, but it should exist when you install Windows. It
is a default account. In fact, it is the only account that has the same
SID (Security Identifier) across all Windows installations.

https://learn.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts
"Every computer has an Administrator account (SID S-1-5-domain-500,
display name Administrator)."

When you said you "created" the Administrator account, maybe what you
meant was you got it added to the login screen, so you could pick it
from a list, like you ran "net user administrator /active:yes" in either
a cmd or Powershell shell (with admin privs). Or, it was the first time
you logged into the Administrator account which then created a profile folder, and did the initial setup for the account. Unlikely you created
an account that already existed. You cannot delete Administrator, but
you can rename it.

The Administrator account should not be used as an everyday account.
You should create another user account to play with. Because Windows profiles can get corrupted, and beyond the Administrator account the
setup creates at the start, I create a backup admin-level account. So,
I end up with Administrator, BkupAdmin, and 1 or more user accounts.

Update:

I have filters that will flag posts to hide them. I did not see your "SOLVED" subthread, because one of my filters flags posts that have all uppercase in the Subject. One, that is YELLING. Two, spammers and
trolls are desparate to get attention. When I switched to a view that
showed ignore-flagged posts, I saw yours. I'll reply under that
subthread.

Hiya man.
It used be standard good netiquette to put "solved" in upper case; in
Web and Usenet threads. I'm not going to apologise for having done it
here. Your filtering out of them is your personal affair. I have no
battle with upper-case abusers because I don't get any.

The Administrator account.
Yes, I think your second theory is correct; it had never been fully set
up. It took time to initiate it all, with lots of questions to answer.

BTW, rather than create another account as safety backup, I'll stick
with my regular Macrium images and Windows restore points. They've
always served me well enough.

See you, Ed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer <ed@somewhere.in.the.uk> wrote:

VanguardLH wrote:

[...]

Update:

I have filters that will flag posts to hide them. I did not see your "SOLVED" subthread, because one of my filters flags posts that have all uppercase in the Subject. One, that is YELLING. Two, spammers and
trolls are desparate to get attention. When I switched to a view that showed ignore-flagged posts, I saw yours. I'll reply under that
subthread.

Hiya man.
It used be standard good netiquette to put "solved" in upper case; in
Web and Usenet threads. I'm not going to apologise for having done it
here.

Well, the "standard good netiquette" was/is to *add* 'SOLVED' in the
subject line, not to replace the subject. But you're forgiven! :-)

Your filtering out of them is your personal affair. I have no
battle with upper-case abusers because I don't get any.

I have a similar filter, but once a day, I check the actions of the filter(s), so your 'indiscretion' was easily spotted and undone! :-)

Anyway, you've gotten us an excuse to nitpick, so thanks for that!

All the best.

[...]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 26 Apr 2025 12:00:47 +0100, Ed Cryer wrote:

It used be standard good netiquette to put "solved" in upper case; in
Web and Usenet threads. I'm not going to apologise for having done it
here.

But you left one thing out of that standard good practice: Append
SOLVED to the original subject line.

Replacing the subject line entirely is not a good idea, because it
breaks the human-eyeballs connection with the thread describing the
problem. Yes, technically it's in the same thread, but it doesn't
look that way to a human.

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
Shikata ga nai...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 26 Apr 2025 00:14:31 -0500, Char Jackson wrote:

On Fri, 25 Apr 2025 13:14:45 -0700, Stan Brown
<the_stan_brown@fastmail.fm> wrote:

On Fri, 25 Apr 2025 10:36:11 +0100, Ed Cryer wrote:

On two of my Win10 systems, I can swap between Powershell and command
prompt. But on the third there's a most peculiar problem.
Settings/Personalisation/Taskbar has the option to switch between the
two. When I set it to CMD, CMD appears for a second in a tiny window and >> then disappears. I can't get it to stay put.

You need to invoke it with the /k option, and the only way I know to
do that is to put the command in a shortcut.

I can't imagine why you'd need /k on a cmd shortcut. When you launch cmd
from a shortcut, it already stays open without the /k option.

You're right. I typically run cmd with a canned command in a
shortcut, and I assumed (oops) that it behaved the same with other
launch methods.

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
Shikata ga nai...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Frank Slootweg <this@ddress.is.invalid> wrote:

Ed Cryer <ed@somewhere.in.the.uk> wrote:

VanguardLH wrote:

Update:

I did not see your "SOLVED" subthread, because one of my filters
flags posts that have all uppercase in the Subject.

