J
Jose
If you go to Start, Run cmd <enter> does that work?
Does Start, Run, command <enter> work?
If you are not running regedit from Start, Run please try it there
also.
If you go to Start, Run cmd <enter> does that work?
Does Start, Run, command <enter> work?
If you are not running regedit from Start, Run please try it there
also.
P
Pegasus [MVP]
Tracy said:
I seem to recall that this can happen as a result of a virus/malware
infection. Scan your system with a good virus scanner!
P
Pegasus [MVP]
Tracy said:
.. . . and while you're at it, fix your clock and/or your time zone. You're
posting in the future.
J
Jose
Try Malwarebytes free download, install, update, full scan.
I would still like to know the answers to my other questions since I
have seen this 3 times now and am zeroing in on a one response fix.
T
Tracy
hello,
i have windows xp service pack 2 and can no longer run regedit.
i run it, the desktop goes blank for a few seconds and the taskbar
disappears. they come back, but the registry editor will not open.
the file regedit.exe is in the winnt folder, so i don't know what's going
on.
any help would be greatly appreciated.
thank you.
Tracy
* * * * * * * * * *
i have windows xp service pack 2 and can no longer run regedit.
i run it, the desktop goes blank for a few seconds and the taskbar
disappears. they come back, but the registry editor will not open.
the file regedit.exe is in the winnt folder, so i don't know what's going
on.
any help would be greatly appreciated.
thank you.
Tracy
* * * * * * * * * *
R
Ron Badour
As Pegasus mentioned, a virus/Trojan/malware can be responsible for this
problem. I recently cleaned up a computer where I could not install or run
AV or malware programs and the registry editor would not open. These
*%$#_()(*=@ virus writers are writing pretty sophisticated programs now
days. If this should be your problem, what you can do is slave the infected
hard drive up to an uninfected machine and use the software on that PC to
clean the infected drive. This method will not clean the registry entries
but it should get rid of enough infected files that you can run scans with
up to date AV and malware programs on the infected PC. Should you need
specific instructions, please post back.
Another thing you can try is to change the extension on regedit.exe to
regedit.com and then try double clicking the file.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
problem. I recently cleaned up a computer where I could not install or run
AV or malware programs and the registry editor would not open. These
*%$#_()(*=@ virus writers are writing pretty sophisticated programs now
days. If this should be your problem, what you can do is slave the infected
hard drive up to an uninfected machine and use the software on that PC to
clean the infected drive. This method will not clean the registry entries
but it should get rid of enough infected files that you can run scans with
up to date AV and malware programs on the infected PC. Should you need
specific instructions, please post back.
Another thing you can try is to change the extension on regedit.exe to
regedit.com and then try double clicking the file.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
J
Jose
If you do a full scan with an updated Malwarebytes and still have a
problem, please answer my previous questions.
I am finished zeroing.
J
Jose
The problem is that regedit.exe will not run. A copy called
regedit.com may work, but does not fix the problem
Let's see if my other questions get answered.
R
Ron Badour
I didn't say regedit.com would fix the problem. I suggested a possible
cause for the problem and I told him a possible way to get around
regedit.exe not working.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
The problem is that regedit.exe will not run. A copy called
regedit.com may work, but does not fix the problem
Let's see if my other questions get answered.
cause for the problem and I told him a possible way to get around
regedit.exe not working.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
The problem is that regedit.exe will not run. A copy called
regedit.com may work, but does not fix the problem
Let's see if my other questions get answered.
J
Jose
I didn't say regedit.com would fix the problem. I suggested a possible
cause for the problem and I told him a possible way to get around
regedit.exe not working.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
The problem is that regedit.exe will not run. A copy called
regedit.com may work, but does not fix the problem
Let's see if my other questions get answered.
I am quite sure it is a trojan - like you said.
I just would like to get the other questions answered to be sure my
idea for solution is on track.
T
Tracy
hello,
i just checked my clock and time zone and both are correct, so i'm not sure
what i'm doing wrong.
thank you
Tracy
* * * * * * * * * *
:
: : > hello,
: >
: > i have windows xp service pack 2 and can no longer run regedit.
