TechSpot

can't open regedit

By symotheflymo
May 24, 2006
  1. Hi,
    I've followed your instructions now. I ran housecall and pandascan which found a few things of which housecall managed to remove some.
    Then used look2me remover (log attached) and vundo remover. Didn't see anything there to cause concern. Then I ran smitfraud fix in safe mode which caused some consternation as it seemmed to take ages...on checking in task manager it appears that several instances of regedit were trying to be run at the same time and cycling between running/not running and the instances appearing in different places in the list of processes. What's that about? Anyway I did the clean and reboot for that (rapport log attached). Then I followed instructions for trojans and begintosearch etc. and did the Ewido scan. (scan log attached). And now here I am with the HJT log attached too. So far I'm still scratchin my head over why I can't get regedit to open after having done all this. Would be extremely grateful if you can help.
    cheers,
    Simon
    PS...also followed your additional security advice 'prevent infections...'. Useful stuff.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - Default URLSearchHook is missing

    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    Fix all 016-DPF entries.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB39358E-0FB6-4B61-AAFE-EFFDA345ECFC}: NameServer = 192.168.1.1<Only fix this, if it doesn`t belong to your isp.

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    If you still can`t open regedit. Take a look at this thread HERE. It deals mainly with task manager problems, but also deals with regedit as well.


    Regards Howard :wave: :wave:
     
  3. symotheflymo

    symotheflymo TS Rookie Topic Starter

    can't open regedit.....now i can..thanks!

    Allo Howard!

    I got HJT to fix the items you listed but regedit still wouldn't have a bar of it so I followed the link to the taskmanager tips page that you pointed me to. From that I decided to go looking for another copy of regedit.exe and found that i had 2 other copies...one in C:\windows and another in C:\windows\servicepackfiles \i386. Is that normal?

    I went from there to the \system32 folder and noticed that both regedit.exe and regedt32.exe had the wrong icons (see attached png file) and I remembered having noticed them some time ago after an AlcraB infection....Wish I'd persevered with finding out about it back then!

    I copied one of the regedit.exe files with the correct icon to my desktop, renamed it regedt32.exe, then cut and pasted it into my \system32 folder. I also copied and pasted regedit.exe into the \system32 folder, effectively replacing both the files with dodgy icons...hey presto..my regedit now opens.
    I'm going to check for the icon file elsewhere on my system incase it does a lazarus and get's me again!

    I'd be interested to know any more suggestions/information you have.

    Many thanks for your help....legendary work!
    cheers,
    Simon
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...