The FULL solution, part I
Welcome to K's tech support.I edited the following transcript so it only includes relevant topics, but ALL of what we talked about is still here. I left everything here so others can see the path we went through to solve the problem; if the final solution does not work completely (which mainly entails downloading two parts of my registry from my site and merging it with your own via regedit's import command), you still have a lot of other things to try. Lots of goodies.
This transcript will be in two parts because the maximum thread length for the forums is 20,000 characters. I am entering HTML code here and was told I have 77,848 characters I tried to submit. And it doesn't accept HMTL... You all will just have to suffer through non-color-coded text. Without HTML, it's only 25,866 characters... Anyway, here's the transcript, part one:
========================================================
Kaine (11:08:25 AM): Okay. Can you boot the Win2K computer into safe mode.
General Chaos (11:08:38 AM): yea I was about to try that out and see what happens
General Chaos (11:08:53 AM): seeing if I can rename the regedit in explorer, but I doubt it
Kaine (11:08:57 AM): Try it and see if you can open files of "com" or "exe" extension.
Kaine (11:09:02 AM): Okay.
General Chaos (11:10:04 AM): I dont think you can change the extension without cmd
General Chaos (11:10:09 AM): unless you know a way
Kaine (11:10:28 AM): Do you have Windows configured to see file extensions?
General Chaos (11:10:43 AM): no i dont
Kaine (11:11:05 AM): Tools : Options : (uncheck) Hide extensions for known types.
General Chaos (11:11:12 AM): lol didnt even know you could, makes me feel stupid..oh well learned something today :-)
Kaine (11:11:43 AM): Then press F2 once regedit is highlighted and rename it. Windows will complain, but tell it it's no big deal.
Kaine (11:16:30 AM): I have not received a reply yet. I hope something good is happening and that I didn't catch your last transmit and you're waiting for my reply.
General Chaos (11:18:47 AM): well I got the regedit open using .com
General Chaos (11:18:58 AM): went to where you said, for the .exe folder
Kaine (11:19:02 AM): Very good. Now, look for those keys.
General Chaos (11:19:17 AM): but then there not sure what your talking about because theres basically nothing there except "default"
Kaine (11:19:58 AM): Before you do anything, mind exporting the .exe hive to me so I can see if it's different? I want to know what program was causing the association.
General Chaos (11:20:04 AM): or (default) I should say, im not great with the registry so if theres something a little more advanced to be done in here you might have to walk me through, but ill learn easy
General Chaos (11:20:40 AM): I made a backup reg, might have to email it
Kaine (11:20:47 AM): To export a hive (folder), click on the folder and go to File : Export and save it somewhere.
General Chaos (11:21:06 AM): export just the exe?
General Chaos (11:21:09 AM): folder
Kaine (11:21:11 AM): My forum and tech support address is Kaine@phoenixpo.com.
Kaine (11:21:19 AM): Just the .exe folder.
Kaine (11:21:29 AM): (Contents will be exported with it.)
General Chaos (11:22:12 AM): ok I dont have a file menu, so I selected the exe hive, registry>export registry file right
Kaine (11:22:22 AM): Yeah.
Kaine (11:22:51 AM): I'm doing this off memory while I work on something for work that amounts to taking white-out to a PDF file.
General Chaos (11:23:02 AM): lol
Kaine (11:23:37 AM): It's easy and I don't have much to do and get paid well over what I would normally request; live is good.
General Chaos (11:23:54 AM): ok should be sent
General Chaos (11:24:10 AM): yea, right now I just scan stuff
Kaine (11:24:44 AM): Crap. You'll have to zip it or send it again. I forgot that MS Outlook has a hissy fit with MS Access databases and registry files.
General Chaos (11:24:50 AM): its no career, but itll be making my way through college and pay the pills, im younger, not sure about yourself
Kaine (11:24:55 AM): Tell me which you will do before you send it.
General Chaos (11:25:11 AM): you got winrar
General Chaos (11:25:24 AM): ehh nvm I can just zip
Kaine (11:25:27 AM): Doesn't matter. I can open just about anything.
