SpywareGuard install problems

Tried to download and install SpywareGuard twice, both times I get error message:
Error creating registry key
HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\{4A368E80-174F-96B5-0B27DDD11DB2}
RegCreateKeyEx failed ; code 5
Access is denied.

Can't find anything on this in the data base FAQ.
Need some assistance ASAP as I have already removed BrowserHijackBlaster.
Thanks in advance.
Don

 

Fokkerdon - hello.

I assume you don't have any type of application (registry protection) that prohibits registry entries? Also, do you have admin rights to your PC?

Edit: One more thing - I see the registry entry concerns BHO's. Ensure you don't have something (some type of security software, like Spybot) prohibiting this type of entry.

 

Hi D&C,
Apologies for not getting back sooner, things came up.

OK, I am often dazed and confused myself . Not real computer literate but --

I don't think I have any kind of registry protection running??, (although when Daemon and I were working on getting rid of that about:blank and homeoldsp crap, we did have to rename a windows folder to notwindows and then when we renamed it back after getting rid of sqlipmn (the hidden file hijacker) it did not rename back to windows, it created another windows folder under the windows2000nt folder/file and left the notwindows file up there above.
Daemon said just to leave it as is since the computer was finally!!! working right. This was on TomCoyote forums as SWI was offline at the time and that was the next forum I ran into.) but what would I be looking for as far as a program that would be providing registry protection??

Yes, I have admin rights.
Yes I have Spybot S&D 1.3 , latest detection update 5-29-2004 , in default mode with immunization running. Not sure if that could be blocking it or not, just not real computer literate. But it says it is running :
"Permanent I.E. immunity"
"Permanently running bad download blocker for internet explorer."
Would either of these be causing the error?

I have already uninstalled the BrowserHijackBlaster so that should not be the problem, right?

Just tried to download and install it again and same results.

Lost here, will be on and off computer most of afternoon checking stuff out.

 

D&C
Forgot , I also have SpywareBlaster running. Also use Ad-Aware in conjunction with Spybot for scans. Also NAV.

 

Fokkerdon - It's been a while since I used Spybot, but I believe there are settings in there that have something to do with blocking BHO's. That might be preventing this registry entry. I'm not that technical a person, so I can't go into much detail. However, there are lots of Spybot users here at this forum, and most are very smart! Maybe one of them can chime in and tell us what they know about this.

 

Hey Fokkerdon,

Code 5 = The permissions of the individual logged on and running the program are not sufficient for the task attempted by the function.

Having said that....do you have the below key present in your registry ?

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

Edit: Sp

 

Thanx D&C,
See a message from Bubba here. Will answer him and see what I can do.
Thanks again
Don

 

Hello Bubba,
thank you for response.
OK, I cannot see any HKLM(s) at all, all I see are HKEY(s).
Can you direct me in how to get to the HKLM(s) please?

I right clicked on each HKEY and checked permissions>advanced and they do not look right to me, most all say "Uninherited".
And there is something called Everyone in one or two of them that I believe should have been deleted when I worked with Daemon at TomCoyote on removing the about:blank and HOMEOldSP and SQLIPMN.dll browser hijackers but somehow I messed up that step. (I have copies of all messages from that many many days and many many messages he helped me with, including I believe all the hijack this and findall logs).
I tried to go to BHO under one of the HKEY(s) and was denied access.

HELP?
Don

 

Bubba,
Is there any way I can copy off the registry entries and post so you can see what I have??
Thanks
Don

 

Hey Don,

Those three comments leads me down the road that you do NOT have total Admin rights for whatever reason. Your either not signed on as a TRUE Admin or something else has screwed with the registry hive.

Where I was headed with the question about the HKLM....53707962-6F74-2D53-2644-206D7942484F was to see if you at one time was succesful in creating an entry at that location. That key I was inquiring about is Spybot's SDHelper BHO....BUT since you can not even see the key....you have other issues that need to be addressed....I.E.....signin as a True Admin and if your sure you are....I'll have to scratch my head for a bit and wonder if your still infected with something.

 

Hi Bubba,

OK, I looked at permissions for each HKEY I have in the registry tree and they have different settings for different HKEYs. I am going to go back into REGEDIT and just right click on each HKEY and then go to permissions, then to advanced and write down and then type out what I find there in all of them.

I agree that somehow it is messed up. If you go to:
http://forums.tomcoyote.com/index.php?showtopic=7073&st=0&#entry32751

You can see the steps I went through with Daemon (four pages on site, over 50 pages if printed off). I made errors at
1. Renaming Windows to NOTWINDOWS instead of going to WindowsNT>Windows and renaming that to NOTWINDOWS.
2. Have at present in HKEY_LOCAL_MACHINE\Software\Microsoft>
the following three folders:
NOTWINDOWS
Windows
WindowsNT>CurrentVersion>Windows

So I obviously messed up on the renaming back to Windows.
And looks like I also messed up on re-enabling BHOs.
And apparently messed up on resetting security settings

Permissions are skewed also. I guess I will just go to each HKEY and copy down and type in here the permissions that are there,

AND also copy down the permissions that are on each of the above three Windows folders.

UNLESS you know a way I can somehow open up the registry and allow someone to look at it and figure out what I need to change??



To give you a better understanding of what I have in the HKEY, here is what is in

First key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NOTWINDOWS\CurrentVersion
and under that is:
+App Management
+App Paths
+Applets
Bits
+Control Panel
+Controls Folder
CSCSettings
+DateTime
+Dynamic Directory
+Explorer.



