Regedit replacement?

[Guest]

I'm using XP Pro SP2 MCE. From time to time I need to edit the
registry. I always get lost in there. Is there a free/cheap registry
program that would make it easier for me? Maybe I could color-code a
few folders, or bookmark them, or even have a dual-panel view.

Recommendations, please?


~~~~~~~~~~~
Awaiting your responses with baited breath, I remain, yours truly,
<*(((>< ~~~
~~~~~~~~~~~

 

[Brian A.]

Words of extreme caution are in order if you are going to edit te registry
from time to time. Always make sure you have a full backup image so you can
restore the OS as it was before you bumped the hair trigger.

CCleaner: http://www.ccleaner.com/
EasyCleaner: http://personal.inet.fi/business/toniarts/ecleane.htm


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[HEMI-Powered]

I'm using XP Pro SP2 MCE. From time to time I need to edit
the registry. I always get lost in there. Is there a
free/cheap registry program that would make it easier for me?
Maybe I could color-code a few folders, or bookmark them, or
even have a dual-panel view.

Recommendations, please?

It isn't always true, but frequently is - you get what you pay
for. I personally use the commercial utility JV16 Powertools. It
has an outstanding Registry editor with full search capabilities.

Now, exactly what is it you want to muck around with? You must be
100% sure that the cure is better than the disease. One mistep
and you may be doing the Bill Gates nuke-and-reinstall two-step.

No matter what you finally choose, do this - religiously: always,
always, ALWAYS set a manual Restore Point before even looking at
the Registry. If you make a blunder, chances are fair-to-good you
can boot to Safe Mode and do a Restore.

JV16 has a full suite of Registry tools but they are NOT for the
faint of heart! It will do its level best at preventing you from
doing something really dumb, just remember that computers blindly
do what you tell them, NOT necessarily what you want them to do.
Among other things, JV has a pretty damn nice interactie Registry
cleaner, but use with caution!

And, just because somebody told you that you need to tweak it to
keep your system running smooth, far, far, FAR more damage has
been done by a single Registry edit or cleaning blunder than any
percentage gain you're likely to see.

And, let the flames begin! Enjoy!

 

[Alec S.]

I'm using XP Pro SP2 MCE. From time to time I need to edit the
registry. I always get lost in there. Is there a free/cheap registry
program that would make it easier for me? Maybe I could color-code a
few folders, or bookmark them, or even have a dual-panel view.

Regedit fo Windows XP should already allow you to bookmark keys. Check the Favorites menu. If it's not there, try running regedt32
instead.

There are plenty of alternatives as well. You could try Lavasoft's Reghance or PCMagazine's Registry Master, both are good.

 

[Wesley Vogel]

In Windows XP, *ALL* Regedt32.exe does is *OPEN* Regedit.exe.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Alec S.]

In Windows XP, *ALL* Regedt32.exe does is *OPEN* Regedit.exe.

You mean that Regedt32 is identical to typing Regedit in the Run dialog?

 

[Wesley Vogel]

You mean that Regedt32 is identical to typing Regedit in the Run dialog?

Yep.

Try this.

Start | Run | Type: Regedt32 | Click OK |
Regedit.exe opens.
Leave it open.

Open the Task Manager, Ctrl + Shift + Esc.
On the Applications tab, right click Registry Editor and select Go To
Process.
Processes tab opens with regedit.exe highlighted.
Now look for Regedt32.exe under the Processes tab, you won't find it.

In Windows XP, *ALL* Regedt32.exe does is *OPEN* Regedit.exe.

That's why Regedt32.exe is only 3,584 bytes and regedit.exe is 134,144
bytes.

Regedt32.exe is in System32 and Regedit.exe is not, it's in WINDOWS.

Of course you have hacked Regedt32.exe or got one from an earlier version of
Windows. I don't remember your exact post in another thread about this. So
the above may be different for you.

Found it.

Yes, I know. Like I said, running "regedit" from the command prompt
caused regedit.exe from Win9x which I is in the DOS7.1 folder which I
have in the path to run, whereas running "regedit" from Run ran
regedit.exe from system32. I fixed that a while back.

At one point I even hacked regedt32.exe
to run a different app instead of regedit.

from...

