Regedit

Bman

OSNN Veteran Original
Joined
Jul 1, 2002
Messages
8,799
#2
You mean, you open up "regedit", in the run area....and it opens, and then crashes, dosen't open at all.....stays open for like 2 seconds, and just closes without any messages?
 

kcnychief

█▄█ ▀█▄ █
Political User
Joined
Apr 8, 2005
Messages
16,948
#4
Rather odd, I would post a HJT log.

Anything in event viewer?

May also be worth trying to login with another profile to see if it's specific to your own user profile.
 

Jewelzz

OSNN Godlike Veteran
Joined
Mar 5, 2002
Messages
10,977
#5
HJT log
Logfile of HijackThis v1.99.1
Scan saved at 12:22:49 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\MSNMSGR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\MSNMES~1\MSNMSGR.EXE
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Thunderbird-Tray\TBTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRAM FILES\AZUREUS\AZUREUS.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [showwnd] showwnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSN Messenger Service A] MSNMSGR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [MSN Messenger Service A] MSNMSGR.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F6787F1-80F1-45F4-ACC6-132C7F03E83D}: NameServer = 209.55.0.110,209.55.1.220
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
I don't see anything in the event viewer and there's only one profile on this PC.
 

Admiral Michael

Michaelsoft Systems CEO
Joined
Feb 19, 2003
Messages
3,123
#9
I know I had a similiar problem on a friend's computer. But it also affected Task Manager, and msconfig. turns out it was some sort of virus or something that was called scvhost (not SVChost as it should be).
 

Jewelzz

OSNN Godlike Veteran
Joined
Mar 5, 2002
Messages
10,977
#10
Does Task Manager and/or command prompt (start > run > cmd) work?

If none of them work a restriction has perhaps been placed on these items and running this file should fix it.

Lift Restrictions - TM, Regedit and CMD
Didn't work

I know I had a similiar problem on a friend's computer. But it also affected Task Manager, and msconfig. turns out it was some sort of virus or something that was called scvhost (not SVChost as it should be).
There are about 5 or 6 svchost.exe's running
 

rotjong

OSNN Senior Addict
Joined
Jan 24, 2004
Messages
573
#11
There are about 5 or 6 svchost.exe's running
That's not surprising. I have 8 svchost.exe's.

Something stood out to me, though.

C:\WINDOWS\system32\MSNMSGR.EXE
There's no logical reason I can see for Messenger to be in the System32 directory since it should be in 'Program Files' under it's own sub-dir. So from there it led me to:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KX&VSect=T
and
http://www.sophos.com/security/analyses/w32rbotjz.html. For more links check do a Google search for "MSNMSGR.EXE" and reference to it being dropped in the System32 directory.

Check it out. Hopefully it will help you. If not, my apologies.

rotjong
 
Last edited:

Admiral Michael

Michaelsoft Systems CEO
Joined
Feb 19, 2003
Messages
3,123
#12
Well I have both Windows Messenger and Live Messenger. Windows Messenger is in C:\Program Files\Messenger and the other is C:\Program Files\MSN Messenger so rotjong may be on to something.

EDIT: Windows Messenger is even in the list under the suspected entry.

C:\WINDOWS\system32\MSNMSGR.EXE
C:\Program Files\Messenger\msmsgs.exe
 

GoNz0

NTFS Stoner
Joined
Mar 4, 2002
Messages
2,781
#13
search for regedit, copy it to c:\
rename it to regedit.cmd (may have to show hidden file types in folder options) see if it stays open with the new .cmd on it

an old trick, so may not work.

Well I have both Windows Messenger and Live Messenger. Windows Messenger is in C:\Program Files\Messenger and the other is C:\Program Files\MSN Messenger so rotjong may be on to something.

EDIT: Windows Messenger is even in the list under the suspected entry.
agreed, shouldnt be in the system32 folder, its telling it to start with no path so it will default to system32, and its already telling the legit verson to start, so it must be the problem.

will have to safe mode to shift those !
 
Last edited by a moderator:

Jewelzz

OSNN Godlike Veteran
Joined
Mar 5, 2002
Messages
10,977
#14
Followed what rotjong posted, up to a point. Nothing was in the registry but I did end the program MSNMSGR.EXE then deleted it out of the system32 folder, well deleted first then was able to open regedit. Kudos and reps to you all for replying and helping.
 

rotjong

OSNN Senior Addict
Joined
Jan 24, 2004
Messages
573
#15
Followed what rotjong posted, up to a point. Nothing was in the registry but I did end the program MSNMSGR.EXE then deleted it out of the system32 folder, well deleted first then was able to open regedit. Kudos and reps to you all for replying and helping.
Glad this helped.

There are a number of references online to this file in the System32 directory and having problems opening regedit and msconfig but I really didn't find an answer as to what it was.

rotjong
 

kcnychief

█▄█ ▀█▄ █
Political User
Joined
Apr 8, 2005
Messages
16,948
#19
Glad to see it got sorted, and nice catch to rotjong.

Jewelz, fwiw, even if there is only one user profile you could still create another at the drop of a hat for testing. Obviously in this case it may not have applied, unless the file was tied to your profile only which I doubt.
 

Jewelzz

OSNN Godlike Veteran
Joined
Mar 5, 2002
Messages
10,977
#20
I know I can create another profile, just being lazy :s

The PC is a Gateway EP, BixFix has something to do with them, their spying on me :eek:
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,979
Messages
673,325
Members
89,020
Latest member
Amanda99