regedit won't open and security detecting w32

[crpred]

I can't get in regedit or get rid of w32/sdbot.ous or w32/vb.nq (These were found by my security program, but cannot be deleted or repaired).

Limewire kept starting up over and over, but after adaware and HJT ran, that stopped.


xoftspy found these, but wont rid them.
c:\windows\system32\cmd.com
emsmtp.dll
netstat.com
ping.com
regedit.com
taskkill.com
tasklist.com
tracert.com
c:\programfiles\viewpoint


Any instruction would be greatly appreciated. Thanks....

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow the instructions.

Then, go HERE and follow the instructions in the order they are given.

Post a fresh HJT log into this thread, only after doing the above.


Regards Howard :wave: :wave:

 

[crpred]

I have completed the instructions and here are my logs

I still cannot open regedit....

Thanks Howard...

 

[crpred]

when I attempt regedit, i get.....

regedit is not a valid win32 application

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Locate the following services(if there) and double click on them. Select stop if they are running, set the startup type to disabled and click apply/ok.

winlog

Close the services window.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

winlog.exe
BigFix.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127511318709
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

winlog.exe You will need to do a search of your system to find where this file is located.

Reboot into normal mode and turn system restore back on.

Regards Howard

 

[crpred]

It worked..

thanks Howard! All is well....