RegistrationTool! - UKT Support

Home
What's New
Message Board
Contact Us

Search the Main Site
powered by FreeFind

Acer
Advent
Amstrad
Apple
Canon
Compaq
CTX
Epson
Hewlett Packard
Mitsubishi/Apricot
Packard Bell
Other Manufact.

File Extensions
Humour
Links
Microsoft
Reference
Scanner Support

UKT Support

Help

Members

Calendar

Welcome Guest ( Log In | Register )

UKT Support - Message Board > Technical Support > Software Support

Code of Conduct

RegistrationTool!

Options

Jaded View Member Profile	Oct 28 2009, 10:38 AM Post #1
Technical Consultant Group: Members Posts: 132 Joined: 23-March 06 Member No.: 5,445	Hi. HP - Compaq NX6325, XP Pro. During the later stages of the Windows run-up, a small dialogue box appears. The header legend is 'RegTool!' and the text says 'Internal error. Unable to read local file.' I left click on OK and the db disappears and the pc operates as normal. I'd be grateful for a correction procedure, please. T I A J

Grasshopper View Member Profile	Oct 28 2009, 01:59 PM Post #2
Shaolin Grand Master Group: Super moderators Posts: 6,805 Joined: 14-July 03 From: Surrey, UK Member No.: 20	Regtool is a rogue registry cleaner. You want to remove it. It sounds like it is half gone already since it is obviously failing to load. Download the free version of MalwareBytes, update it and scan. LINK -------------------- Listened for he cannot be heard; Looked for he cannot be seen; Felt he cannot be touched.

Jaded View Member Profile	Oct 30 2009, 09:47 AM Post #3
Technical Consultant Group: Members Posts: 132 Joined: 23-March 06 Member No.: 5,445	G H. Thanks for reply. The scan reported 'No malicious software'. I'm greatly relieved. The dialogue box is still appearing during boot-up; is it possible to get rid of it? T I A J

Grasshopper View Member Profile	Oct 30 2009, 01:51 PM Post #4
Shaolin Grand Master Group: Super moderators Posts: 6,805 Joined: 14-July 03 From: Surrey, UK Member No.: 20	Use msconfig to see if it is listed in startup items. If it is uncheck it. It should list as regtool.exe or regtool5.dll or RegTool.lnk Failing that use regedit to see if the following registry entries exist (although MalwareBytes should have found them if they do) HKEY_CURRENT_USER\Software\RegTool HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “RegTool” -------------------- Listened for he cannot be heard; Looked for he cannot be seen; Felt he cannot be touched.

Jaded View Member Profile	Oct 31 2009, 12:06 PM Post #5
Technical Consultant Group: Members Posts: 132 Joined: 23-March 06 Member No.: 5,445	None of the procedures showed anything with a name like 'RegTool'. I wondered if, being malware, it might have adopted some innocuous name. Under the heading of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run \ I found a name Reminder with data value C:\WINDOWS\Creator\Remind_XP.exe is this suspicous? Also, immediately following HKEY_LOCAL_MACHINE\Software\Microsoft is a folder named 'Mirosoft'. There are no contents shown. J

Grasshopper View Member Profile	Oct 31 2009, 05:48 PM Post #6
Shaolin Grand Master Group: Super moderators Posts: 6,805 Joined: 14-July 03 From: Surrey, UK Member No.: 20	QUOTE I found a name Reminder with data value C:\WINDOWS\Creator\Remind_XP.exe is this suspicous? No. HP process to remind you to ceate a recovery disc. QUOTE a folder named 'Mirosoft'. There are no contents shown. Obviously that is not right but if it is empty, iy can'y be doing anything. Iy sounds to me like there is an orphan registry entry somewhere. You could try running CCleaner. That should find any orphans. -------------------- Listened for he cannot be heard; Looked for he cannot be seen; Felt he cannot be touched.

Jaded View Member Profile	Nov 5 2009, 03:10 PM Post #7
Technical Consultant Group: Members Posts: 132 Joined: 23-March 06 Member No.: 5,445	G H. Apologies re delay. I've tried CCleaner and it did clear out a lot of files. I regret that the phantom D B is still appearing. I'm prepared to spend time and effort if you think it worthwhile and can think of a procedure. J

Grasshopper View Member Profile	Nov 5 2009, 05:21 PM Post #8
Shaolin Grand Master Group: Super moderators Posts: 6,805 Joined: 14-July 03 From: Surrey, UK Member No.: 20	Blessed if I know. The dialogue box has to be running from something. Which has to be a start up item or a registry key. How about trying HiJack This? You'll find the instructions for running it in the Malware section. Post the log file in this thread and I'll try to find the time to sit down and read through it. -------------------- Listened for he cannot be heard; Looked for he cannot be seen; Felt he cannot be touched.

Jaded View Member Profile	Nov 12 2009, 05:26 PM Post #9
Technical Consultant Group: Members Posts: 132 Joined: 23-March 06 Member No.: 5,445	G H. Is this (below) an example of the sort of log you are expecting to see? I don't know if it might be relevant, but the start-up procedure takes much longer than it used to. J Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:49:20, on 12/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\IFXSPMGT.exe C:\WINDOWS\system32\IFXTCS.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\Program Files\TalkTalk\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/radio4/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration-Pinnacle Express.lnk = C:\Program Files\Pinnacle\Pinnacle Express\EReg\RegTool.exe O4 - Startup: Registration-Studio 7 SE.lnk = C:\Program Files\Pinnacle\Studio 7\Register\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189630717281 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11205 bytes

Grasshopper View Member Profile	Nov 13 2009, 08:35 AM Post #10
Shaolin Grand Master Group: Super moderators Posts: 6,805 Joined: 14-July 03 From: Surrey, UK Member No.: 20	Mea Culpa. I was wrong. In this case RegTool isn't the rogue software, it is part of Pinnacle Studio 7 software. You'll see the two entries for it in the 04 section. If you no longer have Studio 7 installed, then you can have HJT fix those two lines. If you do still use it, obviously it has lost a file and I would suggest uninstalling & reinstalling it. -------------------- Listened for he cannot be heard; Looked for he cannot be seen; Felt he cannot be touched.

Jaded View Member Profile	Nov 13 2009, 10:46 AM Post #11
Technical Consultant Group: Members Posts: 132 Joined: 23-March 06 Member No.: 5,445	G H. I'm just relieved that I hadn't gained an infection. Studio 7 is no longer installed; how do I get HJT to fix the two lines? please. J

Mart View Member Profile	Nov 14 2009, 11:35 AM Post #12
Minor Deity Group: Super moderators Posts: 1,138 Joined: 14-July 03 From: Tipton, West Mids Member No.: 21	In the absence of Hopper: Tick the box next to the item and click "Fix checked". If you're not sure, it's these two: O4 - Startup: Registration-Pinnacle Express.lnk = C:\Program Files\Pinnacle\Pinnacle Express\EReg\RegTool.exe O4 - Startup: Registration-Studio 7 SE.lnk = C:\Program Files\Pinnacle\Studio 7\Register\RegTool.exe -------------------- There's no such thing as a stupid question, but they're the easiest to answer.

Jaded View Member Profile	Nov 14 2009, 05:35 PM Post #13
Technical Consultant Group: Members Posts: 132 Joined: 23-March 06 Member No.: 5,445	G H, Mart, Success! Many thanks. J

« Next Oldest · Software Support · Next Newest »

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 23rd November 2009 - 04:44 AM