General Chaos (11:25:59 AM): sent
Kaine (11:26:18 AM): I'm the older brother, in Master's program. This job is a two-month GA position at the MBA office earning more than some people make out of college.
Kaine (11:26:23 AM): Let's see...
Kaine (11:27:21 AM): WAS there anything in that directory?
Kaine (11:27:28 AM): I'm not reading anything.
General Chaos (11:27:43 AM): dont think so
General Chaos (11:27:55 AM): I get the feeling HJT nuked it, if anything
Kaine (11:28:27 AM): HJT?
General Chaos (11:28:28 AM): dont know wtf I would have clicked on
General Chaos (11:28:32 AM): highjack this
Kaine (11:28:56 AM): What, the program that claimed the file association?
General Chaos (11:29:25 AM): HJT is used to remove spyware, but its a really dangerous program if you dont know what your doing with it
General Chaos (11:29:37 AM): but I do, so I must have clicked something on accident
General Chaos (11:29:46 AM): and I cant even run the program to do the backup
Kaine (11:29:46 AM): I bet. Anyway, was there anything in the .exe folder?
General Chaos (11:29:58 AM): no
General Chaos (11:30:06 AM): unless I somehow did something
Kaine (11:30:08 AM): All right. Let's do it this way:
General Chaos (11:30:14 AM): not gonna rule anything out
Kaine (11:30:55 AM): Right-click in the pane to the right and choose New : String Value.
Kaine (11:31:12 AM): Name it "Content Type"
General Chaos (11:31:33 AM): ok
Kaine (11:31:37 AM): The value (double-click on it) will be "application/x-msdownload"
General Chaos (11:32:18 AM): then what
Kaine (11:32:51 AM): Do the same thing where I indicated the other key needs to go.
Kaine (11:33:07 AM): My Computer\HKEY_LOCAL_MACHINE\SOFTWAR E\Classes\.exe"
Kaine (11:33:18 AM): Without the quote.
Kaine (11:33:33 AM): If you'll notice, I'm just adding it manually.
General Chaos (11:33:45 AM): its already in the other spot
Kaine (11:33:56 AM): But with what else?
General Chaos (11:34:26 AM): in local machine its just that and default
Kaine (11:34:34 AM): Good.
Kaine (11:34:58 AM): My Computer\HKEY_LOCAL_MACHINE\SOFTWAR E\Classes\
General Chaos (11:35:23 AM): right there is just default
Kaine (11:35:29 AM): Go to My Computer\HKEY_LOCAL_MACHINE\SOFTWAR E\Classes\ and export the entire directory and contents somewhere. This is my insurance to do something major later if this does not work.
Kaine (11:35:48 AM): After this, try restarting the computer and seeing what happens.
General Chaos (11:36:11 AM): alright
General Chaos (11:50:53 AM): ok well that didnt work, and then I thought i was sweet when I realised im a dumbass and can just rename anything .com, so i can do my job but I need to fix this still
General Chaos (11:51:05 AM): I redid all the backups
General Chaos (11:51:10 AM): in HJT, but its still broke
Kaine (11:51:37 AM): Try this. Open what you exported in Windows Notepad.
General Chaos (11:51:47 AM): which one
Kaine (11:51:59 AM): Mrf?
General Chaos (11:52:13 AM): the exe.reg I sent you?
Kaine (11:52:24 AM): No, the other one I told you to back up.
General Chaos (11:52:39 AM): ok
Kaine (11:53:03 AM): Do a replace command in notepad for the following:
Kaine (11:53:14 AM): Replace
My Computer\HKEY_LOCAL_MACHINE\SOFTWAR E\Classes\
Kaine (11:53:36 AM): With:
My Computer\HKEY_CLASSES_ROOT\
General Chaos (11:53:51 AM): replcae all?
General Chaos (11:53:55 AM): replace
Kaine (11:53:57 AM): Oh yes.
Kaine (11:54:02 AM): Everything.
General Chaos (11:54:08 AM): ok, should be done
Kaine (11:54:26 AM): Save that and close notepad. Open the Registry again.
Kaine (11:54:55 AM): I'm assuming HKEY_LOCAL_MACHINE is a backup of what you had in HKEY_CLASSES_ROOT.
