Regedit, cmd not working in XP

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
All of a sudden my machine refuses to run regedit and cmd. All that happens when I try to run them is that all the shortcuts on my desktop disappear for a few seconds, and then reappear. Same thing when I try to run Windows Commander (a Windows management program similar to the old DOS-based Norton Commander). I can get cmd to run if I rename cmd.exe to something else but no dice if I do the same with regedit or Windows Commander.

I've already goggled the problem and tried some of the suggested fixes. One involved a vbs file which adds a registry key to restore regedit permission. I've already scanned my system with Spybot S&D and it found absolutely nothing. I also ran a sfc /SCANNOW to restore any corrupt system files. I don't know if this has anything to do with it but I recently had my system up for about 38 days. Yesterday I had to reboot because suddenly (right after IE crashed) no programs ran. I would click on an icon and nothing at all happened. When I tried to restart the system went through the shutdown process but hung once it got to the blue screen. After 5 minutes of waiting I figured something was wrong so I just hit the reset button. The system restarted fine and everything seemed to work OK except for the programs mentioned earlier. One curious thing was that upon restart a window popped up asking me if I wanted to update Adobe Flash player. I think I clicked no. Any chance this might have been the cause of the problem?
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
Sounds suspicious, do you run AV?
No AV on my system. I don't have it because I don't really go to sites or do anything where I'm likely to pickup viruses. Besides, if it's malware of some sort, why didn't Spybot pick it up?

I don't think this is a virus or trojan. Some of the things I found regarding viruses causing this problem involved files named cmd.com or regedit.com. I didn't find any such files.

I don't know if this has anything to do with it but I recently updated Opera to the latest version (previous was Opera 9).
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
When the shortcuts disappear, does the start menu go as well? Sounds like explorer is crashing.
That's exactly what is happening. The start menu also disappears, and explorer.exe momentarily disappears from the list of processes in the task manager.

Fushigi,

Same thing when trying to run cmd from the task manager except the shortcuts and start menu don't disappear (but cmd doesn't start, either).

Will run the virus scan and software inspector and see if it picks up anything.
 

LiamC

Storage Is My Life
Joined
Feb 7, 2002
Messages
2,016
Location
Canberra
If the AV comes up with nothing, try running CHKDSK. The disk may have developed bad sectors and files may be corrupt
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,729
Location
Horsens, Denmark
With explorer crashing and fundamental parts of the OS not being accessible, I wouldn't waste more time digging; I would just start a re-install now.

Of course, finding the culprit can be fun, but you are likely doing it the "hard way" from here on out.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
I just finished an online virus scan (Kaspersky). No malware found. I think you're right at this point, Dave. It's probably something OS related. Now how can I do a reinstall without losing my already installed programs and settings? That's really what's motivating me to fix this problem without a complete OS reinstall. I really don't want to undo 3 years of tweaking things. Worst case I can probably live with regedit and Windows Commander (although the latter was handy for synchronizing backups) if I can't fix the problem.

I tried a restore to the registry of 03/17 yesterday but same problem. Maybe a restore to an earlier date might work?
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
Forget it then. Not worth it just to be able to get a few programs working. I can run Windows Commander from my other machine and sync backups through my network if need be. And I've already downloaded an alternate registry editor. I was hoping maybe someone else here had seen this problem already and had an easy fix. If I find one I'll post it here.
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
I'm afraid an OS reinstall would require a reinstall of everything. Best of luck.
Which OS? Vista-correct. However, with XP there is an inplace reinstall option.

XP: Boot to original disk; decline first repair option; Accept the second repair choice. It doesn't always work because the service pack on the machine must be the same as the original disk, but it is still worth a shot.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,927
Location
USA
Did you check the event viewer to see if there is anything in there that might lead you to an answer?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,729
Location
Horsens, Denmark
XP: Boot to original disk; decline first repair option; Accept the second repair choice. It doesn't always work because the service pack on the machine must be the same as the original disk, but it is still worth a shot.

That has always broken app installs for me. They still show up, but double-clicking them causes either a crash (Photoshop CS3) or a re-run of the setup program (Office 2003).
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
That has always broken app installs for me. They still show up, but double-clicking them causes either a crash (Photoshop CS3) or a re-run of the setup program (Office 2003).

Not for me, I've had good sucess. I do however, before I try apps I typically update drivers and then use Windows update and get the OS back to snuff. It does tend to take quit a bit of time because of those updates.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
That has always broken app installs for me. They still show up, but double-clicking them causes either a crash (Photoshop CS3) or a re-run of the setup program (Office 2003).