[[Regedt32.exe
In Windows XP and Windows Server 2003, Regedt32.exe is a small
program that just runs Regedit.exe. ]]
From...
Differences Between Regedit.exe and Regedt32.exe
http://support.microsoft.com/kb/141377

[[NOTE: In Windows XP, Regedit.exe and Regedt32.exe have been integrated
into a single program that combines the features of the two registry editors
in Windows 2000. ]]
From...
"16 Bit MS-DOS Subsystem" Error Message When You Install a Program
http://support.microsoft.com/kb/314452

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Thanks, everbody, for the warnings and the suggestions. I hadn't
noticed the "Favorites" menu in regedit! I'll try that first.

I don't do much in the registry. Sometimes I edit the comments and
other times I shorten the program names. Sometimes I set a path for
an icon. Once in a while I kill off some kind of crap -- like
WildTangent, just recently. I like to look in the registry to see
what updates are installed. That kind of thing.

I may try one of the other products, too.

~~~~~~~~~~~
Awaiting your responses with baited breath, I remain, yours truly,
<*(((>< ~~~
~~~~~~~~~~~

 

[Ronnie Vernon MVP]

Fishy

I use the free RegSeeker. It has a very fast registry search feature, automatically creates a backup for any registry deletions, has a cleanup utility, several repair utilities and a lot more features.

Freeware: RegSeeker
http://www.hoverdesk.net/freeware.htm

 

[Alec S.]

Yep.

Not exactly. That's NOT all it does. Regedt32 calls the appropriate REGEDIT.EXE. That is, it calls the Regedit.exe in \Windows.
If ALL it did was to emulate typing "regedit" in the Run dialog, then it would run the first "Regedit" it finds irregardless of
either location or extension. You can prove this to yourself quite easily.

In the case of the OP, there are a few things that could be happening. One, is that their path is messed up and running "regedit"
causes some other program/version called regedit to be run instead of the one in \Windows. Two, there is another file called
Regedit, for example Regedit.com. Three, a combination of one and two. Let's say for example, the path is "c:\program
files\virus;c:\windows;c:\windows\system32". In this case, running "regedit" could cause regedit.vbs in "c:\program files\virus" to
run, which then runs Regedit.exe, some fake Regedit, or something.

One step is to run regedit.exe. Another is run regedt32.exe which will call C:\windows\regedit.exe and NOT some other regedit.exe
that happens to be on the path (of course simply running c:\windows\regedit.exe also works.) Another idea is to run
c:\servicepackfiles\i386\regedit.exe or c:\windows\system32\dllcache\regedit.exe. Finally, the safest is to run X:\i386\regedit.exe
where X is the CD/DVD drive letter.

Of course the most obvious explanation is that the OP just never noticed the Favorites menu.

 

[Wesley Vogel]

You can believe whatever you want.

The regedit.exe in C:\WINDOWS is in the PATH environment variable. This is
the file that is run.

The regedit.exe in C:\WINDOWS\system32\dllcache is NOT in the PATH
environment variable. This file is for Windows File Protection as a
replacement for the file in C:\WINDOWS. Same for the regedit.exe in
ServicePackFiles\I386, if there is one, it is used for WFP.

The ServicePackFiles folder only exists if you have upgraded to XP SP1 or XP
SP2 and they were not included in the original install and the SP1 or SP2
upgrade was done by downloading it from Microsoft. If the Service Pack is
installed by means of a CD-ROM or a distribution share, the ServicePackFiles
folder is not created. Same for slipstreaming a Service Pack.

Files and Folders Are Added to Your System After Service Pack Is Installed
http://support.microsoft.com/kb/271484

What Windows XP SP1 folders can I remove?
http://www.jsiinc.com/SUBL/tip5800/rh5814.htm

I have XP Pro SP1. SP1 was part of the install CD. So I have no
ServicePackFiles folder.

I have two regedit.exes, one in C:\WINDOWS and one in
C:\WINDOWS\system32\dllcache.

I have two regedt32.exes, one C:\WINDOWS\system32 and one in
C:\WINDOWS\system32\dllcache.

System32\dllcache contains backup copies of the operating system files that
are under the Windows File System Protection system.

Description of Windows XP and Windows Server 2003 System File Checker
(Sfc.exe)
http://support.microsoft.com/?kbid=310747

The only ways that I know of to start
C:\WINDOWS\system32\dllcache\regedit.exe are:

1. Navigate to C:\WINDOWS\system32\dllcache, double click regedit.exe or
right click regedit.exe and select Open.

2. Type or paste C:\WINDOWS\system32\dllcache\regedit.exe into the Run
command.

3. Start C:\WINDOWS\system32\dllcache\regedit.exe in a command prompt.

4. A .bat or .cmd file with Start C:\WINDOWS\system32\dllcache\regedit.exe

5. C:\WINDOWS\system32\dllcache\regedit.exe added to the Startup folders or
any registry start entry.

The full path needs to be included because C:\WINDOWS\system32\dllcache is
not normally in the PATH environment variable.