General Chaos (11:55:10 AM): open the registry bakc up in notepad or regedit
Kaine (11:55:22 AM): Therefore, what I asked you to do in notepad was to switch everything to HKEY_CLASSES_ROOT for an import.
Kaine (11:55:40 AM): Open "regedit.com" like you did before.
General Chaos (11:56:11 AM): and thanks in advance for all this, I know its probably a pain in the ass for you
Kaine (11:56:41 AM): It's fun, actually; a Rubics Cube.
General Chaos (11:57:01 AM): so do what exactly in regedit
Kaine (11:57:04 AM): And thank you for thanking me. Many don't seem to do so.
Kaine (11:57:10 AM): When you are there, highlight the My Computer/HKEY_CLASSES_ROOT and export it as something else. I like backups for something this tricky.
General Chaos (11:57:47 AM): ok
Kaine (11:57:52 AM): After this, import the file you changed in Notepad. It may ask if you want to merge it or whatever; you do.
General Chaos (11:58:17 AM): so...im basically copying the local machine layout to the root layout
Kaine (11:58:27 AM): Yep.
Kaine (11:58:42 AM): Copyig the other backup from one point in the Registry to the other.
General Chaos (11:58:58 AM): ehh
Kaine (11:59:19 AM): Ah, that's basically what we're doing; that wasn't another step, just then.
General Chaos (11:59:26 AM): cannt import ....not all data was sucessfully written to the registry, some keys are open by the same system or other processes
Kaine (11:59:55 AM): Hmm... In other words, some other programs are accessing the Registry.
Kaine (12:00:11 PM): Let's see what you have on start up (I was going to do this anyway).
Kaine (12:00:22 PM): I don't think you can do Start : Run : msconfig
General Chaos (12:00:35 PM): nah 2000 dont have that I think
General Chaos (12:00:40 PM): kinda sucks
General Chaos (12:00:52 PM): I mightknow of a program to tell me though
Kaine (12:00:57 PM): Well, we can do it the old-fashioned way.
Kaine (12:01:15 PM): msconfig is actually just a cute front end for the Registry.
General Chaos (12:01:19 PM): ok, dont know that way so learning time
General Chaos (12:01:37 PM): do you care if I take my lunch right now? hate ot cut you off
General Chaos (12:01:52 PM): I only take about 10-15 minutes
Kaine (12:02:03 PM): Here's the hive address:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Kaine (12:02:31 PM): Um... Let's do this because I was going to have you restart after these two hives anyway.
General Chaos (12:02:38 PM): ok no problem
General Chaos (12:03:20 PM): well im in that address and its just default
Kaine (12:03:58 PM): Like I said, there are two hives. The "data" portion here represents the program that will start when Windows does. If you're suspicious of anything, modify the data by putting "(((disabled)))" before the program's path; I don't want anything deleted if I can help it.
Kaine (12:04:15 PM): Okay. Use the same direction for the other hive. Let me type it.
General Chaos (12:04:48 PM): so do nothing in HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run
Kaine (12:05:00 PM): Because there is nothing.
Kaine (12:05:02 PM): HKEY_LOCAK_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
General Chaos (12:05:03 PM): ok
General Chaos (12:06:20 PM): alright we got
Kaine (12:06:52 PM): So you edited the DATA values of what you wanted?
General Chaos (12:06:55 PM): do you know what wcmdmgr is?
Kaine (12:07:01 PM): Or, rather, didn't want?
Kaine (12:07:17 PM): Disable it; it's not required.
General Chaos (12:07:21 PM): well theres only 2 things in here that I dont know for sure what it is
Kaine (12:07:37 PM): Those are prime candidates for disabling.
General Chaos (12:07:56 PM): so I do "(((disabled))) C:\..." or (((disabled))) "C:\..."
Kaine (12:08:15 PM): "(((disabled)))c:\myprog.exe"
General Chaos (12:08:20 PM): ok
General Chaos (12:08:27 PM): ill just get rid of them all, wasting my ram
Kaine (12:09:10 PM): Your choice. I shouldn't hurt anything.
