Regedit won't run (but runs if I rename it?)

[Mugsy]

I unwittingly installed a bit of Adware, which is now gone, but the damage remains.

AdAware didn't catch it. Neither did AVG AntiVirus. I uninstalled the program before it did any significant damage, but one annoying problem persists: I can no longer run RegEdit (directly). The program had deleted RegEdit.exe, but I was able to copy it back from the XP cd.

When I try to run RegEdit, I get an error: "The application failed to initialize properly (0xc0000005). Click OK to terminate the application."

But here's the kicker: if I RENAME Regedit (ex: "xRegedit.exe"), it opens just fine.

Every "fix" I've researched online doesn't address this specific problem. I've run "sfc /scannow", did a System Restore, msconfig and HiJack show no suspicious programs running. I suspect some odd permission was changed, but I have no clue what.

I ran the "Doug Knox XP Security Console", and "Disable RegEdit" is unchecked. Checking and Unchecking changed nothing.

This isn't a catastrophe since I can always just rename the programs that are affected to get them to run, but it is INCREDIBLY annoying.

Anyone know a fix (short of a reinstall)? Thx.

System: 32bit WinXP Pro with SP2.

 

[Ultiweap]

Sometimes Virus leave traces that is very difficult to change or remove even they got deleted. The best way will be to try a repaire with the XP disc or if this don't work then try a fresh install of Windows.

 

[Mugsy]

Yeah, that seems to be it.

It's looking more and more to be the case.

I would do a repair install, except that after doing so, I'd have to reinstall the 180+ "service updates" from MS all over again. I'm not about to do that just to get "RegEdit.exe" to work again (when I can still run it by simply renaming it).

There's GOT to be another way. Something less drastic than a reinstall.

Thanks for replying though. I think this problem is too obscure to be solved here. (I'm a tech, and have never seen... or even heard... of a problem like this before.)

 

[Archean]

I found this which seems bit similar like your problem, not sure it will help but no harm if you choose to have a look at it.

 

[Mugsy]

Interesting info, but doesn't seem to apply.

Thanks for the link. It's a link I hadn't seen before, and the fact it mentions "renaming" to get a program to work certainly catches my interest, though their solution didn't seem to apply to me.

Checking the particular Reg entry they point to, I find only valid audio/video drivers. I searched through nearly the entire registry looking for other "phantom drivers" in the registry, but nothing turned up, and there are FAR too many drivers to check them all by hand.

I use a good registry cleaner ("Registry Mechanic") that would of caught any driver entries with no corresponding file, and I've personally checked by-hand every entry that contains "Regedit.exe" to see if something was doing something it shouldn't. I found nothing unusual.

If the problem is in the Registry itself, I don't see it (nor does "Registry Mechanic").

Thanks for the reply though. This is the weirdest mystery. But at least I now have another avenue to consider (an errant driver).

 

[Archean]

One more thing; can you make an icon of regedit executable on your desktop; then right click on it and run it as administrator?

Let me know what it does.

 

[pjamme]

Mugsy,
If you do not want to format, Fred Langa had a Windows Secret that I have used successfuly many times. check it out at:
http://www.informationweek.com/news...9400897&queryText=fred langa do not format xp

 

[Mugsy]

No go.

One more thing; can you make an icon of regedit executable on your desktop; then right click on it and run it as administrator?

Interesting idea.

I just tried it. No difference. I right-dragged RegEdit.exe to the desktop to create a shortcut, then clicked Properties, the Advanced button, and checked "run with different credentials".

By default, the credentials was my User account. I selected "Administrator" instead, but still get the same error when it tries to run.

Interesting idea, but it seems there's something else going on.

 

[Mugsy]

Interesting, but problemmatic

Mugsy,
If you do not want to format, Fred Langa had a Windows Secret that I have used successfuly many times. check it out at:
http://www.informationweek.com/news...9400897&queryText=fred langa do not format xp

Interesting information, but that tip overwrites the entire Windows directory, which would re-initialize Windows, resulting in having to reinstall all those Windows Service Pack patches that I described earlier (there's over 190 of them now), which I'd REALLY rather avoid.

I run the free Belarc System Advisor on the first of every month so that I always have the latest Security Releases from MS installed. When you reinstall Windows, all those patches are wiped out and you must reinstall them all over again... an unbelievable pain.