The OP does not have malware or regedit.com. If there is a regedit.com that
was created by malware, it won't even run, it may flash and disappear.

There can also be a legitimate regedit.com, created by Doug Knox's Emergency
Utilities.

xp_emegencyutil.exe - Creates usable copies of REGEDIT, MSCONFIG and Task
Manger
http://www.dougknox.com/xp/utils/xp_emerutils.htm

I have a C:\EmergencyUtils\Regedit.com. All it is is a renamed regedit.exe.

Typing regedit or regedt32 in the Run command does not call this particular
regedit.com because C:\EmergencyUtils is not in the PATH.

The operating system searches for an executable file by using default file
name extensions in the following order of precedence:
..COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH.

Windows XP searches for the specified file name first in the current
directory, and then it searches the directories in the command path in the
order in which they are listed in PATH.

Usually...
C:\WINDOWS\system32 first, then in C:\WINDOWS and then
C:\WINDOWS\System32\Wbem and then whatever other paths may have been added
by the user or by installing 3rd party software or maybe by malware.

If not found in the current PATH, Windows looks in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths

I don't know why I include MSKB articles, you don't believe them anyway.

Now I suppose you're going to tell me that typing write or write.exe in the
Run command opens the old Windows Write from Windows 3.x instead of opening
Wordpad.exe.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Alec S.]

You can believe whatever you want.

Test it for yourself.

Copy CALC.EXE to a folder on your system.
Rename it to REGEDIT.EXE.
Add that folder to your system path, BEFORE \Windows (eg: C:\test;C:\Windows;C:\Windows\System32;etc.)
Open the Run dialog and type regedit (or even regedit.exe if you want). The calculator will come up instead.
Open the Run dialog and type regedt32. The registry editor will come up.

It's not my belief, it's fact.

The regedit.exe in C:\WINDOWS\system32\dllcache is NOT in the PATH
environment variable. This file is for Windows File Protection as a
replacement for the file in C:\WINDOWS. Same for the regedit.exe in
ServicePackFiles\I386, if there is one, it is used for WFP.

I didn't say it's in the path, I said that it is supposed to be a safe copy of the file; that even if a virus or something
altered/replaced regedit, that the one in there should theoretically still be good, so it can be used to test.

The ServicePackFiles folder only exists if you have upgraded to XP SP1 or XP
SP2 and they were not included in the original install and the SP1 or SP2
upgrade was done by downloading it from Microsoft. If the Service Pack is
installed by means of a CD-ROM or a distribution share, the ServicePackFiles
folder is not created. Same for slipstreaming a Service Pack.

And since many, many installations of XP are Gold, they will thus have a ServicePackFiles folder.

I have XP Pro SP1. SP1 was part of the install CD. So I have no
ServicePackFiles folder.

Again, many do.

The only ways that I know of to start
C:\WINDOWS\system32\dllcache\regedit.exe are:
…

Or, a virus, a script, a shellexecute, a registry application, a malware cleaner…

The full path needs to be included because C:\WINDOWS\system32\dllcache is
not normally in the PATH environment variable.
Correct.

The OP does not have malware or regedit.com.

How do you know that?

If there is a regedit.com that was created by malware, it won't even run, it may flash and disappear.

Not true. Look at the .COM files in System32. They are actually EXEs, and some are even larger than 64KB (larger than a segment).
Therefore a .COM file could easily launch the real Regedit as part of it's cover while it does it's misdeeds, or even replace
Regedit altogether with an infected copy. Since it's got a .COM extension, it will load before regedit.exe.

There can also be a legitimate regedit.com, created by Doug Knox's Emergency Utilities.

Actually that's just a copy of regedit.exe, renamed to Copy_of_Regedit.com. There are reports of bad files called regedit.com, eg:
http://windowsxp.mvps.org/ToolsQuit.htm

I have a C:\EmergencyUtils\Regedit.com. All it is is a renamed regedit.exe.

It's "Copy_of_Regedit.com".

