can't open regedit.exe

[Jose]

Jose:

I followed the instructions yoy gave to Tracy and managed to get into regedit

The only two entries that have backslashes are:

Name: msacm.iac2 Data c:\WINDOWS\sistem32\iac25_32.ax
Name: mscam.l3acm Data: c:\WINDOWS\system32\l3codeca.acm

Could these be the culprits? Where do I go from now?

Help!

Good for you.

You need to be sure to run these suggested detection programs:

Download, install, update and do a full scan with these three free
malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
AVG (AVG): http://free.avg.com/



The first entry in your example is just plain wrong (sistem).
Hopefully that is a typo.

Those referenced files have to do with MP3 or DVD type things and they
are not the issue with the problem we are tracking here.

Let's see if you have another symptom:

Can you get to a command prompt by going to Start, Run, cmd <enter>?
If yes, just type exit to close the window.

Just report if that works or not. We should take a look at that
entire registry value, so get back into regedit and navigate to here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32

Make sure on the left side, that the Drivers32 folder is highlighted.

Click File, Export and then pick a file name and location you can
remember. Exit regedit.

Navigate to the file (probably with a .reg extension), right click it
and choose Edit (not Open).

The contents of the file will be displayed in some text editor, type
CTRL+a to select all, CTRL+c to copy to the clipboard, come back here
and if your next message, type CTRL+v to paste the clipboard contents
into your message.

It should look something like this in your new post, and you can see
in my example, I have similar entries to yours (without the sistem),
but those are okay.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
..
.. (more stuff)
..
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
..
.. (more stuff)
..

Jose

 

[Vivi]

Thank you for your response. And yes, the "sistem" was a typo. Sorry about
that.

I was aware that we had been battling with a trojan and with the regedit not
working, it was impossible to update the antivirus (and windows). Running
Elistara in safe mode had - suposedly- eliminated the trojan. My last post
was regarding my daughter's computer, where after running the software from
malwarebytes, it identified a lot of additional stuff, and after restarting
according to software instructions, the regedit began working again, as well
as antivirus updates (although Windows updates still come up with error...).

Do you think we should also run SAS and AVG?

Now, I have a similar problem on my computer, which also had the trojan and
unaccessible regedit. I ran the MBAM (which found many infected files) and at
one point during the scan asked something about accessing the registry, and I
just put OK. After finishing scan, eliminating malware and restarting,
windows crashed. I went back to the "previous configuration that worked (or
something like that) and managed to get to this point. But regedit now says
that the administrator has disabled the registry edit (or something in this
sense: my windows is in Spanish).

Now, for the rest of your questions:

1. cmd works ok, I do get a command prompt.
2. in my computer copying and renaming the regedit file does not allow me to
view contents (I get the same message as when trying to open regedit). So I
cannot view or export or send you the contents.
3. Please tell me if you consider necessary to send you a copy of the
contents in the system32 from my daughter's computer, the one I had followed
your instructions on, since now the regedit there is working.

Hope this doesn't crash again before I get an answer!

Good for you.

You need to be sure to run these suggested detection programs:

Download, install, update and do a full scan with these three free
malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
AVG (AVG): http://free.avg.com/



The first entry in your example is just plain wrong (sistem).
Hopefully that is a typo.

Those referenced files have to do with MP3 or DVD type things and they
are not the issue with the problem we are tracking here.

Let's see if you have another symptom:

Can you get to a command prompt by going to Start, Run, cmd <enter>?
If yes, just type exit to close the window.

Just report if that works or not. We should take a look at that
entire registry value, so get back into regedit and navigate to here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32

Make sure on the left side, that the Drivers32 folder is highlighted.

Click File, Export and then pick a file name and location you can
remember. Exit regedit.

Navigate to the file (probably with a .reg extension), right click it
and choose Edit (not Open).

The contents of the file will be displayed in some text editor, type
CTRL+a to select all, CTRL+c to copy to the clipboard, come back here
and if your next message, type CTRL+v to paste the clipboard contents
into your message.

It should look something like this in your new post, and you can see
in my example, I have similar entries to yours (without the sistem),
but those are okay.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
..
.. (more stuff)
..
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
..
.. (more stuff)
..

Jose

 

[Jose]

Thank you for your response. And yes, the "sistem" was a typo. Sorry about
that.

I was aware that we had been battling with a trojan and with the regedit not
working, it was impossible to update the antivirus (and windows). Running
Elistara in safe mode had - suposedly- eliminated the trojan. My last post
was regarding my daughter's computer, where after running the software from
malwarebytes, it identified a lot of additional stuff, and after restarting
according to software instructions, the regedit began working again, as well
as antivirus updates (although Windows updates still come up with error....).

Do you think we should also run SAS and AVG?

Now, I have a similar problem on my computer, which also had the trojan and
unaccessible regedit. I ran the MBAM (which found many infected files) and at
one point during the scan asked something about accessing the registry, and I
just put OK. After finishing scan, eliminating malware and restarting,
windows crashed. I went back to the "previous configuration that worked (or
something like that) and managed to get to this point. But regedit now says
that the administrator has disabled the registry edit (or something in this
sense: my windows is in Spanish).

Now, for the rest of your questions:

1. cmd works ok, I do get a command prompt.
2. in my computer copying and renaming the regedit file does not allow meto
view contents (I get the same message as when trying to open regedit). SoI
cannot view or export or send you the contents.
3. Please tell me if you consider necessary to send you a copy of the
contents in the system32 from my daughter's computer, the one I had followed
your instructions on, since now the regedit there is working.

Hope this doesn't crash again before I get an answer!

Good for you.

You need to be sure to run these suggested detection programs:

Download, install, update and do a full scan with these three free
malware detection programs:

Malwarebytes (MBAM):  http://malwarebytes.org/
SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/
AVG (AVG):  http://free.avg.com/

The first entry in your example is just plain wrong (sistem).
Hopefully that is a typo.

Those referenced files have to do with MP3 or DVD type things and they
are not the issue with the problem we are tracking here.

Let's see if you have another symptom:

Can you get to a command prompt by going to Start, Run, cmd <enter>?
If yes, just type exit to close the window.

Just report if that works or not.  We should take a look at that
entire registry value, so get back into regedit and navigate to here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32

Make sure on the left side, that the Drivers32 folder is highlighted.

Click File, Export and then pick a file name and location you can
remember.  Exit regedit.

Navigate to the file (probably with a .reg extension), right click it
and choose Edit (not Open).

The contents of the file will be displayed in some text editor, type
CTRL+a to select all, CTRL+c to copy to the clipboard, come back here
and if your next message, type CTRL+v to paste the clipboard contents
into your message.

It should look something like this in your new post, and you can see
in my example, I have similar entries to yours (without the sistem),
but those are okay.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
..
.. (more stuff)
..
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
..
.. (more stuff)
..

Jose

Even after running MBAM, I would still run SAS and AVG. One program
will not know about everything, so you should know about a couple good
ones and use them regularly.

Your problem about the administrator message trying to run regedit is
not the same as what we have been chasing here - this is new
information and a different problem.

Navigate to here: http://www.kellys-korner-xp.com/xp_tweaks.htm

Scroll down to #275 on the left hand side, double click it and save
the regtmcommand.vbs file to your desktop.

Double click the .vbs file on your desktop to run it, and you should
get an OK message.

I don't think you have to reboot, but you might.

The VBS script will undo the restrictions in the registry for regedit,
cmd, and Task Manager (even though you may not have all the problems).