Can't run regedit

[goriladunk]

hi guys,im new here...

when i tried to run regedit,it did'nt pop up at all.it just blink for a second
and then nothing.thought this is a virus.
please help me solve this problem.
thanks..

initiate a clean
boot

then try again

It could be a most popular infestation.

Try Start, Run, cmd and click OK - does that open a command prompt
window? Yes or no.

Browse to the c:\windows folder and make a copy of regedit.exe and
call it goriladunk.exe (or something like that) and see if the copy
runs by double clicking it or from a Start, Run box. If yes, your
problem is probably malware.

Download, install, update and do a full scan with these free malware
detection programs:

The scanners may find and remove the malware, but may leave you with
parts of the problem that can be fixed easily, but you need to do the
scanning first, reboot and then see if you still have the problem with
regedit.

[goriladunk]

hmm..how to do that?sorry,im a bit slow about all this stuff.
do i need to send you my hijackthis log?if so,then..

Logfile of HijackThis v1.99.1
Scan saved at 2:02:21 AM, on 7/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\WINWORD.EXE
C:\Program Files\mIRC\IRC Bot\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\RTHDCPL.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://syaz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

first,im posting hijackthis log because i've seen most of people do that
regarding this matter when i google this problem.still,im a bit slow about this
thing.

second,im now doing a full scan with all things given by you all.hopefully these
will work.

and i've tried to make a copy of regedit.exe to gori.exe and guess what,the gori
.exe does open but the regedit.exe still can't be open.and of course,cmd can be
run.

The log is very nice, but first you need to download the two malware
scanning tools (MBAM and SAS) from those underlined links in my other
post, install them, update them with current definitions and perform a
complete scan.

This needs to happen first before we start trying to fix anything to
be sure we are working on a system that does not have obvious malware
infections. They may relieve you of your problem right away!

They are safe, free and can be uninstalled later if you want.

Why do you think you need to be running regedit in the first place?

Do the downloads and stuff first, please.

don't need your log.

but I guess you are
assuming that your
system has been
hijacked.

but infections are not
always the cause for
poor performance or
system instability.

in regards with "how
to do something to
the Microsoft operating
system"

you can go to microsoft.com
and look up solutions.

for example, you can
look up something like
"cannot access registry"

or

"what is a clean boot"

-----------

the reason I suggested a
clean boot is to ensure that
you had no processes running
that may be blocking access
to the registry or system files.

Your system is infected with spyware, follow the advice given to you by
Jose. You also need to fix your AVG because it is not protecting your
computer. After that get SP3.

He didn't say send me your Hijackthis, what make you assume that?
Your machine is a heaven for malware/trojan downloader , because you keeping
installing free pies from untrusted parties?
First, stop downloading software and run a through clean for malware and
viruses.

Unexplained computer behaviour may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a thorough scan by doing the following steps:

Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Click [OK] to close the IE properties window.

Scan for malware from here:
SuperAntispyware - Free

Run a scan from here on-line:
Download Avast Cleaner (offline scanner) from here:
Comodo BOClean : Anti-Malware Version 4.27

If still no joy after doing the clean up, try to get the error messages from
Event Viewer.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.Microsoft.com/kb/308427/en-us

If you want further help and you are serious about this issue, try the
hijackthis tool.
Download the Hijackthis and send the report to one of
many forums for analysis and troubleshooting or you can send it to me on my
email provided at the bottom:
When all else fails, HijackThis v2.0.2

Can you please send me a copy at to_you_rossREMOVETHISCAPS@yahoo.co.uk ,
remove the obvious to email me, note ( _ it is underscore not - ).

if this is the problem I have fixed 37 times, you can help pinpoint
exactly by following the instructions.

The HijackThis log is just a log file... a report. It fixes nothing
without a human intervention we have not even done the basics yet.

Besides, your HijackThis is an old version and you are not on Windows
XP Service Pack 3. SP3 is pretty important and the HijackThis log is
not needed unless the basic steps fail. I will look at it for
practice.

So, please perform the following and then let's see where things are:

Try Start, Run, cmd and click OK - does that open a command prompt
window? Yes or no.

Browse to the c:\windows folder and make a copy of regedit.exe and
call it goriladunk.exe (or something like that) and see if the copy
runs by double clicking it or from a Start, Run box. Does the
Registry Editor window open? Yes or no.

Download, install, update and do a full scan with these free malware
detection programs:
Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

The scanners may find and remove the malware, but may leave you with
parts of the problem that can be fixed easily, but you need to do the
scanning first, reboot and then see if you still have the problem with
regedit.

No they don't. And you won't see anyone asking for it here either,
because this isn't the place for posting those logs.

I strongly advise you to send your Hijackthis log to a professional forum
for analysis and a thorough clean!
What you have is Trojan backdoor BDST, vundo variants and other malware.
There will be a batch file to resurrect the beast again!!!
Be warned or wipe out the machine clean to get rid of the infection.

You are fortunate that the scan resolved the problem - sometimes
ultimate resolution requires a little more effort, but it is important
to run the scans first.

Running other executables can also exhibit this problem (like cmd)
which is why I wanted you to try that as well.

It is the name of the program that is the issue (regedit.exe, cmd.exe,
etc.). This is why a copy of the program with a different name will
usually work and is a good test to see if it is the program or just
the name of the program.

This particular malware only cares about the name of the program.

HijackThis log commentary is inappropriate here but there are places
to get that done.

Please verify that the real regedit.exe runs (not just the copy).

If you want your HijackLog interpreted, you should get the current
version of HijackThis and also install XP SP3 or people will be
reluctant to even start looking at it.

well, I wouldn't go that
far.

hijack logs have been
posted and used to
show people what
entries can be
removed.