Typing regedit or regedt32 in the Run command does not call this particular
regedit.com because C:\EmergencyUtils is not in the PATH.

The operating system searches for an executable file by using default file
name extensions in the following order of precedence:
.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH.

But path location takes precedence over extension. If a file called regedit.WSH is found in C:\Virus, which comes earlier in the
path than C:\Windows, then that will be called instead of C:\Windows\Regedit.exe (or even C:\Windows\Regedit.com).

Windows XP searches for the specified file name first in the current
directory, and then it searches the directories in the command path in the
order in which they are listed in PATH.

Usually...
C:\WINDOWS\system32 first, then in C:\WINDOWS and then
C:\WINDOWS\System32\Wbem and then whatever other paths may have been added
by the user or by installing 3rd party software or maybe by malware.

That's only because System32 comes before Windows in the path, you can easily rearrange them.

I don't know why I include MSKB articles, you don't believe them anyway.

Believe what? I didn't contradict a single thing they say.

Now I suppose you're going to tell me that typing write or write.exe in the
Run command opens the old Windows Write from Windows 3.x instead of opening
Wordpad.exe.

If there is a copy of Win3.x's Write named Write.exe that appears in a folder which comes earlier in the path than the one which
launches Wordpad, then yes.

 

[Alec S.]

I use the free RegSeeker. It has a very fast registry search feature, automatically creates a backup for any registry deletions,

has a cleanup utility, several repair utilities and a lot more features.

I just tried that out. Unfortunately, it only looks fast. Ironically, the very things that makes it look fast (the flashing
display line) is likely to be the exact thing that causes it to be so slow since it has to waste CPU cycles generating and
displaying that line instead of dedicating every cycle it can get to the actual search.

I ran a quick test and found that Regedit is actually ~60% faster than Regseek.

While I was at it, I gave PCMagazine's Registry Master a quick profile as well. I expected it to be extremely slow (to the point
that it practically hangs!) since the last time I used it, it was more or less useless. It actually managed to do the search
blazingly fast. It was ~200% faster than Regedit. This was in normal mode though, naturally using regular expressions, the search
will be much slower (I tried a regex search and it finished just as fast, but it was a very simple regex). I'm going to use
Registry Master the next few times, to see if it's speed holds up. If it does, then I'm switching to that.

 

[Wesley Vogel]

I use RegScanner.exe for searching the registry on occasion.

RegScanner is a small utility that allows you to scan the Registry, find the
desired Registry values that match to the specified search criteria, and
display them in one list. After finding the Registry values, you can easily
jump to the right value in RegEdit, simply by double-clicking the desired
Registry item.
http://nirsoft.net/utils/regscanner.html

You can only search HKLM or HKCU.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Wesley Vogel]

Test it for yourself.

Copy CALC.EXE to a folder on your system.
Rename it to REGEDIT.EXE.
Add that folder to your system path, BEFORE \Windows (eg:
C:\test;C:\Windows;C:\Windows\System32;etc.)
Open the Run dialog and type regedit (or even regedit.exe if you want).
The calculator will come up instead.
Open the Run dialog and type regedt32. The registry editor will come up.

It's not my belief, it's fact.

I remember trying something similar in the past. In fact I found it today
in the registry and fixed it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\WORDPAD.EXE
was set for something on my Desktop instead of C:\Program Files\Windows
NT\Accessories\wordpad.exe.

Typing write or write.exe in the Run command did nothing. Typing wordpad or
wordpad.exe in the Run command did nothing. Wordpad worked fine from my
Start Menu where I usually start it from.

I wonder how long ago I screwed that up? <shrug>

Anyway, back to our program after these commercial messages. ;-)

I did not try that. I tried this.

I dragged regedit.exe from C:\WINDOWS\system32\dllcache to my Desktop. That
way the one in C:\WINDOWS would not get replaced when I dragged that
regedit.exe to another folder.

WFP complained, but I cancelled that.

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64005
Date: 01-Sep-06
Time: 6:42:09 PM
User: N/A
Computer: MYPENTIUM450
Description:
The protected system file regedit.exe was not restored to its original,
valid version because the Windows File Protection restoration process was
cancelled by user interaction, user name is Wesley P. Vogel. The file
version of the bad file is unknown.
---

Start | Run | Typed: regedit and got this message:

---------------------------
regedit
---------------------------
Windows cannot find 'regedit'. Make sure you typed the name correctly, and
then try again. To search for a file, click the Start button, and then click
Search.
---------------------------
OK
---------------------------

Start | Run | Typed: regedit.exe got a File Download message, clicked Open
on it and got a Program Not Found message. Canceled out of that.