It used be standard good netiquette to put "solved" in upper case; in
Web and Usenet threads. I'm not going to apologise for having done it
here.

Well, the "standard good netiquette" was/is to *add* 'SOLVED' in the
subject line, not to replace the subject. But you're forgiven! :-)

Netiquette when modifying the Subject header (which adding SOLVED or
changing to just SOLVED would do) is to show the new Subject header and
append "(was: <originalSubject>)", so here it looked like:

Solved (was: No CMD)

I have also seen:

Solved - No CMD

I don't recall "Solved" was to be all uppercased, but I don't visit all newsgroups. Been in Usenet since around 92. At the height of where I
visited, I used to inhabit 52 newsgroups, but that's waned to 19 now.

If the original Subject was still there, and "SOLVED" had been added,
the Subject would not have been all uppercase: the "o" was lowercase. Prepending "Solved" would also not have the Subject as all uppercase.
I'll look into my all-uppercase filter to see if I can add an exception
for just "SOLVED"; i.e., Subject starts with "solved" whether upper- or lowercase, or mix of both; however, that would permit starter posts that
aren't replies, like "SOLVE YOUR DEBT".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

VanguardLH wrote on 4/26/2025 6:50 PM:

Frank Slootweg <this@ddress.is.invalid> wrote:

Ed Cryer <ed@somewhere.in.the.uk> wrote:

VanguardLH wrote:

Update:

I did not see your "SOLVED" subthread, because one of my filters
flags posts that have all uppercase in the Subject.

It used be standard good netiquette to put "solved" in upper case; in
Web and Usenet threads. I'm not going to apologise for having done it
here.

Well, the "standard good netiquette" was/is to *add* 'SOLVED' in the
subject line, not to replace the subject. But you're forgiven! :-)

Netiquette when modifying the Subject header (which adding SOLVED or
changing to just SOLVED would do) is to show the new Subject header and append "(was: <originalSubject>)", so here it looked like:

Solved (was: No CMD)

I have also seen:

Solved - No CMD

I don't recall "Solved" was to be all uppercased, but I don't visit all newsgroups. Been in Usenet since around 92. At the height of where I visited, I used to inhabit 52 newsgroups, but that's waned to 19 now.

If the original Subject was still there, and "SOLVED" had been added,
the Subject would not have been all uppercase: the "o" was lowercase. Prepending "Solved" would also not have the Subject as all uppercase.
I'll look into my all-uppercase filter to see if I can add an exception
for just "SOLVED"; i.e., Subject starts with "solved" whether upper- or lowercase, or mix of both; however, that would permit starter posts that aren't replies, like "SOLVE YOUR DEBT".

Here is a forum that might help you and ed.

https://able2know.org/forum/english_grammar/

Many experts there that can nitpick the tiniest of grammar mistakes.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Char Jackson <none@none.invalid> wrote:

Stan Brown <the_stan_brown@fastmail.fm> wrote:

You need to invoke it with the /k option, and the only way I know to
do that is to put the command in a shortcut.

I can't imagine why you'd need /k on a cmd shortcut. When you launch cmd
from a shortcut, it already stays open without the /k option.

We wouldn't know what was in the OP's shortcut if that's how he started
it. Could be the shortcut [loads a cmd shell to] interpret a batch
file, and it is in the batch script that cmd.exe gets used. That is, a
batch file is a wrapper to cmd.exe. For example, create an example.bat
file containing:

echo List users ...
cmd.exe /c net users
echo
echo Check if Administrator is listed.

Then create a shortcut pointing to example.bat. When you double-click
the shortcut, you see the console window appear for a second, and it disappears. I've used batch scripts to do setup before cmd.exe, check
status afterward, and perform other actions both before and after the
cmd.exe call. If I want the 2nd shell to pause for whatever it called
to execute that doesn't itself halt to show output, I have to change /c
to /k in either the batch script's call of cmd.exe, or to the cmd.exe
that the shortcut runs (like, "cmd.exe /k <progOrbatchfile>").

In the OP's case, he had corrupted registry entries regarding the
command shell. Since he deleted those registry entries, we don't know
what they specified as to what really was to run as the command shell.
They could've effected the same as the above shortcut scenario: they ran
a different shell than cmd.exe, or some wrapper/debugger on cmd.exe.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hank Rogers <Hank@nospam.invalid> wrote:

VanguardLH wrote on 4/26/2025 6:50 PM:

Frank Slootweg <this@ddress.is.invalid> wrote:

Ed Cryer <ed@somewhere.in.the.uk> wrote:

VanguardLH wrote:

Update:

I did not see your "SOLVED" subthread, because one of my filters
flags posts that have all uppercase in the Subject.

