|
When I go to start menu>run and type in 'regedit' it gives this 'the ntvdm cpu has encountered an illegal instruction'. After it opens up cmd and some jibberish characters pop up. I noticed that it was trying to open regedit.com so I ran cmd by itself and typed in regedit and it did the same thing. Then I tried to type regedit.exe and it worked.
How do I fix this?
(msconfig,ipconfig, etc work fine)
|
From personal experience, it seems to be some sort of virus. I remembered when I got a self-infecting virus, it wouldn't let me open regedit, but some of the other functions. The reason is probably because regedit can help delete viruses, which is the opposite of the hacker's intent.
I'm probably wrong though, so I'm curious as what is really the problem....I don't see any other reasons why you wouldn't open up regedit unless you messed something up in your registry or something.
Again...I"m not a computer person, it's just an observation. 
But if it IS a virus...usually self-infecting viruses are really hard to take out and according to Malwarebytes.Org, it usually requires a full-on system restore...
But I think if it's detected early...maybe just scan for viruses?
Or....something like Combo-Fix would work....(BUT DON'T USE IT UNLESS SOME SPECIALIST TELLS YOU! D
|
btw, the reason I was trying to get into regedit was because when I try to install this older version of AIM it never finishes the install (freezes at like 70-80%) and then won't run. I figured I needed to clean out some AOL registry files. How do I do this?
(windows xp pro sp3 )
|
regedit.com????? wtf! regedit is an exe binary file.
If you type regedit and win try to run regedit.com you have some kind of alias
edit: i mean, some malware made some alias
|
shit, this is a work comp. It seems to lag really badly too when this one file is open when I check taskmanager. If I close it resource use goes back down from 90% to like 5% or whatever.
|
On January 05 2010 08:27 coltrane wrote:
regedit.com????? wtf! regedit is an exe binary file.
If you type regedit and win try to run regedit.com you have some kind of alias
yea but it's doing that in the dos prompt, not a internet browser. I figured maybe it got changed into command file or something on accident.
|
you can try cleaning it... but could take ages. Just backup and format.
|
nono, i am talking about command line.
Open cmd and try
doskey regedit=regedit.exe
This should change the target of regedit command (in the run window or in the command shell) from regedit.com to regedit.exe
|
On January 05 2010 08:30 coltrane wrote:
you can try cleaning it... but could take ages. Just backup and format.
This is a work comp, backing up and reformatting isn't really an option.
On January 05 2010 08:34 coltrane wrote:
nono, i am talking about command line.
Open cmd and try
doskey regedit=regedit.exe
This should change the target of regedit command (in the run window or in the command shell) from regedit.com to regedit.exe
That worked ! thanks.
But also I just noticed something called ' owowexec.exe and NTVDM.exe' running that I have never seen before.
I think I need to do a virus scan and shit. anyone pro at reading HJT logs? I know what's normal, but how do I check the normal stuff to be infected? What other programs can I use besides AVG ?
PS- Whenever I print something this comp has the habit of making the printer icon on the taskbar start flashing all crazy fast and lagging, if I close spooler.exe or whatever it's called the printer won't reopen it and work.
|
get hijackthis and post the log file. I won't know what to do with it, but I'm sure there are people who do.
|
On January 05 2010 08:47 love1another wrote:get hijackthis and post the log file. I won't know what to do with it, but I'm sure there are people who do.
yea, I guess that's a good idea.
Looks pretty ugly too
Logfile of HijackThis v1.99.1
Scan saved at 4:03:54 PM, on 1/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BTB Soft\Wireless Standard\bin\wc_core.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.verizonwireless.com/]http://www.verizonwireless.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://securityresponse.symantec.com/avcenter/fix_homepage]http://securityresponse.symantec.com/avcenter/fix_homepage[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url=http://go.microsoft.com/fwlink/?linkid=39204]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url=http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab]http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab[/url]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url=http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab]http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url=http://spaces.msn.com//PhotoUpload/MsnPUpld.cab]http://spaces.msn.com//PhotoUpload/MsnPUpld.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url=http://upload.facebook.com/controls/FacebookPhotoUploader.cab]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098990443250]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098990443250[/url]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url=http://www.otoy.com/download/CAB/OTOYAX.cab]http://www.otoy.com/download/CAB/OTOYAX.cab[/url]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [url=http://web1.shutterfly.com/downloads/Uploader.cab]http://web1.shutterfly.com/downloads/Uploader.cab[/url]
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [url=https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx]https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - [url=http://cdn.digitalcity.com/_media/dalaillama/ampx.cab]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url]
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mljgd - C:\WINDOWS\system32\mljgd.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - SEIKO EPSON Corp. - C:\WINDOWS\SYSTEM32\EpStsSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
|
|
|
Hmm that looks ok to me, not sure what everything is but the stuff that I wasn't sure about came up as ok when I googled it. Try downloading ccleaner and running the registry cleaner.
|
http://www.superantispyware.com/definition/regedit/
You should download a spyware scanner and fix it. SuperAntiSpyware is nice as a freeware but I prefer Spyware Doctor because it has one of the best detections I've ever seen. (u'll need to crack it though).
In the case of the latter you should just use it as an on-demand scanner because it will slow your PC down sooo much when it's running.
|
|
|
|
|
|
EPT