You are wrong and furthermore you can do the repair with any disc that has the same license (OEM, retail, VL) that is at of the same service pack level as the install you are repairing.

And if Adobe CS3 breaks from that it's not the fault of the repair system. I do repair installs all the damned time.
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
Add the link to the toolbox thread, that way people don't have to search to find this specific thread if they need it in the future ...
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
Event viewer shows winlogon as the source of the problem. Interestingly, now regedit comes up for about 5 seconds, and then disappears.

I'm trying the procedure Merc linked to. Will post if I find anything.
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
Hmm. That mention of SP levels got me thinking. How about re-installing the latest SP? It shouldn't hurt anything and it replaces enough stuff that whatever's crashing may just get fixed in the process. It wouldn't help if it's a malware problem or something thoroughly hosed in the registry but may help if the problem is some other form of corruption.

Also, did you run the CHKDSK as LiamC mentioned? I'd recommend CHKDSK /R, which should set up the scan to run at the next reboot and look for bad sectors.

You should also consider running a general cleanup prog like CCleaner.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,245
Location
SC
Seems to be a very through procedure, thanks for the link merc.
 

Bozo

Storage? I am Storage!
Joined
Feb 12, 2002
Messages
4,396
Location
Twilight Zone
For me the XP repair has worked even if the SP on the CD was different (older) than the installed operating system SP. It just reoves all the updates that were added after the CD SP. This is one reason some apps don't work right. They need the later updates if they were installed with them already in the operating system. A reinstall of the latest updates usually fixes them.
Unfortunatly, niether Vista and Server 2008 have this type of repair option. Neither does Windows 7. Matter of fact, I have never been able to repair any Vista or 2008 install with the boot DVD repair methods.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
The boot disc repair for Vista and later seems to be good at fixing messed up boot records or volume IDs, and that's about it.

Vista and later absolutely HAVE to have System Restore turned on. If you turn it off, you lose all your old backups, including the snapshot from the initial install.

One of the things I really, truly hated about Vista was that periodically I'd start up a Vista machine and it would need to be restored for no reason I could fathom.
 

udaman

Wannabe Storage Freak
Joined
Sep 20, 2006
Messages
1,209
You should also consider running a general cleanup prog like CCleaner.

^^^...you should also click on Merc's anti-malware link above :p


Oh joy, Internet Exploder 8 is now officially avail for d/l.

http://www.microsoft.com/windows/internet-explorer/default.aspx

Don't want to make light of jtr's problems...just thinking about Hello, I'm a PC, I'm a Mac TV ads :D.

Seems Mac OS X 10.5 is very easy to attack, only if there were more hackers wanting to do harm to Mac's :(. Supposedly upcoming Snow Leopard will address some security flaws in previous OS's, we'll see (or I will :) ).

If the OS files are corrupted, isn't there an easy way to restore preferences/tweaks jtr alluded to, once the new, copy, of the OS is installed? On the Mac, since OS X 10.4, circa 2004?, there is the 'Migration Assistant' in the initial OS start up screen that asks you if you have another drive that you want to move data from, along with Apple website registration to 'personalize' (data mine) you install (which I always force quit out of :D).

While not perfect, MA will copy over all of your OS preferences, and all other 3rd part apps/folders/data you specify so you don't have to reconfigure them all over again. Surely something like that exists for M$ products, when you want to install or upgrade to a newer OS, and need to easily move your older data/or cloning to a larger boot drive???

Sheesh, glad I don't have to use Winblows OS's very often. Tis a good Mac life.
 

udaman

Wannabe Storage Freak
Joined
Sep 20, 2006
Messages
1,209
Hmm, looks like Merc's browser of choice isn't all that secure either:


http://forums.mozillazine.org/viewtopic.php?f=38&t=1085175&st=0&sk=t&sd=a


These are probably the best forums for malware removal help. They are where the "first responders" to threats hang out.
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://www.spywareinfoforum.com/
http://bleepingcomputer.com

Do a Google search for clickfraudmanager.com and you'll find threads already discussing removal of that.
http://www.bleepingcomputer.com/forums/topic201315.html

BTW, it might be risky for you to be a "first responder" without some specific guidance from your AV vendor. I wouldn't try it myself, but then again I don't seem to pickup much crap like that - hell I don't even use a Firewall, just rely upon my Linksys router to block that stuff, along with Avast! and Super AntiSpyware catching whatever the router allow through.