It used be standard good netiquette to put "solved" in upper case; in
Web and Usenet threads. I'm not going to apologise for having done it
here.

Well, the "standard good netiquette" was/is to *add* 'SOLVED' in the
subject line, not to replace the subject. But you're forgiven! :-)

Netiquette when modifying the Subject header (which adding SOLVED or
changing to just SOLVED would do) is to show the new Subject header and
append "(was: <originalSubject>)", so here it looked like:

Solved (was: No CMD)

I have also seen:

Solved - No CMD

I don't recall "Solved" was to be all uppercased, but I don't visit all
newsgroups. Been in Usenet since around 92. At the height of where I
visited, I used to inhabit 52 newsgroups, but that's waned to 19 now.

If the original Subject was still there, and "SOLVED" had been added,
the Subject would not have been all uppercase: the "o" was lowercase.
Prepending "Solved" would also not have the Subject as all uppercase.
I'll look into my all-uppercase filter to see if I can add an exception
for just "SOLVED"; i.e., Subject starts with "solved" whether upper- or
lowercase, or mix of both; however, that would permit starter posts that
aren't replies, like "SOLVE YOUR DEBT".

Here is a forum that might help you and ed.

h**ps:// able2know. org/ forum/ english_grammar/

Many experts there that can nitpick the tiniest of grammar mistakes.

The issue is not about grammar. We are discusssing etiquette, not
grammar.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 26 Apr 2025 11:02:17 +0200, "R.Wieser" <address@is.invalid>
wrote:

Char,

I can't imagine why you'd need /k on a cmd shortcut.

What the OP describes happens when then an "execute this" part has been >addded without the /k argument.

I think I misunderstood. I thought we were talking about a shortcut that
only launches a Command Prompt that does nothing, waiting for me to type
a command, rather than a shortcut that launches a Command prompt that immediately executes a command. I always do the former, never the
latter, but I think you're taking about the latter, right?

IOW, the OP /might/ not have told us everything.

Besides, adding it (just after the first, ending on \CMD.EXE, part) sounds >like a good idea as a debugging step. If the console window than stays open >...

And for the record, I've got several cmd shortcuts using the /k argument and >a batchfile which does some initializing for me.

Cool, thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Char,

I can't imagine why you'd need /k on a cmd shortcut.

What the OP describes happens when then an "execute this" part
has been addded without the /k argument.

I think I misunderstood. I thought we were talking about a shortcut
that only launches a Command Prompt that does nothing,

I assumed the same.

BUT :

1) The OP described something that matches behaviour of the presense of an "execute this" part. So, I applied "occam's razor" : the simpelest
explanation is also the most likely one. :-)

2) There was a suggestion to add the /k argument, and you could not imagine
its use. So I supplied one.

Two seperate things.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Vanguard,

For example, create an example.bat
file containing:

echo List users ...
cmd.exe /c net users
echo
echo Check if Administrator is listed.

Any reason you used "cmd.exe /c " there ? You're already in a commandline environment when you execute it (remove it and be amazed).

I've used batch scripts to do setup before cmd.exe, check
status afterward, and perform other actions both before and
after the cmd.exe call.

Funny, I've been doing the same for years now, but have never had a(ny) need for that "cmd.exe /c ".

If I want the 2nd shell to pause for whatever it called
to execute that doesn't itself halt to show output, I have to
change /c to /k in either the batch script's call of cmd.exe,

That, an automatic cleanup after manually exiting a second commandline
shell, would be one of the /very few/ reasons to open a second shell with
the /k switch.

or to the cmd.exe that the shortcut runs

... and that destroys the whole benefit of the above (the "automatic
cleanup" would be executed before you got control).

In the OP's case, he had corrupted registry entries regarding
the command shell. Since he deleted those registry entries,
we don't know what they specified

Remarkable that you just know those lines where corrupted*, even though you have no idea what was in them.

* and not, for example, just altered due to having changed some settings in
a dialog.

But I guess "corrupted" sounds way more important than "inadvertedly
changed".