: > i run it, the desktop goes blank for a few seconds and the taskbar
: > disappears. they come back, but the registry editor will not open.
: > the file regedit.exe is in the winnt folder, so i don't know what's
going
: > on.
: > any help would be greatly appreciated.
: >
: > thank you.
: >
: > Tracy
: > * * * * * * * * * *
: >
:
: . . . and while you're at it, fix your clock and/or your time zone. You're
: posting in the future.
:
:
i just checked my clock and time zone and both are correct, so i'm not sure
what i'm doing wrong.
thank you
Tracy
* * * * * * * * * *
:
: : > hello,
: >
: > i have windows xp service pack 2 and can no longer run regedit.
: > i run it, the desktop goes blank for a few seconds and the taskbar
: > disappears. they come back, but the registry editor will not open.
: > the file regedit.exe is in the winnt folder, so i don't know what's
going
: > on.
: > any help would be greatly appreciated.
: >
: > thank you.
: >
: > Tracy
: > * * * * * * * * * *
: >
:
: . . . and while you're at it, fix your clock and/or your time zone. You're
: posting in the future.
:
:
T
Tracy
hi jose,
ok, i will download and run malwarebyes right now and will report back
shortly.
a few minutes ago, i responded to your prior email.
thank you
Tracy
* * * * * * * * * *
Try Malwarebytes free download, install, update, full scan.
I would still like to know the answers to my other questions since I
have seen this 3 times now and am zeroing in on a one response fix.
ok, i will download and run malwarebyes right now and will report back
shortly.
a few minutes ago, i responded to your prior email.
thank you
Tracy
* * * * * * * * * *
Try Malwarebytes free download, install, update, full scan.
I would still like to know the answers to my other questions since I
have seen this 3 times now and am zeroing in on a one response fix.
T
Tracy
hello,
no, that doesn't work.
i tried your suggestion several times on different days before posting the
question.
Tracy
* * * * * * * * * *
If you go to Start, Run cmd <enter> does that work?
Does Start, Run, command <enter> work?
If you are not running regedit from Start, Run please try it there
also.
no, that doesn't work.
i tried your suggestion several times on different days before posting the
question.
Tracy
* * * * * * * * * *
If you go to Start, Run cmd <enter> does that work?
Does Start, Run, command <enter> work?
If you are not running regedit from Start, Run please try it there
also.
T
Tracy
hello,
prior to posting the question, i scanned several times over a few days.
nothing came up.
i used avg freeware.
if that isn't sufficient, please let me know what else i can use to scan
with.
thank you
Tracy
* * * * * * * * * *
:
: : > hello,
: >
: > i have windows xp service pack 2 and can no longer run regedit.
: > i run it, the desktop goes blank for a few seconds and the taskbar
: > disappears. they come back, but the registry editor will not open.
: > the file regedit.exe is in the winnt folder, so i don't know what's
going
: > on.
: > any help would be greatly appreciated.
: >
: > thank you.
: >
: > Tracy
: > * * * * * * * * * *
:
: I seem to recall that this can happen as a result of a virus/malware
: infection. Scan your system with a good virus scanner!
:
:
prior to posting the question, i scanned several times over a few days.
nothing came up.
i used avg freeware.
if that isn't sufficient, please let me know what else i can use to scan
with.
thank you
Tracy
* * * * * * * * * *
:
: : > hello,
: >
: > i have windows xp service pack 2 and can no longer run regedit.
: > i run it, the desktop goes blank for a few seconds and the taskbar
: > disappears. they come back, but the registry editor will not open.
: > the file regedit.exe is in the winnt folder, so i don't know what's
going
: > on.
: > any help would be greatly appreciated.
: >
: > thank you.
: >
: > Tracy
: > * * * * * * * * * *
:
: I seem to recall that this can happen as a result of a virus/malware
: infection. Scan your system with a good virus scanner!
:
:
J
Jose
Good. In a way...