For some reason, I'm getting these annoying popup windows from imdb.com that I didn't get a year ago, Camino doesn't seem to be able to block them, guess I should try Opera again...last time I used Opera 9.5b, I hated the cluttered GUI, just about as much as FF3.0
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
Hmm, looks like Merc's browser of choice isn't all that secure either:

http://forums.mozillazine.org/viewtopic.php?f=38&t=1085175&st=0&sk=t&sd=a

For some reason, I'm getting these annoying popup windows from imdb.com that I didn't get a year ago, Camino doesn't seem to be able to block them, guess I should try Opera again...last time I used Opera 9.5b, I hated the cluttered GUI, just about as much as FF3.0

Firefox 3 with flashblock and adblock will block the majority of annoying popups, ads, etc. However, if you want to go a step further install noscript and then you will never get any popups. However, I found surfing with noscript annoying as hell so I removed it.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
Hmm. That mention of SP levels got me thinking. How about re-installing the latest SP? It shouldn't hurt anything and it replaces enough stuff that whatever's crashing may just get fixed in the process. It wouldn't help if it's a malware problem or something thoroughly hosed in the registry but may help if the problem is some other form of corruption.

Also, did you run the CHKDSK as LiamC mentioned? I'd recommend CHKDSK /R, which should set up the scan to run at the next reboot and look for bad sectors.

You should also consider running a general cleanup prog like CCleaner.
Chkdsk shows no problems. In fact, Dtemp shows no reallocated sectors at all, meaning the drive hasn't even needed to use any of its spares thus far.

I think I'll install SP3 (original install was SP2) and hope that'll fix the problem. BTW, the update manager has had SP3 among the hotfixes several times but fails to install it when I do the other upgrades. This has happened several times already. Anyway, I had downloaded SP3 a while back with the intention of just installing it manually, but held off just in case there were problems with it. I'm guessing by now MS has already worked out the kinks with SP3, making it safe to install.

Oh, Avast AV found absolutely nothing on my boot drive or in memory. There were a few saved emails and two executables with viruses on my other partitions, but those never saw the light of day. It's sounding more and more like perhaps I lost something when I had to do a hard shutdown. That's when the problems started to appear.
 

udaman

Wannabe Storage Freak
Joined
Sep 20, 2006
Messages
1,209
Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari
http://blogs.zdnet.com/security/?p=2934

Heh, MacBook/Safari fell in seconds :D

Word to the wise, if you don't absolutely need to have your computer on 38hrs straight with a live internet connection, turn it off(or disconnect your connection...assuming no firewire!

Just think, as soon as SSD's hit SATA 6GB's and lower prices next year---resulting in fast shutdown/startup times, there's no excuse, other than laziness for not shutting down your computer.

AGGGH...

twitter again!

Ryan Naraine is a security evangelist at Kaspersky Lab, an anti-malware company with operations around the world. See his full profile and disclosure of his industry affiliations.
Email Ryan Naraine
For daily updates on Ryan's activities, follow him on Twitter.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
Word to the wise, if you don't absolutely need to have your computer on 38hrs straight with a live internet connection, turn it off(or disconnect your connection...assuming no firewire!
Actually, 38 days. I just was doing this out of morbid curiosity to see how long the system would remain stable. I remember max with Windows '98 was about 10 days, and usually it started getting flaky after about 5. System was actually pretty stable with XP although the commit charge kept growing (it was around 1.5GB towards the end). Good, old IE was what finally brought the system down. IE crashed, and then when I tried to close it nothing else worked. I attempted to reboot, had to do a hard shutdown instead, and the rest is history. The only reason I even opened IE was to do some eBay feedbacks (didn't work with my version of Opera). I've since upgraded Opera to the newest version, eBay works fine, probably no need to deal with IE any more at all.

Just think, as soon as SSD's hit SATA 6GB's and lower prices next year---resulting in fast shutdown/startup times, there's no excuse, other than laziness for not shutting down your computer.
I'm looking forward to that day. Although I usually shut down my system about once a week, the reason for not shutting down daily or more frequently is indeed due to the hard drive. Frequent starts are what usually in the end causes drive failures so I keep mine to a minimum. The drive is over 5 years old with only a little over 300 starts. When we have decent, affordable SSDs (hopefully in a year or two), then I'll probably shut down my system whenever I don't plan to use it for a few hours or more. No excuses as SSDs aren't affected by frequent power cycling.

