Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Regedit disabled

13 May 2011   #1
kaoticsolja

Windows 7 64 bit
 
 
Regedit disabled

So heres my problem

regedit has been disabled by administrator in windows 7

SO i know this is from a virus because my task manager is down also,
I am running MSE but i guess it didnt catch it,
any ideas how to fix this
And yes i have tried the idea below with no luck,

1. Press windows + R key combination to open the run menu, then type gpedit.msc and press enter.
2. Go to User Configuration> Administrative Templates> System
3. In the right pane, double-click Prevent Access to Registry Editing Tools, then change the status to not configured, click OK
4. Log off or restart the computer

Thanks in advanced

my best bet seems to be combo fix? But everywhere i read it says "this is a very powerful tool" now im by no means a cpu laymen but i dunno much about registry, heres the site, A guide and tutorial on using ComboFix ideas?

I have also used hijack this to come up with a log


Code:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:53 PM, on 5/13/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CityVilleBot\CVBot.exe
C:\Users\Kami\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kami\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kami\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kami\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kami\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Kami\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kami\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kami\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [POL Agent] C:\Program Files (x86)\POL\POL.exe
O4 - HKLM\..\Run: [{sys_service}62754432471953335662382249148423897549992817044589424153232730501452334687629674889617499922428556998210191381281847149509896266157954563736747715811523388527110360345655726779619993922499435956403558467293913854180055529281524522176240574046954846552768651] system key
O4 - HKLM\..\Run: [{sys_service}8617785589537675908575672571847220973316340467932365838746696473568656892186430172219530823345851980321624442661551581383743131500391188797970981949457576227613445945798899601385333362648317782987426981890617337277534789526494794559966399747037822807862885237] system key
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\drivers\csrss.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - C:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: mcShoutCastECommerceService - Unknown owner - C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe
O23 - Service: mcShoutCastLauraFM - Sörnt Poppe - C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe
O23 - Service: mcShoutCastProxy - Sörnt Poppe - C:\Program Files\mcShoutCast\ShoutCastProxyService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunerFreeMCEService - MillieSoft - C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
 
--
End of file - 8610 bytes
spybot search and destroy has found ardmax (known virus) and apparently cannot delete because i am no longer administrator lol help?


My System SpecsSystem Spec
.

13 May 2011   #2
Brink
Microsoft MVP

64-bit Windows 10 build 10159
 
 

Hello Kaoticsolja,

I would recommend to use the free ESET Online Scanner and Malwarebytes Anti-Malware Free to help make sure that you are malware and virus free.

The tutorials below should be able to help enable your regedit and Task Manager again if your command prompt is not disabled as well.

Regedit - Enable or Disable - Vista Forums

Task Manager - Enable or Disable - Vista Forums

Hope this helps,
Shawn
My System SpecsSystem Spec
Reply

 Regedit disabled




Thread Tools





Similar help and support threads
Thread Forum
Disabled monitor does not get disabled
I have a computer connected to a TV via HDMI. The TV has smaller resolution than the computer's monitor. I want the screens be doubled when I use TV but not otherwise. All works well if I mechanically plug the TV: the resolution on the computer bercomes the same as on the TV and I can watch...
Graphic Cards
on board (realtek) sound disabled with creative card disabled
I have an creative x-fi installed which I have disabled. The on board realtek (mb is an asus ph67) shows audio input to speakers in control panel but no sound at jacks (front or rear). Does the presence of the Creative SC disable the onboard audio?
Sound & Audio
Regedit help
I am trying to delete a registry sub-key and its not complying. I have full control, I am the owner and I am running regedit as an administrator on an admin profile. However, when ever I try to delete it I get an error. "Could not delete key <key name>: an error occurred while deleting" Any...
General Discussion
can't get into regedit!!!
i can't get into my registry. I have tried a few google options but they don't explain enough. One was "C:\WINDOWS\system32" and then to look for command.com which isn't there, Help please
Software
Task Manager and Regedit Disabled
Well, I know this is caused by malware, unfortunately. I've gotten rid of the malware itself, but I have no idea how to re enable the Task Manager or regedit. Each says "Disabled by administrator", but I'm the only account on the computer, and it's an admin account. What should I do? I'm on...
General Discussion
Updates Disabled - Really Disabled!!
Hi all.... Have just sorted an issue on a friends laptop, but noticed this while checking things out.... as this is Home Premium there is no group policy editor to try and enable updates through that, so if anyone knows the (possible) registry keys, or any other method to enable updates, I'd be...
Windows Updates & Activation

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:58.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App