Proceeding down the tree, second key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
and under that is the above +(s) plus, starting with the +Explorer:
+Explorer
Extensions
H323TSP
+Hints
+Installer
+Internet Settings
IPConfTSP
MCD
+MediaContentIndex
+ModuleUsage
+MS-DOS Emulation
+Nls
OemStartMenuData
OptimalLayout
+policies
+Reinstall
+Reliability
+Run
Run-
Run-Disabled
RunOnce
RunOnceEx
RunServices
RunServices-
+Setup
SharedDLLs
+Shell Extensions
+ShellCompatibility
+ShellScrap
ShellServiceObjectDelayLoad
+SideBySide
SMDEn
+StillImage
+Syncmgr
+Telephony
ThemeManager
+Themes
+Unimodem
+Uninstall
+URL
+WebCheck
+WindowsUpdate
and Help, HtmlHelp, ITStorage and Shell which are not under the Current Version part of the tree but are part of the Windows sub-tree like CurrentVersion is.



Proceeding down the tree, part three is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT and under that is:
+CurrentVersion (which when opened contains):
+Accessibility
AeDebug
+Asr
+Classes
Compatibility
Compatibility32
+Console
Drivers
drivers.desc
+Drivers32
EFS
Embedding
Event Viewer
+File Manager
Font Drivers
FontDPI
FontMapper
Fonts
FontSubstitutes
GRE_Initialize
+Hotfix
+ICM
+Image File Execution Options
IME Compatibility
IMM
+IniFileMapping
LanguagePack
LastFontSweep
MCI
MCI Extensions
+MCI32
Midimap
ModuleCompatibility
+Network
+NetworkCards
+OpenGLDrivers
+Perflib
+PerHwIdStorage
Ports
Prefetcher
+Print
+ProfileList
related.desc
+SeCEdit
ServicePack
+Setup
+Storage
+SvcHost
+SystemRestore
+Terminal Server
+Time Zones
+Tracing
+Type 1 Installer
Userinstallable.drivers
Windows
+Winlogon
+WOW
WPAEvents

(The Windows in this third part of the tree is a folder without any subfolders.)

If I navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects and try to open, I am denied permission.
If I right click on it, I am told I do not have permission to view the current permission settings for browser helper objects but that I can make permission changes.

Does that make any sense? And will work on getting the permissions information done and ready to post if you want to try and help me with getting it back to what it should be.

Don

 

Hey Don,

I have just finished reading that thread that you linked to at Tom Coyote's Forum and will take a closer look @ this thread and that one again before commenting further. Right now Fubar is the only word I can think of.

We may also consider moving this thread to a more appropriate Forum since SpywareBlaster or SpywareGuard is definetly a secondary issue at the moment if at all.

 

HA! Are you sure your not from Texas?

 

Bubba,
I really hate to see that word FUBAR, guess it's a 'Nam thing.

Agree on moving it, I still want the SpywareGuard installed but in looking at the advanced security settings for all the different HKEY(s), I see that the owner on all of them is Administrator (FamilyRoom\Administrator) and as the account for JustUs2 is the account for my self, JustUs2 should probably be the owner in advanced settings for all the HKEY(s)

Weird, in user accounts under control panel, JustUs2 is listed as Administrator and I can change the kids limited accounts but I can't install SpywareGuard?

Let me know if you want to move it and where, and I have written down all the advanced security settings for all the HKEYS and will type them out in notepad or something and have them ready to post.?

Also, I did a current registry backup that I guess I could send as an attachment? and what I see from this end could be looked at from that end?

Don

 

Never mind the last, can't upload the registry backup due to being .reg type file.
Don

 

Don,

The only suggestion I have short of formatting is to export the below reg and then import the key back after you have carefully gone thru and changed each and every entry of the Key name NotWindows to Windows.While this may take awhile....the other suggestion of formatting is my only other suggestion. I hope someone comes along an offers a quicker fix but in ALL my years of assisting....I have never come across a case where someone has renamed the Windows key in the registry

Export this key---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NotWindows

After that we may then can visit the problem about Inherited\Uninherited.

 

Hi Bubba,
Exported it to desktop, opened with registrar, clicked on rename, renamed Windows and got "Error renaming"
So guess that is not going to work?

So, guess I need to figure out how to backup everything on this computer and get ready to re-format. Will have to be a drawn out process as is a Compaq so all the disks are proprietory (sp?), is no single disk that states is for WinXPHome.

So, if anyone comes up with another idea, would sure love to hear it.
Meanwhile, am going to start burning CD's to save all I can find on here.

Will check back here as well as check e-mail in case someone comes up with something.
Don

 

After you export the file....you can then open it with notepad in order to do all your editing.

 

Bubba,

OK, now see all the NOTWINDOWS now (Lots of them!) . So I rename everyone of them to WINDOWS and then how do I merge that back into registry?

Thanks
Don

 

Hey Don,

If you right click the file you should have a selection of merge and say OK when it asks if you want to merge. You have triple checked for all instances of....HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NotWindows ?

 

Bubba,
sorry, our life just kinda fell apart here. 1 year anniversary of death of our nephew and we lost another family member. Was more concerned with holding family together than worrying about computer.

Anyway, decided to just let it all alone. Somehow there seems to have been a copy of the windows folder made and I looked at it and the notwindows folder and the items in them are the same. the computer works fine so I am just going to leave it all alone now.

have regained full functions, have ownership of all HKEYs now so am just going to leave it alone.

thank you very much for your assistance and again, apologies for delay in reply.

Will probably see you on forums in future.
Don