Kaine (12:09:19 PM): Also, make sure there isn't anything in your start menu under "startup" that will run. After this, the only thing left that we have not gone over are the Windows system files under "sysedit.exe". We might look at them later if we need.
General Chaos (12:09:32 PM): these are things I usually get rid of in task manager anyway, didnt know how to edit startup in 2k
General Chaos (12:09:50 PM): one question
Kaine (12:10:08 PM): Okay.
General Chaos (12:10:09 PM): in this folder should it have another folder tree under run that is "OptionalComponents"
Kaine (12:10:48 PM): As long as that hive has "IMAIL", "MAPI", and "MSFS" only.
General Chaos (12:10:52 PM): ok
Kaine (12:10:58 PM): They'll have some keys, and that's fine.
Kaine (12:11:18 PM): Have a nice lunch, restart, and if that doesn't work, look at safe mode and check it out. Also see if system restore can come up if that doesn't work (just curious).
General Chaos (12:11:42 PM): alright I will see what happens, be back in a bit, thanks again
General Chaos (12:32:36 PM): well it still looks bad
General Chaos (12:32:47 PM): :-(
Kaine (12:32:53 PM): Hmm... Even while restarted?
General Chaos (12:33:00 PM): yup
General Chaos (12:33:15 PM): now my allergies going crazy >
Kaine (12:33:43 PM): Whoo, boy.
Kaine (12:33:55 PM): Can you get system restore open?
General Chaos (12:34:08 PM): so bear with me if im a little delayed, sneezing like crazy
General Chaos (12:34:46 PM): not sure how to do in on 2000, dont you need a disc for that anyway?
General Chaos (12:35:15 PM): I dont know how to get into safe mode either on 2k, and forget what button to push on startup
General Chaos (12:35:33 PM): to see if itll work there, or if theres anything I should poke around at
General Chaos (12:35:53 PM): im feeling really noobie today hehe, but im really not, just forgetting the simple things
Kaine (12:35:54 PM): It's F8, I believe. If not, it's F6.
General Chaos (12:36:35 PM): shall i try safe mode now?
Kaine (12:36:44 PM): Try it.
General Chaos (12:36:57 PM): alright
General Chaos (12:47:48 PM): was still broken in safe mode
Kaine (12:49:56 PM): Let's see... What comes up when you try to execute a program?
General Chaos (12:50:34 PM): select program to open with window
Kaine (12:50:43 PM): Let's see...
Kaine (12:51:17 PM): I'm trying something.
General Chaos (12:51:37 PM): ok
Kaine (12:52:10 PM): Does it say "application" somewhere in that list?
General Chaos (12:53:23 PM): well right now its not wanting to do anything...
General Chaos (12:53:27 PM): just sits here
Kaine (12:53:37 PM): Can't select anything?
General Chaos (12:54:05 PM): ok I got the select thing to come up for the lnk files, but exes arent doing anything
Kaine (12:54:36 PM): So the "open with" box is stuck?
General Chaos (12:54:46 PM): no the open with box wont even come up
General Chaos (12:55:02 PM): just double click, flashes the timer, and nothing
Kaine (12:55:11 PM): NO.
Kaine (12:55:23 PM): You might redo what we have done so far.
Kaine (12:55:27 PM): If anything.
Kaine (12:55:33 PM): Right-click, open with.
General Chaos (12:56:04 PM): right click doesnt have open with, cant you hold a button and right click to get it?
Kaine (12:56:14 PM): Dunno.
General Chaos (12:56:19 PM): hrm
Kaine (12:56:56 PM): You're right. Wow, I have "run as" <grin>.
Kaine (12:57:33 PM): Try going to Tools : Folder Options : File Types
General Chaos (12:57:36 PM): lol I wasnt being a smart ass, theres just no option for that on this pos
Kaine (12:57:47 PM): Do you see anything for "exe"?
General Chaos (12:58:38 PM): in file types? no im not
Kaine (12:59:15 PM): I wonder... Try this: Go to "New", type "exe" for the extension and the file type is "application". Can you do this?
Kaine (12:59:37 PM): You may have to click "Advanced"
General Chaos (1:00:19 PM): well we are on the right path, just need an association
General Chaos (1:00:24 PM): exe icons are back
General Chaos (1:00:36 PM): shortcut icons are not
Kaine (1:00:55 PM): Leave the window open and everything open and try to run a program, then.