Whatever is causing this problem, it MUST be simply a matter of "permissions". But I've given every Account ("User", "Administrator", etc) "Full Control" and still the problem remains.

Thanks for the idea though.

 

[pjamme]

But, you do not have to re-install applications, jst SP3 and 60 some patches. Much less painless than a format and fresh install.

 

[Mugsy]

But, you do not have to re-install applications, jst SP3 and 60 some patches. Much less painless than a format and fresh install.

I use SP2 (don't like SP3), so the number of patches is far more than 60.

 

[Archean]

One more thing; you say when you try to run and nothing happens, check processes running on your system while you do that; does regedit shows up in running processes?

 

[Mugsy]

A warning. Not, nothing

I shouldn't have said "nothing".

If I run "regedit.exe", I get an error message dialog entitled "regedit.exe - Application Error" that reads:

"The application failed to initialize properly (0xc0000005). Click on OK to terminate the application."

Clicking OK results in the same error message appearing a second time. Clicking OK again gets rid of it.

I opened up the Task Manager while the error message was on screen, but found no unusual or unfamiliar processes running.

If I rename regedit.exe to "xregedit.exe" or "regedit.com", it runs just fine. Something just seems to be preventing "regedit.exe" specificly from running (and yes, I did scour the Registry looking for unusual references to "regedit.exe").

(I should note, "regedit.exe" won't run from Safe Mode either. Same error (unless I rename it, same as regular mode).

 

[Archean]

Well having tried so many things, i think there is no harm in trying one more:

keep your regedit executable's original file name

1. Open command prompt with administrator account
2. type: sfc /scannow

This will scan all windows files; and should repair any which are damaged if possible.

Its a long shot frankly but what the hell

 

[Mugsy]

Tried it.

Thanks for the reply, but check my original post. That's one of the first things I tried.

 

[Archean]

Oops sorry missed that out; only issue then is to find some other/untried solution to try out

 

[jgf]

This is probably of no help with your specific problem, but I had a similar problem on my XP system - only with screen savers. I had several screensavers that I particularly liked from an old W95 machine, a couple of them I knew also worked in W98, ME and 2000. I installed these on my XP system and they didn't appear in the list. Couldn't figure what was wrong but renamed them all (placed an underscore at the start) then copied the same files from my W95 machine to the XP machine. Went to the screensaver list ...and there were the renamed screensavers! I could never get these files to appear with their original names, but could alter the names in any way, including completely renaming them, and they worked fine.

Perhaps this is some arcane glitch in XP that we have both managed to trigger.

In your case, what happens if another program calls regedit? For example, in some of the windoze help files there is the "click here to run registry editor". There are also some system utilities, such as vid driver tweak programs, that can call regedit.

 

[Mugsy]

regedt32.exe, same thing.

In your case, what happens if another program calls regedit? For example, in some of the windoze help files there is the "click here to run registry editor". There are also some system utilities, such as vid driver tweak programs, that can call regedit.

The most obvious example of that would be "regedt32.exe" in the system32 folder. As of XP, it merely calls "regedit.exe" ("regedt32.exe" was kept simply for compatibility reasons). Running it gives the same error, as does any shortcut to regedit.exe that I create.

Theoretically, something is telling XP not to allow a program named "regedit.exe" to run, but I tried renaming another, completely different program "regedit.exe", and it ran just fine. So there isn't anything obstructing the filename specifically (which explains why I didn't find anything unusual in the Registry).

Registry cleaning programs like "Registry Mechanic" run just fine, but doesn't detect/fix the problem. Ditto for AdAware or AVG AV.

For some unfathomable reason, it is simply THAT one program ("regedit.exe") that won't run while it has THAT name. Even if I copy it to another folder, or try to run it in Safe Mode, I get the same error. So far, I have not found any other program/exe that won't run.

 

[Archean]

Well another idea to try out is:

Make a copy of regedit.exe in another location (leave the original in windows\system32, but rename it once you create a copy); e.g. copy regedit.exe in Windows folder (that way you wouldn't need to define a path for it/or shortcut).

Try running it and see what it does.

 

[Mugsy]

Tried all that.

Actually, "regedit.exe" exists in BOTH the Windows and system32 folders.

