TechSpot

Regedit won't work in run or from C:\WINDOWS

By kraving
May 21, 2009
  1. The problem is that when I type in regedit in the run window, all that happens is that the mouse icon turns into the loading icon for a sec then nothing happens. Same thing when i run regedit.exe. No windows open.

    Other things I have noticed is that when i reboot, there are rundll errors at startup that are zabufaki.dll and hmuziwoluwa.dat saying that they are missing or corrupted(I'm not sure).

    Also regedit32.exe is missing.

    Thanks.
     
  2. Spyder_1386

    Spyder_1386 TS Rookie Posts: 498

    hi kraving

    Looks like your computer is pretty heavily infected. Please follow the 8-step guide here (do not skip any steps) ... http://www.techspot.com/vb/topic58138.html ... and attach the required logs to your next post so that one of the experts can have a look at them for you.

    Spyder_1386 :)
     
  3. kraving

    kraving TS Rookie Topic Starter

    My problems went away using the 8 steps.

    Thanks for your help.
     
  4. Spyder_1386

    Spyder_1386 TS Rookie Posts: 498

    Hi kraving

    Your symptoms might have gone away but that doesn't mean your system is completely clean as yet. I would advise you to attach the required logs to your next post to have them reviewed.

    Spyder_1386 :)
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Spyder is absolutely correct! Some infections require additional cleaning program to be run. Some entries in a HijackThis log need to be removed followed by additional specific action. That's what we do when we review the logs.

    Although it's in the 8 Steps:
    Did you update your Java? Your is very old and vulnerable, (Java\jre1.5.0_06)
    In addition to running the 3 programs and checking the logs, Combofix and CFScript would have been suggested-only with out help- to remove bad entries such as jahomayo.dll, zabufaki.dll and other system 32 files.

    And if you'd stuck around for our help, it would begin like this:
    You are using two antivirius programs> AVG and BullGuard. The later is in excess:
    C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
    and 18 entries for:
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe

    BullGuard Limited, is an Internet security company, that creates antivirus and antispyware applications for PCs and mobile phones.
    The latest version is 8.5.0.17 and incorporates Antivirus, Firewall, Antispyware, Spamfilter, Backup and Support software.

    I'd also tell you than this is NOT a legitimate LSP, but a Vundo entry:
    O20 - AppInit_DLLs: C:\WINDOWS\system32\rasohive.dll,C:\WINDOWS\system32\podiyemo.dll
    podiyemo.dll.tmp (Trojan.Vundo)
    RASOHIVE.DLL Cloaked Malware

    That needs to be removed and files deleted.

    But it's beautiful and sunny in Florida, for the first time in 12 days (not a complaint!) so I'm going to the picnic that's on again after being rained out!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...