Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Broken


  • Please log in to reply
8 replies to this topic

#1 Bristles

Bristles

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Minnesota
  • Local time:08:39 PM

Posted 01 March 2006 - 02:34 AM

Okay, now I consider myself fairly knowledgeable about computers and PC safety, but this has baffled me, and not only that, but rendered my computer basically useless.
I'll try to explain as best possible:
I think my registry was changed, and in a way that I cannot run .exe files and many programs that use .exe files to operate. How this happened I am not sure, but I believe it was due to an infection. My AdAware picked up about 50 registry changes which I promptly blocked just before this happened, but to no avail; the computer was crap.
After several frustrating attempts to do a system restore and several restarts, I'm here, asking for your help. Explorer works, so I managed to use the navigation bar as an internet explorer, and I also have found a way to initiate my dial-up. So I can get to the internet. I cannot install new .reg files automatically, as regedit.exe is in fact an .exe file. Doesn't work at all. Is there any way I can find my backed up registry files, and MANUALLY import them?
Does anyone know what is going on?
What can I do?
Please help.

I should note that my CD-ROM drive does not function, and nor does my floppy drive.
I cannot open any control panel files either.

Thanks for your time, please reply promptly, if at all possible.

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:39 PM

Posted 01 March 2006 - 02:46 AM

See if this helps:
Cannot run EXE files - Programs don't open
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Bristles

Bristles
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Minnesota
  • Local time:08:39 PM

Posted 01 March 2006 - 03:12 AM

that would work, except that my .com files are also not working.
I need a way to repair ALL of my filetypes at once.
but trying that did let me know that .com doesn't work either, so I can't open command from run

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:08:39 PM

Posted 01 March 2006 - 10:57 AM

Try using XP's system restore.

If that doesn't work and if you have ever backed up your registry (using Spybot, CCleaner or any other ap that you may have used to backup the registry), try to restore it.

If that isn't workable you probably have to wipe the disk and reinstall Windows.

#5 pascor22234

pascor22234

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 01 March 2006 - 12:17 PM

Here is a script to fix running of .EXE file.
Copy & paste eveything between the row of equal signs to a file called ExeFix.reg and then double-click the file to merge it into the Registry.
========================================
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\regfile]
@="Registration Entries"
"EditFlags"=dword:00100000
"BrowserFlags"=dword:00000008

[HKEY_CLASSES_ROOT\regfile\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\
2c,00,31,00,00,00

[HKEY_CLASSES_ROOT\regfile\shell]
@="open"

[HKEY_CLASSES_ROOT\regfile\shell\edit]

[HKEY_CLASSES_ROOT\regfile\shell\edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\
00

[HKEY_CLASSES_ROOT\regfile\shell\open]
@="Mer&ge"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\regfile\shell\print]

[HKEY_CLASSES_ROOT\regfile\shell\print\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\
00,25,00,31,00,00,00

[HKEY_CLASSES_ROOT\.lnk]
@="lnkfile"

[HKEY_CLASSES_ROOT\.lnk\ShellEx]

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellNew]
"Command"="rundll32.exe appwiz.cpl,NewLinkHere %1"

[HKEY_CLASSES_ROOT\lnkfile]
@="Shortcut"
"EditFlags"=dword:00000001
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}]
@="Shortcut"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32]
@="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID]
@="lnkfile"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]
========================================

