Registry is messed up

I ran spybot s&d for the first time on my computer (running Vista) and it messed up my registry (I am very sure I have no viruses atm) because I guess it assumed that I had Windows XP. Whenever I logon to any of the user accounts, explorer.exe does NOT automatically start, but instead two folders are opened and I get two errors. First the folder C:\Windows\system32 is opened, and then when I manually start explorer.exe through the task manager I get two identical errors saying that the Windows registry could not load "C:\Windows\system32\svchost.exe" and then the Windows explorer opens showing My Documents, My Computer, etc.

If anybody knows of a program that could sort out my registry please tell me about it. Otherwise, I'd appreciate any other help!

System Restore

Sorry brief must go and come back later !

Thank you for your response! However, System Restore will not work as the earliest available restore point is after my computer started doing this. I tried it anyway without success. Please help!

Startup Control Panel should remove those annoying startup entries
Deselect (untick) any non needed (or obsolete) startup shortcuts (this reversable so don't worry)
You will need to restart after de-selecting any (or all) entries

Thank you for your response! However, Startup Control Panel shows no startup programs except AVG and Google Talk, which I want.

This is not a startup program which I am having difficulties with, but the lack of one. Explorer.exe is not a startup program, so all I get is a black screen when I logon (with some random folders opening and the two errors).

Boot from your Windows Vista DVD, select the System Repair Option > on the
setup screen, select 'Repair Computer > Select your installation of Windows
> select Startup Repair option and follow instructions.

Snippit taken from Microsoft

While a repair might well be the only solution,

all those errors do have XP counterparts and solutions.

All of them caused by cause by leftover damage from spyware removal.

I throw these out to you,for your consideration -


See HERE for system 32 error, and HERE for svchost error.

and the post by Wilson Chu for the explorer isssue.


You may only have to delete the following registry key,and not everything Wilson suggested -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows ???\CurrentVersion\Image File Execution Options\explorer.exe

Must you have Windos Vista?

I would suggest Wiping that HDD clean with Kill disk then installing XP if you have a copy. I have seen silly things while working with vista.

Disregard Myzz617 comment
You need Vista repaired not replaced

In your "opinion" it needs to be replaced. You can put XP on it W/O a problem. Its a more stable OS than Vista is now.

The choice is up 2 you apparently.

Make sure you back up your files first, then download either CCleaner, or Eusing Free Registry cleaner. These two apps. are a nice alternative to having to use a Windows application for your registry problems.

FenderGuy2112

Thank you all for your responses. I will try repairing using the Vista CD and if that is unsuccsessful I will try a program such as CCleaner. Happy new year!

EDIT

System repair through the Windows Vista DVD was unable to find any problems with the system startup. Time to try CCleaner!

EDIT #2

CCleaner was also unable to detect the issue. I will now try Po`Girl's recommendations.

EDIT #3

None of the things that Po`Girl suggested applied to or fixed my problem. I am beginning to think about comparing my Registry startup values with those of a healthy Vista computer and adding/deleting entries manually.

It has been about two months and this is still an annoying problem. Does anyone else have any ideas?

When you stall SpyBot Search&Destroy you are asked to create a restore point. Did you do that?
Also, did you use the safer-networking SpyBot S&D or the other Spybot.com version?

I have used SpyBot S&D for years from windows98 to XP Pro 64bit without any problems. SpyBot at spybot.com I don't know anything about. Anyone have experience with those folks?
Monton

i can suggest a couple things you might want to try

1. Search for explorer.exe (be sure Vista is also searching through hidden files and folders). It should appear under Windows/System32. The fact that your logon opens to folder Windows/System32 rather then execute explorer makes me wonder if explorer.exe isn't there or the Winlogon shell command is wrong
2. Check the Shell value for Winlogon in your registry. Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon should show
   
   Code:

   [B]Shell     REG_SZ    explorer.exe[/B]

   It may be worthwhile to delete and re-enter explorer.exe yourself
3. Run System File Checker just to verify all the Vista system files. Open a cmd window as Administrator and type sfc /scannow. See this Microsoft Article for how to view the logfile and analyze results.

/* Edit */
I should say, make sure the Winlogon Shell value is simply explorer.exe. This makes sure it's not an issue of incorrect parameters after the command causing problems

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

Besides the fact that I do not use Windows NT, this directory does not exist. I get as far as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion but there is no directory named 'Winlogon'.

1. Welcome to the non-obvious nor intuitive world of Windows
2. Read my post again. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon refers to the registry, not a disk directory.
3. I guessed from the references to it in your first post you were familiar with the Windows registry?
4. And, yes, even though you are running Windows Vista you have a registry subkey WindowsNT

The registry is sort-of the "Master database" of information for your system. I found this link to explain the Windows Registry a little more.

You need be careful anytime you go into the registry. Back it up and create a system restore point before making any changes. Click here instructions for Vista.

Are you familiar with the Windows regedit tool to view/modify the registry? Here's a guide to the native Windows Vista tool.

/* Edit */
Just re-read your post and your use of the word "directory" rather then key or subkey threw me off. Yes, you are familiar w/the registry. But you should have both a Windows and Windows NT subkey.

Sorry for the confusion, LookinAround, but yeah I had just been completely overlooking that 'Windows NT' key. It's fixed! Thank you so much!

However, I still get the same two errors when I log onto the user accounts telling me that 'svchost.exe' cannot be loaded.

That's great news

You can run Startup Control Panel to remove any unwanted (of faulty startups)

HEREs an excellent information page on checking all system startups.

Let us know how you go.

No problem about any confusion JesseM. Glad it got you past the one problem.

But given the Winlogon/Shell value was in fact the source of one problem, I also suspect your registry value for Winlogon/Userinit.

However
I suspect the reason they've changed in the first place is because of spyware or virus infection (changing your registry user logon settings is a common form of infection)

Rather then having you look further at individual registry settings, you should look for infections. Follow the instructions in this link on Spyware removal which will also tell you how to create and post Hijackthis logs. (fyi.. one of the things HJT inspects are the specific registry values i've been talking about)

kimsland: This type of infection wouldn't likely be found among startup programs. It's "starting itself" by hooking its changes into the user logon settings rather then hooking itself the startup programs.

/* Edit */
btw.. it sounds like it's not starting itself successfully and that's what you are seeing. Could be that Spybot saw the infection and removed some but couldn't remove all of its parts.