Desktop icons have lost their file association. All applications, under Programs also. Can't run regedit or any utility type programs. Viruses were found and cleaned but I can't get these back.

I'm trying to recover from this virus issue but my icons (shortcuts) and any application for that matter has lost it's file association.   Is there an easy way to recover this?   Any help please.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

GhostModConnect With a Mentor Commented:
Closed, 500 points refunded.

Community Support Moderator
There are a number of viruses that mess up the Registry data for running executable (.exe) files, so this can cause nothing to happen when you double click an .exe file in My Computer or try to execute one by putting the name in the Run dialog box off the Start Menu.  Various authors have come up with .reg (Registry) files to restore the proper contents.

For Windows XP, you can find one this way: go to the following page and click on the link for item number 12, "EXE Fix for Windows XP":

You would need to download the .reg file to someplace convenient where you can access it, such as your Desktop, then double click it to merge the contents into the Registry and reboot the computer.

If double-clicking it doesn't work, try renaming regedit.exe to and see if you can do it that way.

And if THAT doesn't work, try this tip from the following page:

 If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files.  To work around this, press CTRL-ALT-DEL and open Task Manager.  Once there, click File, then hold down the CTRL key and click New Task (Run).  This will open a Command Prompt window.  Enter REGEDIT.EXE and press Enter.

The above page has fixes for other lost file associations, including shortcuts (.lnk files.)
After you've fix your file associations, can we look at your hijackthis log?

Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> 
and click "Analyse", click "Save".  Then post the link to the saved list here.

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

can you boot into safe mode command prompt, if so try running system restore & select a date prior to when this started occurring

%systemroot%\system32\restore\rstrui.exe    "xp sys rst from dos"
run windows system file checker at start run type in cmd press enter then type in the blackbox sfc /scannow press enter you may need your xpcd.

perform a system restore at start all programs accesories system tools system restore
or restart the machin etapf8 continoulsy choose from the advanced options last known good config that worked choose a date. pres enter onthat windows will load the time frmae before anything was wrong and not infected.
Once malware has definately been removed its ok to restore so long as your system restore itself is not infected.

do a "repair" install, that restores all the basic system files.  Boot from the XP CD, and go through as if you are going to reinstall the OS, but you dont.  When it detects the existing OS on the drive, press "R" to repair the corrupted setup files.  YOu will be running in less than 30 mins.
CAT27, any feedback?
CAT27Author Commented:
I took the drives out and did a virus scan on them.   14 virus have been found.  Trojan.ByteVerify, Bloodhound.Morphine, Backdoor.Ranky, and Backdoor.Jupdate.    Norton Quarantined these virus.    I deleted them from the Quarantine area.  I also tried to locate them on the drive to delete them as well.  

Put drives back into system, rebooted.   Problem still there.   I've tried dougknox registry files but the won't write to the registry.  I can't run anything from the run command because of the association problem.   Nothing launches from the Control panel.   I'm about ready to reload but prefer not to if it can be resolved in another way.   I would like to try repair option from CD but I'm not 100% sure the virus issue is cleaned.  

Here's my updated, still trying to resolve.
You tried the trick of using the Regedit.exe program by opening it in Task Manager?  You say the Doug Knox fixes won't write to the registry; is there an error message?
here's how to do a repair not a recovery.
a reinstallation of Windows XP, sometimes called a repair installation?

Configure your computer to start from the CD-ROM drive. Then insert your Windows XP Setup CD, and restart your computer.

When the Press any key to boot from CD message is displayed on your screen, press a key to start your computer from the Windows XP CD.
Press ENTER when you see the message To setup Windows XP now, and then press ENTER displayed on the Welcome to Setup screen.
 Do not choose the option to press R to use the Recovery Console.
In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
 Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
 Follow the instructions on the screen to complete Setup.
extra guide for illistrations just look below the writing for the pictures
C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt
start notepad look.txt

The problem could be the path variable, let's check it.
Copy all the text above the line to Notepad. Save as "look.bat"
Save as Type to *All Files
Save it on the desktop
Once saved, double click on the "look.bat" file.
A new document will appear (look.txt) on your desktop.
Open this document with Notepad and post its contents in your next reply.