Here is a script to set all file associations to the XP defaults.
Save the text to a file named XPdefaults.bat and then double-click it:
========================================
assoc.323=h323file
assoc.386=vxdfile
assoc.aca=Agent.Character.2
assoc.acf=Agent.Character.2
assoc.acs=Agent.Character2.2
assoc.acw=acwfile
assoc.ai=
assoc.aif=AIFFFile
assoc.aifc=AIFFFile
assoc.aiff=AIFFFile
assoc.ani=anifile
assoc.aps=
assoc.asa=aspfile
assoc.ascx=
assoc.asf=ASFFile
assoc.asm=
assoc.asmx=
assoc.asp=aspfile
assoc.aspx=
assoc.asx=ASXFile
assoc.au=AUFile
assoc.AudioCD=AudioCD
assoc.avi=avifile
assoc.bat=batfile
assoc.bfc=Briefcase
assoc.bin=
assoc.bkf=msbackupfile
assoc.blg=PerfFile
assoc.bmp=Paint.Picture
assoc.bsc=
assoc.c=
assoc.cab=CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}
assoc.cat=CATFile
assoc.cda=CDAFile
assoc.cdf=ChannelFile
assoc.cdx=aspfile
assoc.cer=CERFile
assoc.cgm=
assoc.chk=chkfile
assoc.chm=chm.file
assoc.clp=clpfile
assoc.cmd=cmdfile
assoc.cnf=ConferenceLink
assoc.com=comfile
assoc.cpl=cplfile
assoc.cpp=
assoc.crl=CRLFile
assoc.crt=CERFile
assoc.css=CSSfile
assoc.csv=
assoc.CTT=MessengerContactList
assoc.cur=curfile
assoc.cxx=
assoc.dat=
assoc.db=dbfile
assoc.dbg=
assoc.dct=
assoc.def=
assoc.der=CERFile
assoc.DeskLink=CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}
assoc.dib=Paint.Picture
assoc.dic=
assoc.diz=
assoc.dll=dllfile
assoc.dl_=
assoc.doc=WordPad.Document.1
assoc.dos=
assoc.dot=
assoc.drv=drvfile
assoc.dsn=MSDASQL
assoc.dun=dunfile
assoc.DVD=DVD
assoc.emf=emffile
assoc.eml=Microsoft Internet Mail Message
assoc.eps=
assoc.exe=exefile
assoc.exp=
assoc.ex_=
assoc.eyb=
assoc.fif=
assoc.fnd=fndfile
assoc.fnt=
assoc.Folder=Folder
assoc.fon=fonfile
assoc.ghi=
assoc.gif=giffile
assoc.grp=MSProgramGroup
assoc.gz=
assoc.h=
assoc.hhc=
assoc.hlp=hlpfile
assoc.hpp=
assoc.hqx=
assoc.ht=htfile
assoc.hta=htafile
assoc.htc=
assoc.htm=htmlfile
assoc.html=htmlfile
assoc.htt=HTTfile
assoc.htw=
assoc.htx=
assoc.hxx=
assoc.icc=icmfile
assoc.icm=icmfile
assoc.ico=icofile
assoc.idb=
assoc.idl=
assoc.idq=
assoc.iii=iiifile
assoc.ilk=
assoc.imc=
assoc.inc=
assoc.inf=inffile
assoc.ini=inifile
assoc.ins=x-internet-signup
assoc.inv=
assoc.inx=
assoc.in_=
assoc.isp=x-internet-signup
assoc.its=ITS File
assoc.IVF=IVFFile
assoc.java=
assoc.jbf=
assoc.jfif=pjpegfile
assoc.job=JobObject
assoc.jod=Microsoft.Jet.OLEDB.4.0
assoc.jpe=jpegfile
assoc.jpeg=jpegfile
assoc.jpg=jpegfile
assoc.JS=JSFile
assoc.JSE=JSEFile
assoc.latex=
assoc.lib=
assoc.lnk=lnkfile
assoc.local=
assoc.log=txtfile
assoc.lwv=LWVFile
assoc.m14=
assoc.m1v=mpegfile
assoc.m3u=m3ufile
assoc.man=
assoc.manifest=
assoc.MAPIMail=CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
assoc.mdb=
assoc.mht=mhtmlfile
assoc.mhtml=mhtmlfile
assoc.mid=midfile
assoc.midi=midfile
assoc.mmf=
assoc.mmm=MPlayer
assoc.mov=
assoc.movie=
assoc.mp2=mpegfile
assoc.mp2v=mpegfile
assoc.mp3=mp3file
assoc.mpa=mpegfile
assoc.mpe=mpegfile
assoc.mpeg=mpegfile
assoc.mpg=mpegfile
assoc.mpv2=mpegfile
assoc.msc=MSCFile
assoc.msg=
assoc.msi=Msi.Package
assoc.msp=Msi.Patch
assoc.MsRcIncident=MsRcIncident
assoc.msstyles=msstylesfile
assoc.MSWMM=Windows.Movie.Maker
assoc.mv=
assoc.mydocs=CLSID\{ECF03A32-103D-11d2-854D-006008059367}
assoc.ncb=
assoc.nfo=MSInfo.Document
assoc.nls=
assoc.NMW=T126_Whiteboard
assoc.nsc=
assoc.nvr=
assoc.nws=Microsoft Internet News Message
assoc.obj=
assoc.ocx=ocxfile
assoc.oc_=
assoc.odc=
assoc.otf=otffile
assoc.p10=P10File
assoc.p12=PFXFile
assoc.p7b=SPCFile
assoc.p7c=certificate_wab_auto_file
assoc.p7m=P7MFile
assoc.p7r=SPCFile
assoc.p7s=P7SFile
assoc.pbk=pbkfile
assoc.pch=
assoc.pdb=
assoc.pds=
assoc.pfm=pfmfile
assoc.pfx=PFXFile
assoc.php3=
assoc.pic=
assoc.pif=piffile
assoc.pko=PKOFile
assoc.pl=
assoc.plg=
assoc.pma=PerfFile
assoc.pmc=PerfFile
assoc.pml=PerfFile
assoc.pmr=PerfFile
assoc.pmw=PerfFile
assoc.pnf=pnffile
assoc.png=pngfile
assoc.pot=
assoc.pps=
assoc.ppt=
assoc.prf=prffile
assoc.ps=
assoc.psd=
assoc.psw=PSWFile
assoc.qds=SavedDsQuery
assoc.rat=ratfile
assoc.rc=
assoc.RDP=RDP.File
assoc.reg=regfile
assoc.res=
assoc.rle=
assoc.rmi=midfile
assoc.rnk=rnkfile
assoc.rpc=
assoc.rsp=
assoc.rtf=rtffile
assoc.sam=
assoc.sbr=
assoc.sc2=
assoc.scf=SHCmdFile
assoc.scp=txtfile
assoc.scr=scrfile
assoc.sct=scriptletfile
assoc.sdb=appfixfile
assoc.sed=
assoc.shb=DocShortcut
assoc.shs=ShellScrap
assoc.shtml=
assoc.shw=
assoc.sit=
assoc.snd=AUFile
assoc.spc=SPCFile
assoc.spl=ShockwaveFlash.ShockwaveFlash
assoc.sql=
assoc.sr_=
assoc.sst=CertificateStoreFile
assoc.stl=STLFile
assoc.stm=
assoc.swf=ShockwaveFlash.ShockwaveFlash
assoc.sym=
assoc.sys=sysfile
assoc.sy_=
assoc.tar=
assoc.text=
assoc.tgz=
assoc.theme=themefile
assoc.tif=TIFImage.Document
assoc.tiff=TIFImage.Document
assoc.tlb=
assoc.tsp=
assoc.tsv=
assoc.ttc=ttcfile
assoc.ttf=ttffile
assoc.txt=txtfile
assoc.UDL=MSDASC
assoc.uls=ulsfile
assoc.URL=InternetShortcut
assoc.VBE=VBEFile
assoc.vbs=VBSFile
assoc.vbx=
assoc.vcf=vcard_wab_auto_file
assoc.vxd=vxdfile
assoc.wab=wab_auto_file
assoc.wav=soundrec
assoc.wax=WAXFile
assoc.wb2=
assoc.webpnp=webpnpFile
assoc.WHT=Whiteboard
assoc.wk4=
assoc.wll=
assoc.wlt=
assoc.wm=ASFFile
assoc.wma=WMAFile
assoc.wmd=WMDFile
assoc.wmf=wmffile
assoc.wmp=WMPFile
assoc.wms=WMSFile
assoc.wmv=WMVFile
assoc.wmx=ASXFile
assoc.wmz=WMZFile
assoc.wpd=
assoc.wpg=
assoc.wri=wrifile
assoc.wsc=scriptletfile
assoc.WSF=WSFFile
assoc.WSH=WSHFile
assoc.wsz=
assoc.wtx=txtfile
assoc.wvx=WVXFile
assoc.x=
assoc.xbm=
assoc.xix=
assoc.xlb=
assoc.xlc=
assoc.xls=
assoc.xlt=
assoc.xml=xmlfile
assoc.xsl=xslfile
assoc.z=
assoc.z96=
assoc.zap=zapfile
assoc.ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
assoc.zip=CompressedFolder
========================================