If regedit.exe and cmd will not work from Start, Run AND you have run
MBAM, read this and follow the instructions and report back:
I believe part of the effect of this problem is that regedit and cmd
won't run merely by their name alone. This is why COMMAND works.
Tricky malware.
I think that regedt32 might work, so try that just to see. Regedt32
uses regedit so it might not run but your result will be a clue. If
regedt32 works exit out of any registry edit program when you are done
testing. We'll stick with regedit.
Get into your c:\windows folder and make a copy of regedit.exe - call
it copy.exe or something you can remember. You can do all this file
manipulation through Windows Explorer or your newfound COMMAND window.
Using Start, Run, your copy.exe may not work just because regedit.exe
still exists, so if copy.exe doesn't work and behaves like regedit,
get rid of copy.exe it and RENAME regedit.exe to copy.exe. Now,
regedit.exe does not exist, but copy.exe does. You will want to
replace your regedit.exe later, so make a note. The thing is we must
get into the registry somehow.
You should now be able to either run copy.exe or regedt32.exe to get
into the registry, but try copy.exe first since you are more familiar
with that look.
When you get into the registry, navigate to here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32
Highlight the Drivers32 sub-key and under File menu choose Export.
Name the file something like drivers32 and save the file to the
desktop or someplace you can find it. It will have the default .reg
extension for registry files. You will get drivers32.reg in the place
you saved it.
Depending on your expertise, you may be able to spot the problem here
right away and fix it. Even if you do something wrong, you just
exported the key so you can always import the original if you need to
restore it to the original state.
Look for suspicious entries like this with the double backslahes and
the double dot (..) notations and references to files that do not
exist or make no sense. Maybe something like this:
"aux"="C:\\WINDOWS\\system32\\..\\jwmrus.yds"
These are the remnants of your trojan that your scan did not delete.
The scan may have deleted the file (you can't find it after a scan),
but not the registry entry. In the example above, "aux" should just
be "wdmaud.drv" but you may see other results.
Delete the entry or fix the data part so it makes sense. If I don't
see it I can't tell you how to change it, but deleting may be safe -
you have a backup, right?
If you can't spot the problem, then you need to post the registry
export results here.
I want to see the contents of that file which has your exported key.
If you double click it, it will just import it back into the registry
(like it should with the .reg extension). It won't make any
duplicates, it will just overwrite what is there already. Even if you
call it drivers32.txt, if you double click it to open the .txt file,
it will import it into the registry just because of contents looks
like registry stuff.
So, right click the file, choose Open With and use notepad or wordpad
to open the file. There should not be a whole lot in the file.
In the editor, type Ctrl A to select all, Ctrl C to copy and then post
back here and type Ctrl V to paste the results here for more help.
T
Tracy
hi jose,
i ran malwarebyes and it found several bad files, so i removed them and
rebooted as instructed by the software.
regedit still would not run.
per your email below, i did the following:
1. i tried to run regedt32 and nothing happened.
2. i made a copy of regedit and placed it on my desktop and named it
copy.exe
i left the original regedit.exe file where it was, untouched.
when i double-clicked on copy.exe, the registry editor opened. yippee!
3. in the registry, i went to this location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
in this folder, i do not have a drivers32 subkey, or do you mean the folder
drivers32
okay, this is where i think i got lost trying to do what you told me to
in what i call the drivers32 (yellow) folder, i see the following entry
name data
aux C:\DOCUME~1\Tracy\LOCALS~1\Temp\..\ygpeaky.xyx
am i suppose to delete the entry above?
i'm sorry, but i don't know how to fix the file so that it makes sense
no other entry in the drivers32 folder has anything close to what you said
to look for
i don't know how to post the registry export and i do not understand
anything in the last 5 paragraphs of your email, but i am very willing to
learn and do what you say.
let me know what i need to do next.
thank you so much
Tracy
* * * * * * * * * *
Good. In a way...
If regedit.exe and cmd will not work from Start, Run AND you have run
MBAM, read this and follow the instructions and report back:
I believe part of the effect of this problem is that regedit and cmd
won't run merely by their name alone. This is why COMMAND works.