If it is infact the path variable problem then "" should fix it.

Download FIXPATH2.ZIP by Bill Stewart
*Extract the files to a folder in C:\, like C:\FIXPATH2 (make a folder like that to extract the files to).
*Open a command prompt window by going to Start > Run type: cmd and click Ok.
*At the command prompt, type: cd C:\ and press Enter, so you should get C:\>.
*Then type: cd FIXPATH2 and press Enter, So you should get: C:\>fixpath2.
*Then type: FIXPATH.EXE and press Enter.
*It will display some preliminary information, and ask if it should continue and check for errors. Click Yes.
*If it successfully updates the Path value in the registry, you will need to
*reboot for the change to take effect. !! This is really important !!
CAT27Author Commented:
Thank you for all of the great suggestions.  I have not been able to work on this today but plan on trying your suggestions tomorrow.  I will let you know how it goes. Again thanks
when you removed the drives & ran norton on them, i assume you booted from another computer's drive, if so did you boot into safe mode to run norton (this makes a big difference)?

when you put the drive back into your pc, boot into safe mode & turn off system restore (system prop's - system restore tab, check turn off system restore),

then boot into safe mode command prompt:
1) del temp inet files
rd /s /q "C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\"
2) navigate to your temp folder & delete suspicious programs & dlls
cd\ "C:\Documents and Settings\<username>\Local Settings\Temp\"
3) try to copy regedit.exe to & then try running
CAT27Author Commented:
Ok. Update Info

To scan I've removed the hard drive and placed it into a USB hard drive that is placed on a working machine.   This drive should be virus free.  I've scanned it many times, plus manually removed the corrupt files if I could find them.

When I put it back into the system to boot (In safe mode), I always get a dialog box with encrypted symbols prior to login.  It forces me to hit ok, not able to close this dialog box with x in right upper corner of the window.   I'm not able to apply any of the fixes mentioned because nothing will launch.

This is Windows XP Media, not able to repair like mentioned above.   Also, not able to load any new applications to try to fix this.  I've tried to restore back to Ma 15 but that has not worked either.

I'm still working on this.  Thanks for suggestions please add more if you have anything else to add. Thanks
I've suggested to let us look at your hijackthis log, and also show us the look.txt  
but you didn't reply on either one.
can you perform a repair from Medi cneter recovery console.
Windows XP Media Center Edition 2004 - Recovery Procedure
with illistrated pictures
he can't boot to run hijackthis on his drive, unless attached to another computer so it won't read his registry & windows system files

while connected to the other pc in the usb enclosure
1) navigate to each user's local settings & delete temp exe & dll files, next delete the entire temp inet folders, 2) navigate to each user's start menu startup folder & remove any suspicious programs

3) follow below instructions to load the hive from the user folder on your drive - navigating to the run areas in hklm & hkcu to remove unwanted startup programs

*** addendum to above link's - to load local machine software settings

Highlight HKEY_LOCAL_MACHINE, choose  "Load hive" from the File menu, open
           C:\Windows\system32\config\software    (no extension).
When asked for a name, choose "OldSoftware".  Access/backup/change the keys you're interested in. Once you're done, highlight the "OldSoftware" key, choose "Unload hive" from the file menu.

CAT27Author Commented:
I've tried all of your suggestions! Thanks, but have run out of time and just did a re-install.  
then my suggestion has resolved it as I offered the repair option twice one for xp and one for Media center.
i believe scrathcyboy first mentioned doing a repair install, which also is not the same as doing a complete o/s re-install.
CAT27Author Commented:
Please close this question.  I resolved this myself by doing a brand new install onto a brand new hard drive.   Thanks for the suggestions.
cat, you must submit a new question in community support asking for a refund (include the url to this thread)
see here for more info->
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.