AGGGH...

twitter again!
Nooooooooooooooo!

UPDATE: Now that regedit mysteriously works (for at least a few seconds), I tried making a copy of regedit.exe, renaming it, and putting the copy in another folder. Bingo! Regedit works fine this way. Cmd was already working just by renaming it. Only thing not working as far as I know is Windows Commander. I'm sure I can find a similar file management program out there which does the same thing. Bottom line-the problem still exists to some extent, but I've mostly worked around it. Will install SP3 later or tomorrow and see if it fixes the problem completely.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,729
Location
Horsens, Denmark
My main workstation regularly runs for a month at a time. I only take it down to work on it, then it goes back up. Typically it has something going on; batch processing of images, a bunch of downloads, some torrenting, video compression, whatever, every night.

JTR, just a thought. Check if Data Execution Prevention is messing with you.

1. Right-click on "My Computer" and choose "Properties"
2. Go to "Advanced" and under "Performance" choose "Settings"
3. Go to the third tab, "Data Execution Prevention" and see what the setting is. Try changing it to the top-most radio button (...essential...only...) and restart.
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
I reboot as needed. In general that means monthly after patch Tuesday if the updates necessitate a reboot and the odd reboot in between due to an app install/upgrade. My usage pattern fits a roughly 18 hour day and as I work from home most of the time, there's no downtime during the work day. (I split my work between my home & work machines, doing the web-delivered stuff on my more nicely equipped PC and the rest on the company laptop which can run the corporate VPN.)

I find little value in turning off my PC and I don't think I'm burning that much electricity leaving it on while I sleep. Also, I am still Folding. Come summer I may shut that down to reduce the heat output; I'm not sure.

Oh yeah, Windows Home Server is set to back up the home machines between midnight and 6 AM. It could use WOL but why bother? And I could shift it to during the daytime but I like it being invisible.

Just think, as soon as SSD's hit SATA 6GB's and lower prices next year---resulting in fast shutdown/startup times, there's no excuse, other than laziness for not shutting down your computer.
It would remind me of 1984, when my first PC would go from power switch to A:> prompt in 4 seconds. Most current machines can't even do their POST routines that quickly.

Actually, that's what I'm wanting to experience with the netbook I'm looking to pick up sometime. Something I can either power up or resume from hibernation quickly enough that my train of though isn't held up.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
Update:

System is still doing the same thing. No malware whatsoever found with Spybot S&D, Malwarebyte's Antimalware, Avast Antivirus, AdAware, or HijackThis. All that was found was tracking cookies and a little other relatively harmless stuff. Forgot to mention that Google searches have been being redirected at least since when the problem started.

I just did a Google Search for my problem using the search terms "Regedit, cmd not working, google searches being redirected" and it seems lots of people are experiencing this problem but are also not finding any malware which could be causing it. Then I came across this. I'll post what was written in its entirety in case the link disappears:

I noticed more ppl are seeing more or less the same effects as I did. Since this forum has been a great help, I'd thought to share my experiences.

The effects I saw were;
- google (and others) search results redirects
- AVG would not update anymore
- windows update website gives an error
- windows update from configuration screen does not start
- programs like cmd, regedit, combifix, etc would no longer run / stay running

It turned out that in registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

the "aux" value refered to a malware program. In my case it was called "C:\\WINDOWS\\system32\\..\\efumr.swr"

The solution was to use HijackThis to remove this file at boot time.

It was new malware, not recognized by any virusscanner. I already submitted it to a number of anti-virus vendors. Kasperky already responded and called the new malware "Trojan.Win32.Agent.byab".

Cheers,
Stefan


Now I didn't find the file mentioned but it's possible this Trojan is using another name by now. I'll try another online scan with Kaspersky and see if it finds anything. I'm also looking at my registry for some clues to what the file name on my PC might be.

Now if they ever find out who's responsible for this malware from hell I have my Dad's old Louisville Slugger that I would like to try out. :cursin:
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,375
Location
Flushing, New York
Reading through some other links, there has been some success making sure the registry key HKLM/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Drivers32/aux = wdmaud.drv. Mine had some junk file name in there. I fixed it via Regalyzer since Regedit wasn't working. Everything is back to normal, finally! Cmd works, regedit works, Windows Commander works, Google isn't being redirected.

Hope this helps others. The offer to test my Dad's bat on the perpetrator(s) still stands however.
 
Top