TechSpot

Problems With regedit and taskmanager

By smokewater
Apr 18, 2006
  1. It all started when I noticed that when I pressed ctrl alt del nothing happened. Then later when i typed regedit in the run box it said regedit was not a valid win32 application. First i tried to run the trend housecall virus scan and it seemed to be working rather well, finding lots of Malware. Before I could delete the malware and before the search was finished a message would pop up, saying "The instruction of 0x10101012 referenced memory at 0xffffffff could not be read. Click ok to terminate the program. Click cancel to debug the program" I tried both (i tried the search many times) and regardless of what i did the window would always close. Next I tried spysweeper, which for some reason could not find my internet connection. Spyware eliminator worked and removed some spyware, but it still didn't solve the regedit problem. Then a ran Ewido which I think also helped but still regedit wont open and my taskmanager still has problems. Any help would be greatly appreciated.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Click star/run and type regsvr32 /u C:\WINDOWS\msopt.dll into the run box and press the enter key.


    Open your task manager(if you can) and click on the processes tab. End process for(if there).

    ouuqm.exe

    close task manager.

    Run HJT with no other programme open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjogx.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjogx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjogx.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ctcweb.net:8002

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;Only fix this if you don`t know what it is, or you don`t use a proxy override.

    O4 - HKCU\..\Run: [ouuq] C:\PROGRA~1\COMMON~1\ouuq\ouuqm.exe

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c46.cab

    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\PROGRA~1\COMMON~1\ouuq\ouuqm.exe
    C:\WINDOWS\msopt.dll

    Reboot into normal mode and turn system restore back on.

    Regards Howard :wave: :wave:
     
  3. smokewater

    smokewater TS Rookie Topic Starter

    Thank you. Everything seems to be working all right now. When i tried to run C:\WINDOWS\msopt.dll a message popped up that said specified module could not be found. Then later when I went into C:\WINDOWS to delete it i didnt see it there so I guess thats a good thing. I noticed my msn messenger is working now and it hasnt been working for quite some time, I guess that had something to do with the problems I had. I'm going to try that trend micro search again. Thanks for the help.
     
  4. smokewater

    smokewater TS Rookie Topic Starter

    I tried that techspot housecall search again and it found some stuff, lots of worms and a trojan i think. It actually got done with the search but before it could finish cleaning them up the same error message popped up.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Try this online scanner HERE

    Try this one HERE as well.

    Regards Howard :)
     
  6. smokewater

    smokewater TS Rookie Topic Starter

    Thanks for the quick reply. Im running the panda scan right now, and then I will run the other one.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok. When you`re done, post a fresh HJT log.

    Regards Howard :)
     
  8. smokewater

    smokewater TS Rookie Topic Starter

    Im running the second scan as I write this. I think I figured out my problem. The panda scan detected the trojan Gaodrop.A. The panda encyclopedia says that it prevents your from opening your registry. Also, probably the biggest problem I noticed in the trend micro search was the worm Gaobot which the panda encyclopedia was able to tell me is created by Gaodrop.A. The panda scan wouldn't let me delete the malware though without buying it. Hopefully the Kaspersky one will.
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There is a removal tool HERE for the Gaobot infection.

    Regards Howard :)
     
  10. smokewater

    smokewater TS Rookie Topic Starter

    sorry it took so long

    Well i finally got that trend micro search to run and complete. Thats the good news. The bad news is regedit still wont work! Here is my hijack this log. Maybe you can make some sense of it.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Maybe your OS has been damaged by the infections.

    Try doing a Windows repair, as per this thread HERE

    Regards Howard :)
     
  12. smokewater

    smokewater TS Rookie Topic Starter

    Thanks for the help, I'll try it.
     
  13. smokewater

    smokewater TS Rookie Topic Starter

    Okay. Before I was going to fix the registry, I figured I had better check for any other problems. I found a post of yours that said I should run vundofix and looktome destroyer. I downloaded both. I ran the looktome one as a task. It said it would start in about a minute. 24 hours later I woke up and found it on my computer. I clicked scan and instantly it went to a blue screen with white letters that said "A process or thread crucial to system operation has unexpactedly been terminated. BLAH BLAH BLAH. Your computer attempted a dump of the physical memory." Do you have any idea what is wrong here because i dont.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m sorry, but no, I have no idea what could be wrong.

    All I can say is, I`ve checked your latest HJT log and it looks clean.

    Regards Howard :)
     
  15. smokewater

    smokewater TS Rookie Topic Starter

    Thanks anyway. You've been a lot of help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...