Problems With regedit and taskmanager

Status
Not open for further replies.
S

smokewater

Posts: 11   +0
It all started when I noticed that when I pressed ctrl alt del nothing happened. Then later when i typed regedit in the run box it said regedit was not a valid win32 application. First i tried to run the trend housecall virus scan and it seemed to be working rather well, finding lots of Malware. Before I could delete the malware and before the search was finished a message would pop up, saying "The instruction of 0x10101012 referenced memory at 0xffffffff could not be read. Click ok to terminate the program. Click cancel to debug the program" I tried both (i tried the search many times) and regardless of what i did the window would always close. Next I tried spysweeper, which for some reason could not find my internet connection. Spyware eliminator worked and removed some spyware, but it still didn't solve the regedit problem. Then a ran Ewido which I think also helped but still regedit wont open and my taskmanager still has problems. Any help would be greatly appreciated.
 
Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click star/run and type regsvr32 /u C:\WINDOWS\msopt.dll into the run box and press the enter key.


Open your task manager(if you can) and click on the processes tab. End process for(if there).

ouuqm.exe

close task manager.

Run HJT with no other programme open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjogx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjogx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjogx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ctcweb.net:8002

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;Only fix this if you don`t know what it is, or you don`t use a proxy override.

O4 - HKCU\..\Run: [ouuq] C:\PROGRA~1\COMMON~1\ouuq\ouuqm.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c46.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\PROGRA~1\COMMON~1\ouuq\ouuqm.exe
C:\WINDOWS\msopt.dll

Reboot into normal mode and turn system restore back on.

Regards Howard :wave: :wave:
 
Thank you. Everything seems to be working all right now. When i tried to run C:\WINDOWS\msopt.dll a message popped up that said specified module could not be found. Then later when I went into C:\WINDOWS to delete it i didnt see it there so I guess thats a good thing. I noticed my msn messenger is working now and it hasnt been working for quite some time, I guess that had something to do with the problems I had. I'm going to try that trend micro search again. Thanks for the help.
 
I tried that techspot housecall search again and it found some stuff, lots of worms and a trojan i think. It actually got done with the search but before it could finish cleaning them up the same error message popped up.
 
Im running the second scan as I write this. I think I figured out my problem. The panda scan detected the trojan Gaodrop.A. The panda encyclopedia says that it prevents your from opening your registry. Also, probably the biggest problem I noticed in the trend micro search was the worm Gaobot which the panda encyclopedia was able to tell me is created by Gaodrop.A. The panda scan wouldn't let me delete the malware though without buying it. Hopefully the Kaspersky one will.
 
sorry it took so long

Well i finally got that trend micro search to run and complete. Thats the good news. The bad news is regedit still wont work! Here is my hijack this log. Maybe you can make some sense of it.
 
Okay. Before I was going to fix the registry, I figured I had better check for any other problems. I found a post of yours that said I should run vundofix and looktome destroyer. I downloaded both. I ran the looktome one as a task. It said it would start in about a minute. 24 hours later I woke up and found it on my computer. I clicked scan and instantly it went to a blue screen with white letters that said "A process or thread crucial to system operation has unexpactedly been terminated. BLAH BLAH BLAH. Your computer attempted a dump of the physical memory." Do you have any idea what is wrong here because i dont.
 
Do you have any idea what is wrong here because i dont.
Edit/Delete Message
Click to expand...

I`m sorry, but no, I have no idea what could be wrong.

All I can say is, I`ve checked your latest HJT log and it looks clean.

Regards Howard :)
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
131
James Ryan
J
P
Starting problems
Replies
4
Views
281
captaincranky
captaincranky
D
Could Google charge a fee for AI search results? We don't think so.
Replies
16
Views
229
Ecurb
Ecurb

Latest posts

Back