Start | Run | Typed: regedt32 and got the File Download message, clicked
Open on it and nothing happened.

Start | Run | Typed: regedt32.exe and got the File Download message, clicked
Open on it and nothing happened.

Opened C:\WINDOWS\system32 and double clicked regedt32.exe. Nothing
happened. Right clicked regedt32.exe, selected Open. Nothing happened.

Regedt32.exe does not do much of anything with nothing to open.

I dragged regedit.exe from my Desktop back into
C:\WINDOWS\system32\dllcache. A new regedit.exe was not created in
C:\WINDOWS because I had already cancelled the Windows File Protection
restoration process. I suppose that if I rebooted a new regedit.exe would
be created in C:\WINDOWS.

Opened C:\WINDOWS\system32\dllcache and double clicked regedt32.exe.
Regedit.exe opened. Remember that I now have regedit.exe in
C:\WINDOWS\system32\dllcache but not in C:\WINDOWS.

Start | Run | Typed: regedt32 Nothing.

Start | Run | Typed: regedt32.exe Nothing.

Start | Run | Typed: regedit and got this message:

---------------------------
regedit
---------------------------
Windows cannot find 'regedit'. Make sure you typed the name correctly, and
then try again. To search for a file, click the Start button, and then click
Search.
---------------------------
OK
---------------------------

Start | Run | Typed: regedit.exe and got this message:

---------------------------
regedit.exe
---------------------------
Windows cannot find 'regedit.exe'. Make sure you typed the name correctly,
and then try again. To search for a file, click the Start button, and then
click Search.
---------------------------
OK
---------------------------

Now to see if I get a new regedit.exe in C:\WINDOWS after rebooting.

Nope. I had to drag the other regedit.exe back into C:\WINDOWS.

Hmm. Winlogon should've run sfc.exe at boot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Winlogon
SFCDisable is set to 0 so WFP is active. Must be because of the cancel I
did earlier on WFP.

Anyway both regedit.exes are back where they belong.

That is what commonly happens with malware created .com files. They are not
real .com files. Or you get a XXX is not a valid Win32 application. Or
some other error message.

[[When you open System Configuration Utility [MSCONFIG], Registry Editor or
Task Manager, they flash for a second and quit. This symptom is caused by
Viruses.]]

Task Manager, MSCONFIG, or REGEDIT disappear while opening
http://www.mvps.org/sramesh2k/ToolsQuit.htm

Since it's got a .COM extension, it will load before
regedit.exe.

It will TRY to load first. Because the malware created .com files are
generally upgefuchted to start with they do not actually run in the usual
sense of the word. They flash and quit and nothing is looking for a file
with the same name but with an .exe extension because a .com file had
already been found. So the system thought that it had done its job.

Actually that's just a copy of regedit.exe, renamed to
Copy_of_Regedit.com.

I may have renamed mine. I honestly do not remember. It was created on 18
February, 2004, that's too long ago for my memory.

I think that I spent more time dicking around with the #$%#$% formatting on
this message to make it look like someone older than 9 typed it. $%#$%!!
OE!

If one did have a malware created regedit.com and the original regedit.exe
in C:\WINDOWS had not been messed with, typing regedt32 in the Run command
would probably open regedit.exe.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

news:[email protected]...

 

[Alec S.]

I dragged regedit.exe from C:\WINDOWS\system32\dllcache to my Desktop. That
way the one in C:\WINDOWS would not get replaced when I dragged that
regedit.exe to another folder.

Don't forget that the Desktop takes top priority over everything else. If you have a file—say Regedit.exe—on the desktop, and you
enter Regedit in the Run dialog—for the sake of completeness, "running" something from the Run dialog is identical to running it
with ShellExecute or other similar method of starting a process—then the one on the desktop will run, no matter what you've got in
the path! I keep running into this every now and then, when I type something into Run and instead of the expected app starting, I
get an explorer window. The first few times I was confused, but now I automatically know that it's because I have a folder on the
desktop that happens to have that name. :|

That is what commonly happens with malware created .com files. They are not
real .com files. Or you get a XXX is not a valid Win32 application. Or
some other error message.

[[When you open System Configuration Utility [MSCONFIG], Registry Editor or
Task Manager, they flash for a second and quit. This symptom is caused by
Viruses.]]