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 27 Apr 2025 13:12:25 +0200, "R.Wieser" <address@is.invalid>
wrote:

Vanguard,

For example, create an example.bat

<<snipped>>

In the OP's case, he had corrupted registry entries regarding
the command shell. Since he deleted those registry entries,
we don't know what they specified

Uhm, don't Windows keep back-up copies of the Registry all over the
damned computer? Mine always has.

I thought that the only way of not doing so is to have extremely iffy
malware running about, stuff that deliberately mungs Windows to
prevent back-ups from forming so removing the malware is less easy.

Or are W-10 and W-11 different?

Remarkable that you just know those lines where corrupted*, even though you >have no idea what was in them.

* and not, for example, just altered due to having changed some settings in
a dialog.

But I guess "corrupted" sounds way more important than "inadvertedly >changed".

Same thing, only more official and scary, yes?

Which, I suppose was your point. :)

J.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

John,

In the OP's case, he had corrupted registry entries regarding
the command shell. Since he deleted those registry entries,
we don't know what they specified

Uhm, don't Windows keep back-up copies of the Registry all over the
damned computer? Mine always has.

Are you sure you are responding to the correct person ? That "In the OP's case" was said by VanguardLH, not me (Rudy Wieser).

And no, mine never did. Than again, I'm (still) not using Win10. :-)

But I guess "corrupted" sounds way more important than
"inadvertedly changed".

Same thing, only more official and scary, yes?

Which, I suppose was your point. :)

Not my point, no. What was is that the intention behind both is rather different.

Vanguard had, by his own admission, nothing to base his "corrupted" claim
on, yet he did. Why ? Bluntly said, he was lying for some reason.

"inadvertedly changed" (directly or indirectly by the user) was *way* more likely, but it just hasn't got any "definitive cause" sound to it.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27/04/2025 9:50 am, VanguardLH wrote:

Frank Slootweg <this@ddress.is.invalid> wrote:

Ed Cryer <ed@somewhere.in.the.uk> wrote:

VanguardLH wrote:

Update:

I did not see your "SOLVED" subthread, because one of my filters
flags posts that have all uppercase in the Subject.

It used be standard good netiquette to put "solved" in upper case; in
Web and Usenet threads. I'm not going to apologise for having done it
here.

Well, the "standard good netiquette" was/is to *add* 'SOLVED' in the
subject line, not to replace the subject. But you're forgiven! :-)

Netiquette when modifying the Subject header (which adding SOLVED or
changing to just SOLVED would do) is to show the new Subject header and append "(was: <originalSubject>)", so here it looked like:

Solved (was: No CMD)

Did you notice how the Subject: changed from your 'Change of Subject
(was: No CMD)' to my 'Re: Change of Subject' ??

My SeaMonkey Suite (and, I think, Thunderbird) does that auto-magically
... getting rid of the bracketed stuff!
--
Daniel70

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Daniel70 <daniel47@eternal-september.org> wrote:

VanguardLH wrote:

Netiquette when modifying the Subject header (which adding SOLVED or
changing to just SOLVED would do) is to show the new Subject header and
append "(was: <originalSubject>)", so here it looked like:

Solved (was: No CMD)

Did you notice how the Subject: changed from your 'Change of Subject
(was: No CMD)' to my 'Re: Change of Subject' ??

When modifying the Subject, the "(was:...)" postfix should get added automatically by a proper NNTP client to show the original Subject.

When replying to an article with the "(was:...)" postfix, the client
/should/ remove the postfix. It is not necessary nor desirable to keep carrying forward that Subject changed at some point indicating a change
in topic, or discuss a side topic.

Notice how "(was:...)" did not get appended when your client added the
"Re:" prefix. Technically that is a change in Subject, but it used as a qualifier to denote a reply to the same Subject.

My SeaMonkey Suite (and, I think, Thunderbird) does that auto-
magically ... getting rid of the bracketed stuff!

So does mine (40tude Dialog). Proper NNTP clients should.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Ed Cryer wrote:

Ed Cryer wrote:

I ran this on Powershell.

echo off
reg delete "HKCU\Console" /f
reg delete "HKCU\Software\Microsoft\Command Processor" /v "AutoRun" /f
reg delete "HKLM\Software\Microsoft\Command Processor" /v "AutoRun" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe" /f
echo done

Ed

This solution had a side effect. Next boot of the system produced a
black screen with a CMD box; and when I x'd off the box the screen
stayed black.
I learned that entering "explorer.exe" in the box restored normality. Subsequently I found the crucial Shell registry setting, which had
changed from "explorer.exe" to CMD.

Ed

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)