Tricky malware.
I think that regedt32 might work, so try that just to see. Regedt32
uses regedit so it might not run but your result will be a clue. If
regedt32 works exit out of any registry edit program when you are done
testing. We'll stick with regedit.
Get into your c:\windows folder and make a copy of regedit.exe - call
it copy.exe or something you can remember. You can do all this file
manipulation through Windows Explorer or your newfound COMMAND window.
Using Start, Run, your copy.exe may not work just because regedit.exe
still exists, so if copy.exe doesn't work and behaves like regedit,
get rid of copy.exe it and RENAME regedit.exe to copy.exe. Now,
regedit.exe does not exist, but copy.exe does. You will want to
replace your regedit.exe later, so make a note. The thing is we must
get into the registry somehow.
You should now be able to either run copy.exe or regedt32.exe to get
into the registry, but try copy.exe first since you are more familiar
with that look.
When you get into the registry, navigate to here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32
Highlight the Drivers32 sub-key and under File menu choose Export.
Name the file something like drivers32 and save the file to the
desktop or someplace you can find it. It will have the default .reg
extension for registry files. You will get drivers32.reg in the place
you saved it.
Depending on your expertise, you may be able to spot the problem here
right away and fix it. Even if you do something wrong, you just
exported the key so you can always import the original if you need to
restore it to the original state.
Look for suspicious entries like this with the double backslahes and
the double dot (..) notations and references to files that do not
exist or make no sense. Maybe something like this:
"aux"="C:\\WINDOWS\\system32\\..\\jwmrus.yds"
These are the remnants of your trojan that your scan did not delete.
The scan may have deleted the file (you can't find it after a scan),
but not the registry entry. In the example above, "aux" should just
be "wdmaud.drv" but you may see other results.
Delete the entry or fix the data part so it makes sense. If I don't
see it I can't tell you how to change it, but deleting may be safe -
you have a backup, right?
If you can't spot the problem, then you need to post the registry
export results here.
I want to see the contents of that file which has your exported key.
If you double click it, it will just import it back into the registry
(like it should with the .reg extension). It won't make any
duplicates, it will just overwrite what is there already. Even if you
call it drivers32.txt, if you double click it to open the .txt file,
it will import it into the registry just because of contents looks
like registry stuff.
So, right click the file, choose Open With and use notepad or wordpad
to open the file. There should not be a whole lot in the file.
In the editor, type Ctrl A to select all, Ctrl C to copy and then post
back here and type Ctrl V to paste the results here for more help.
i ran malwarebyes and it found several bad files, so i removed them and
rebooted as instructed by the software.
regedit still would not run.
per your email below, i did the following:
1. i tried to run regedt32 and nothing happened.
2. i made a copy of regedit and placed it on my desktop and named it
copy.exe
i left the original regedit.exe file where it was, untouched.
when i double-clicked on copy.exe, the registry editor opened. yippee!
3. in the registry, i went to this location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
in this folder, i do not have a drivers32 subkey, or do you mean the folder
drivers32
okay, this is where i think i got lost trying to do what you told me to
in what i call the drivers32 (yellow) folder, i see the following entry
name data
aux C:\DOCUME~1\Tracy\LOCALS~1\Temp\..\ygpeaky.xyx
am i suppose to delete the entry above?
i'm sorry, but i don't know how to fix the file so that it makes sense
no other entry in the drivers32 folder has anything close to what you said
to look for
i don't know how to post the registry export and i do not understand
anything in the last 5 paragraphs of your email, but i am very willing to
learn and do what you say.
let me know what i need to do next.
thank you so much
Tracy
* * * * * * * * * *
Good. In a way...
If regedit.exe and cmd will not work from Start, Run AND you have run
MBAM, read this and follow the instructions and report back:
I believe part of the effect of this problem is that regedit and cmd
won't run merely by their name alone. This is why COMMAND works.
Tricky malware.