True, that's when they have empty files like you mentioned in another post, or when they are corrupt apps, or files filled with
garbage/random data. However, most viruses and such will in fact be executable, otherwise they won't be able to deliver their
payload. On occasion however they may screw up the file to render it unrunnable (especially the polymorphic variety).

I may have renamed mine. I honestly do not remember. It was created on 18
February, 2004, that's too long ago for my memory.

It's interesting that so many people say the same thing, that just a couple of years ago seems like an eternity for them, while for
me it seems like just a few days. :-\

I think that I spent more time dicking around with the #$%#$% formatting on
this message to make it look like someone older than 9 typed it. $%#$%!!
OE!

Yup, I hate it too. I especially hate that OE keeps breaking lines.

If one did have a malware created regedit.com and the original regedit.exe
in C:\WINDOWS had not been messed with, typing regedt32 in the Run command
would probably open regedit.exe.

True.


Well, in the end my guess was right, he simply hadn't noticed the Favorites menu.

 

[Guest]

Doh. The OP just never noticed the Favorites menu. Or so the OP has
informed me. ;-)

~~~~~~~~~~~
Awaiting your responses with baited breath, I remain, yours truly,
<*(((>< ~~~
~~~~~~~~~~~

 

[Guest]

I *think* I followed what you said ...

I just go to Start > Run > Regedit and the registry editor comes up.
That's all I know. Now that I have *noticed* the "Favorites" option
on the toolbar, I'll give that a try.

No, I think I'll try some of the others, too.



~~~~~~~~~~~
Awaiting your responses with baited breath, I remain, yours truly,
<*(((>< ~~~
~~~~~~~~~~~

 

[Wesley Vogel]

Don't forget that the Desktop takes top priority over everything else.

If you have a file—say Regedit.exe—on the desktop, and you enter Regedit
in the Run dialog—for the sake of completeness, "running" something from
the Run dialog is identical to running it with ShellExecute or other
similar method of starting a process—then the one on the desktop will
run, no matter what you've got in the path! I keep running into this
every now and then, when I type something into Run and instead of the
expected app starting, I get an explorer window. The first few times I
was confused, but now I automatically know that it's because I have a
folder on the desktop that happens to have that name. :|

Nope. I have not had that problem. I had a copy of regedit.exe on my
Desktop the whole time that I was experimenting with regedit.exe and
regedt32.exe in my previous post. Not once did regedit.exe start from the
Desktop.

Yes, the ultimate root of the namespace hierarchy is the desktop.

The Desktop is a virtual folder. The Desktop is a NameSpaceExtension which
shows the combined contents of two folders at one time.
%allusersprofile%\Desktop and %userprofile%\Desktop.

{00021400-0000-0000-C000-000000000046} is the CLSID for Desktop.

True, that's when they have empty files like you mentioned in another
post, or when they are corrupt apps, or files filled with garbage/random
data. However, most viruses and such will in fact be executable,
otherwise they won't be able to deliver their payload. On occasion
however they may screw up the file to render it unrunnable (especially
the polymorphic variety).

W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

This worm creates enough .exe files that the .com files it creates do not
have to launch any virus or launch anything at all for that matter. My
guess is that the CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM, TASKKILL.COM,
TASKLIST.COM or TRACERT.COM files just launch to prevent any .exe with the
same name from launching. Preventing Joe Average from trying to fix
anything.

It's interesting that so many people say the same thing, that just a
couple of years ago seems like an eternity for them, while for me it
seems like just a few days. :-\

I can't remember what we were discussing. CRS syndrome. ;-(

Well, in the end my guess was right, he simply hadn't noticed the
Favorites menu.

Yup.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Alec S.]

----- Original Message -----
From: "Wesley Vogel" <[email protected]>
Newsgroups: microsoft.public.windowsxp.customize
Sent: Saturday, September 02, 2006 3:08pm
Subject: Re: Regedit replacement?

Nope. I have not had that problem. I had a copy of regedit.exe on my
Desktop the whole time that I was experimenting with regedit.exe and
regedt32.exe in my previous post. Not once did regedit.exe start from the
Desktop.

That's because it was an .EXE on the desktop. If it was a folder on the desktop it would have opened. What I meant was that
folders on the desktop have top priority over similarly named folders AND files anywhere else. This goes for the Run dialog,
command prompt, ShellExecute, or anything else.

No idea why.