#6 pascor22234

pascor22234

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 01 March 2006 - 02:39 PM

Here are 2 links to the downloads of the registry mod and batch default
association files listed out immediately above:

EXE file registry fix: http://www.kellys-korner-xp.com/xp_tweaks.htm
line 12 on the left

Default XP file associations batch file:
http://www.dougknox.com/xp/tips/xp_easy_file.htm

Using these links are a bit easier than cutting-and-pasting. :thumbsup:

Edited by pascor22234, 01 March 2006 - 02:41 PM.


#7 Bristles

Bristles
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Minnesota
  • Local time:08:39 PM

Posted 02 March 2006 - 07:43 PM

Okay, so I managed to get those registry fixes put in, and now there's a new problem.
Something is changing the registry files back to broken immediately after I fix them.
Basically, totally new problem.
What I need now is to figure out what virus or whatever is doing this and fix it, does anybody know what it could be and where there might be a fix for it?

#8 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:39 PM

Posted 02 March 2006 - 08:29 PM

I suggest you post a HijackThis log for examination, Bristles.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#9 Bristles

Bristles
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:Minnesota
  • Local time:08:39 PM

Posted 02 March 2006 - 11:41 PM

I can't run batch files...
How do I fix that? Because I need to fix that in order to continue following the solution to my problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users