I think that regedt32 might work, so try that just to see. Regedt32
uses regedit so it might not run but your result will be a clue. If
regedt32 works exit out of any registry edit program when you are done
testing. We'll stick with regedit.
Get into your c:\windows folder and make a copy of regedit.exe - call
it copy.exe or something you can remember. You can do all this file
manipulation through Windows Explorer or your newfound COMMAND window.
Using Start, Run, your copy.exe may not work just because regedit.exe
still exists, so if copy.exe doesn't work and behaves like regedit,
get rid of copy.exe it and RENAME regedit.exe to copy.exe. Now,
regedit.exe does not exist, but copy.exe does. You will want to
replace your regedit.exe later, so make a note. The thing is we must
get into the registry somehow.
You should now be able to either run copy.exe or regedt32.exe to get
into the registry, but try copy.exe first since you are more familiar
with that look.
When you get into the registry, navigate to here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32
Highlight the Drivers32 sub-key and under File menu choose Export.
Name the file something like drivers32 and save the file to the
desktop or someplace you can find it. It will have the default .reg
extension for registry files. You will get drivers32.reg in the place
you saved it.
Depending on your expertise, you may be able to spot the problem here
right away and fix it. Even if you do something wrong, you just
exported the key so you can always import the original if you need to
restore it to the original state.
Look for suspicious entries like this with the double backslahes and
the double dot (..) notations and references to files that do not
exist or make no sense. Maybe something like this:
"aux"="C:\\WINDOWS\\system32\\..\\jwmrus.yds"
These are the remnants of your trojan that your scan did not delete.
The scan may have deleted the file (you can't find it after a scan),
but not the registry entry. In the example above, "aux" should just
be "wdmaud.drv" but you may see other results.
Delete the entry or fix the data part so it makes sense. If I don't
see it I can't tell you how to change it, but deleting may be safe -
you have a backup, right?
If you can't spot the problem, then you need to post the registry
export results here.
I want to see the contents of that file which has your exported key.
If you double click it, it will just import it back into the registry
(like it should with the .reg extension). It won't make any
duplicates, it will just overwrite what is there already. Even if you
call it drivers32.txt, if you double click it to open the .txt file,
it will import it into the registry just because of contents looks
like registry stuff.
So, right click the file, choose Open With and use notepad or wordpad
to open the file. There should not be a whole lot in the file.
In the editor, type Ctrl A to select all, Ctrl C to copy and then post
back here and type Ctrl V to paste the results here for more help.
J
Jose
Yeah - you found the bogus entry. That file name makes no sense -
ygpeaky.xyx. The drivers32 folder is right. Are there any other
entries that look similar?
I would have to research (and I will) more about that"aux" entry
because sometimes I have seen an aux and an aux2.
I don't have an aux on my system at all, but have seen some, so it
depends on what is installed.
So first, change it to wdmaud.drv (no path) and try that. Double
click the aux key and change the value to wdmaud.drv and click OK to
save it. Then exit regedit (or copy.exe).
Hmmm... I will work on my instructions that are not clear to you, but
so far you are doing a good job!
When you are done, be sure to copy/rename copy.exe back to
regedit.exe.
Please report your results.
J
Jose
Now you also know that AVG is not sufficient...
J
Jose
Good job.
I am trying to tweak my "one response" reply to this problem, which
includes those 3 AV softwares...
I don't see where the OP never came back, but no news is...
Jose
V
Vivi
Jose:
I followed the instructions yoy gave to Tracy and managed to get into regedit
The only two entries that have backslashes are:
Name: msacm.iac2 Data c:\WINDOWS\sistem32\iac25_32.ax
Name: mscam.l3acm Data: c:\WINDOWS\system32\l3codeca.acm
Could these be the culprits? Where do I go from now?
Help!
I followed the instructions yoy gave to Tracy and managed to get into regedit
The only two entries that have backslashes are:
Name: msacm.iac2 Data c:\WINDOWS\sistem32\iac25_32.ax
Name: mscam.l3acm Data: c:\WINDOWS\system32\l3codeca.acm
Could these be the culprits? Where do I go from now?
Help!