"Regedit.exe" will not run as is. No matter where I copy it to or shortcuts I direct to it. I even tried running it from a "regedit.bat" batch file. Same thing.

I've tried running it from Safe Mode, I've tried disabling EVERY system/start-up file using msconfig. Nada.

The program just will not run, from anywhere, using its true filename. Nor can Windows be "tricked" into calling it from a shortcut or bat file.

But it DOES run if I rename it.

 

[Archean]

You've tried lots/and being told about everything i could find from Microsoft .......

I also found this:

"This error message means that the user concerned doesn't have read access to some system file required by the application. This sometimes occurs with Visual Basic applications where the appropriate permissions aren't set to allow read access to the Visual Basic runtime DLL. But it can occur if read access is not permitted for any DLL, OCX or other component used by the application."

Now I am not entirely clear how a malware would do that to regedit.exe making it crash with original name; and yet if you rename it, it runs flawlessly. I am still at it; and trying to find something which hopefully solve this

 

[Mugsy]

Seen it.

Yes, I saw that message too.

Problem there is that... if it were a support file I didn't have permission for, I wouldn't be able to run regedit simply by renaming it. It would still rely on that same support file.

But regedit doesn't require any support files. It's a stand-alone app. I've even tried to run it from a different drive, but still, I get the same error.

So, if MS's explanation is correct, then I don't have "read permission" for "regedit.exe". But I've tried running it as Administrator, and still it refuses to run. And as I noted recently, renaming other programs to "regedit.exe" doesn't stop THEM from running. I've replaced it with a fresh copy off the XP CD, I've tried "sfc /scannow", and Registry Cleaners find nothing wrong.

Yet, that one program named "regedit.exe" will not run so long as it is named "regedit.exe".

 

[Mugsy]

UPDATE: Just discovered ANOTHER program that is refusing to run, producing the exact same error.

I downloaded the latest software update for my TV card. Same error. So the problem is (as I expected) not confined to just "regedit".

 

[Archean]

Hmmm ....... I've gone through few dozen threads in last couple of days; talked with a others; and we all suspect it is something to do with either rogue registry ID or something running on your system.

So it will be ideal if you can run HiJackThis, Malwarebytes & post their logs here.

Edit:
You said you don't like SP3, what issues exactly you had with it?

 

[Mugsy]

My suspicion too.

we all suspect it is something to do with either rogue registry ID or something running on your system.

Here is my HiJack log, but I doubt the issue is a running process since I have the same problem in SAFE MODE:
---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:18:29 AM, on 2/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG9\avgchsvx.exe
C:\Program Files\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG9\avgcsrvx.exe
C:\Program Files\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe (part of a CD Recorder I've been using for years)
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG9\avgnsx.exe
C:\Program Files\AVG9\avgemc.exe
C:\Program Files\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE (RealTek Audio CP)
C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\PROGRA~1\AVG9\avgtray.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WatchHDTV\WatchHDTVSched.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Program Files\tclock\tclock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Thunderbird\thunderbird.exe
C:\Program Files\HiJack199.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE (RealTek Audio CP)
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\PowerDVD9\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE (RealTek Audio tray)
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: Tclock.lnk = C:\Program Files\tclock\tclock.exe
O4 - Global Startup: WatchHDTVSched.lnk = C:\Program Files\WatchHDTV\WatchHDTVSched.exe
O4 - Global Startup: WinTV Recording Status..lnk = C:\Program Files\WinTV\WinTV7\WinTVTray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{0483A094-D537-4595-B2A0-A8EC6698DFE4}: NameServer = 68.94.156.1 68.94.157.1 (ATI Catalyst Control Center)
O17 - HKLM\System\CS1\Services\Tcpip\..\{0483A094-D537-4595-B2A0-A8EC6698DFE4}: NameServer = 68.94.156.1 68.94.157.1 (ATI Catalyst Control Center)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------------------------------------------

Every registry scanner I've tried ("Registry Mechanic 4", AVG Free, AdAware) all report no problems. So if it is a Registry entry, none of the software tools I've tried can find it.

Any help you can provide is extremely appreciated. I REALLY don't want to do a reinstall because the result is almost always a less stable system. And if I reinstall Windows and it doesn't fix the problem, I'll have to reinstall all those MS Security Patches all over again for nothing.