Windows 10 Black Desktop with Cursor Fixed

Symptoms

My Cool ‘n’ Quiet workstation was working fine until some point last night where it showed a black screen with moveable cursor. Attempts to bring up the Task Manager were unsuccessful – the cursor briefly changed to indicate busy state, but Task Manager would not appear.

This morning, the system would boot, displaying the Windows logo, but I was stuck on a black screen showing only my cursor.

I did not make any changes to hardware, and was not aware of any changes made to my system.

Initial Troubleshooting

I plugged my secondary display into my workstation’s graphics card and attempted to tinker with Windows 10’s Project settings (Windows key + P) to no avail.

Stumbling Across a Solution

I poked around within my workstation’s UEFI and focused on Boot Option Priorities.

Last Known Good Configuration

Boot Option Priorities
#1 Windows Boot Manager
#2 SATA: My Windows 10 OS Drive
#3: UEFI: Built-in EFI Shell

I modified Boot Option Priorities:

  • Swapping positions of #2 and #1 resulted in failure to boot
  • Tested UEFI, Windows Boot Manager, and finally SATA. This time, I was greeted by the familiar login screen

Upon login, Windows displayed a notification stating that updates were installed.

Update history (Settings > Update & security > Windows Update > Update History) showed that an updated NVIDIA display driver (NVIDIA – Display – 12/29/2016 12:00:00AM – 21.21.13.7653) was installed last night – could this have been the culprit?

Confirmed that this updated NVIDIA display driver is shown for my graphics card within Device Manager.

After successful boot, I restarted my workstation, and reverted changes to Boot Option Priorities. I was still able to boot cleanly into Windows 10.

I ultimately modified Boot Option Priorities. They are now set to

  1. UEFI
  2. Windows Boot Manager
  3. SATA

Using DISM and SFC in Windows 10 to Repair System Files

I was going through Event Viewer today to see what I could scare up, when I found Microsoft Windows security auditing throwing Event ID 6281.

Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

File Name:             \Device\HarddiskVolume4\Windows\System32\efswrt.dll

Use the System File Checker tool to repair missing or corrupted system files https://support.microsoft.com/en-us/kb/929833

I attempted to run SFC /scannow and it came back with the message:

Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log

I received the same result when running SFC from Safe Mode.

From here, I moved on to try DISM

Fix Windows Update errors by using the DISM or System Update Readiness Tool https://support.microsoft.com/en-us/kb/947821

Ran DISM /Online /Cleanup-Image /RestoreHealth
Output:

Error: 0x800f081f

The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

Before rushing off to specify a source file, I decided to try one more thing

Ran DISM /Online /Cleanup-Image /CheckHealth

Output:

The component store is repairable.
The operation completed successfully.

DISM indicates that the component store is repairable. I inferred from this statement that it was worth specifying a source file.

In hindsight, it would have been best to run /CheckHealth before /RestoreHealth, as /CheckHealth completes very quickly, and allows the operator to know if DISM can be of any further use.

A Microsoft TechNet article entitled Repair a Windows Image (https://technet.microsoft.com/en-us/library/hh824869.aspx, applies to Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2) suggests the following sequence:

First scan the image to check for corruption using Dism /Online /Cleanup-Image /ScanHealth
Then check the image to see whether any corruption has been detected using Dism /Online /Cleanup-Image /CheckHealth

Mounted a Windows 10 ISO with build 10586.

Ran DISM /Online /Cleanup-Image /RestoreHealth /Source:wim:F:\sources\install.wim:1 /limitaccess

Output:

The restore operation completed successfully.
The operation completed successfully.

Yes!

Finally, I returned to SFC

Ran sfc /scannow

Output:

Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

I will monitor my logs periodically to see if this resolved the hash failure found by Microsoft Windows security auditing.