General Chaos (1:00:56 PM): it just says I need a file association in the file types
Kaine (1:01:08 PM): The file association is "application".
Kaine (1:01:37 PM): Would it be possible to send a screen shot of your screen? Win2K is different in this aspect from WinXP.
General Chaos (1:02:14 PM): screen of what exactly
Kaine (1:02:34 PM): Of the file type properties for EXE files.
General Chaos (1:02:39 PM): it says the assocaiation problem when i run the exe
Kaine (1:03:13 PM): Can't find the file that is associated with the extension, right?
General Chaos (1:03:48 PM): how fast of internet line are you on
Kaine (1:04:27 PM): T1 or T3. 10Mbps at this hookup.
General Chaos (1:04:31 PM): if your on aim I can just start screen shotting like crazy, got better then T3 here
General Chaos wants to directly connect (1:04:48 PM).
General Chaos (1:05:24 PM): : /
Connection problem with General Chaos; no connection was made. (Your 'Internet Connection Firewall' may be on. If you and your buddy are each behind a different firewall, then the connection will not work.) (1:05:25 PM).
Kaine (1:05:38 PM): Email?
General Chaos (1:05:47 PM): send file might work
General Chaos (1:06:09 PM): lemme get photoshop running then
Kaine (1:06:43 PM): ... How can you get Photoshop running if all EXE files are not loading?
General Chaos (1:06:50 PM): .com it
Kaine (1:07:00 PM): I wonder for more complex programs...
General Chaos (1:07:03 PM): BUT now this STUPID keyserver thing is blocking it, so I cant do that
General Chaos (1:07:25 PM): try ms paint I guess
Kaine (1:07:29 PM): If you have Outlook or something, just paste it in.
General Chaos (1:07:42 PM): I dont, ill see if my thing will let me
Kaine (1:07:45 PM): Or Word or something.
General Chaos (1:08:35 PM): bleh
General Chaos (1:08:59 PM): this may be a problem
Kaine (1:09:05 PM): Drama that needs to be cut?
General Chaos (1:09:13 PM): lol yup
General Chaos (1:09:16 PM): one thing is
General Chaos (1:09:25 PM): one I add the exe file type, it doesnt save it in file types
General Chaos (1:09:31 PM): so when I close it, it goes away
General Chaos (1:09:51 PM): I type in exe, and in advanced choose application, hit ok, it goes in the list
Kaine (1:10:39 PM): ... but out after you click "ok".
General Chaos (1:11:12 PM): when I click the ok in the folder options window, and go back into it, its gone
Kaine (1:11:34 PM): Hmm...
General Chaos (1:12:08 PM): man if I had access to the router I could just setup remote desktop
General Chaos (1:12:17 PM): then you can see what im workin with here
Kaine (1:12:39 PM): Copy and rename "c:\windows\system32\taskmgr.exe" and see what's running. If anything under your user name is suspicious, end it.
General Chaos (1:14:19 PM): why copy and rename?
Kaine (1:14:37 PM): Copy because it's a critical process.
Kaine (1:14:42 PM): Rename to open it.
General Chaos (1:14:45 PM): will ctrl alt delete, task manager work the same?
Kaine (1:15:14 PM): Only if it doesn't try to open task manager the same way as double-clicking on it.
General Chaos (1:16:21 PM): should I have 3 svchost.exe?
Kaine (1:16:39 PM): Yeah; one's for printing, another for user processes, etc.
General Chaos (1:16:45 PM): ok
Kaine (1:16:51 PM): As long as they're not over 20MB or so.
General Chaos (1:17:15 PM): well nothing looks suspicious
General Chaos (1:17:26 PM): theres some things im not sure what they are, but cant end them
Kaine (1:17:53 PM): If they're system process, you can't end them for a reason. If they're under your user name, that's bad.
General Chaos (1:18:41 PM): well this task manager doesnt tell me that much, im looking down the process list, doesnt show what name is using it
Kaine (1:19:09 PM): And you can't add the column, I guess... Crud.
