SpywareGuard install problems

Discussion in 'SpywareBlaster & Other Forum' started by Fokkerdon, Jun 5, 2004.

Thread Status:
Not open for further replies.
  1. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Tried to download and install SpywareGuard twice, both times I get error message:
    Error creating registry key
    HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\{4A368E80-174F-96B5-0B27DDD11DB2}
    RegCreateKeyEx failed ; code 5
    Access is denied. o_O

    Can't find anything on this in the data base FAQ.
    Need some assistance ASAP as I have already removed BrowserHijackBlaster.
    Thanks in advance.
    Don
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Fokkerdon - hello.

    I assume you don't have any type of application (registry protection) that prohibits registry entries? Also, do you have admin rights to your PC?

    Edit: One more thing - I see the registry entry concerns BHO's. Ensure you don't have something (some type of security software, like Spybot) prohibiting this type of entry.
     
    Last edited: Jun 5, 2004
  3. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Hi D&C,
    Apologies for not getting back sooner, things came up. :(

    OK, I am often dazed and confused myself ;) . Not real computer literate but --

    I don't think I have any kind of registry protection running??, (although when Daemon and I were working on getting rid of that about:blank and homeoldsp crap, we did have to rename a windows folder to notwindows and then when we renamed it back after getting rid of sqlipmn (the hidden file hijacker) it did not rename back to windows, it created another windows folder under the windows2000nt folder/file and left the notwindows file up there above.
    Daemon said just to leave it as is since the computer was finally!!! working right. This was on TomCoyote forums as SWI was offline at the time and that was the next forum I ran into.) but what would I be looking for as far as a program that would be providing registry protection??

    Yes, I have admin rights.
    Yes I have Spybot S&D 1.3 , latest detection update 5-29-2004 , in default mode with immunization running. Not sure if that could be blocking it or not, just not real computer literate. But it says it is running :
    "Permanent I.E. immunity"
    "Permanently running bad download blocker for internet explorer."
    Would either of these be causing the error?

    I have already uninstalled the BrowserHijackBlaster so that should not be the problem, right?

    Just tried to download and install it again and same results.

    Lost here, will be on and off computer most of afternoon checking stuff out.
     
  4. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    D&C
    Forgot :doubt: , I also have SpywareBlaster running. Also use Ad-Aware in conjunction with Spybot for scans. Also NAV.
     
  5. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Fokkerdon - It's been a while since I used Spybot, but I believe there are settings in there that have something to do with blocking BHO's. That might be preventing this registry entry. I'm not that technical a person, so I can't go into much detail. However, there are lots of Spybot users here at this forum, and most are very smart! :) Maybe one of them can chime in and tell us what they know about this.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Fokkerdon,

    Code 5 = The permissions of the individual logged on and running the program are not sufficient for the task attempted by the function.

    Having said that....do you have the below key present in your registry ?

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

    Edit: Sp
     
  7. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Thanx D&C,
    See a message from Bubba here. Will answer him and see what I can do.
    Thanks again
    Don
     
  8. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Hello Bubba,
    thank you for response.
    OK, I cannot see any HKLM(s) at all, all I see are HKEY(s). o_O
    Can you direct me in how to get to the HKLM(s) please?

    I right clicked on each HKEY and checked permissions>advanced and they do not look right to me, most all say "Uninherited".
    And there is something called Everyone in one or two of them that I believe should have been deleted when I worked with Daemon at TomCoyote on removing the about:blank and HOMEOldSP and SQLIPMN.dll browser hijackers but somehow I messed up that step. (I have copies of all messages from that many many days and many many messages he helped me with, including I believe all the hijack this and findall logs).
    I tried to go to BHO under one of the HKEY(s) and was denied access.

    HELPo_O?
    Don
     
  9. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Bubba,
    Is there any way I can copy off the registry entries and post so you can see what I have??
    Thanks
    Don
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Don,

    Those three comments leads me down the road that you do NOT have total Admin rights for whatever reason. Your either not signed on as a TRUE Admin or something else has screwed with the registry hive.

    Where I was headed with the question about the HKLM....53707962-6F74-2D53-2644-206D7942484F was to see if you at one time was succesful in creating an entry at that location. That key I was inquiring about is Spybot's SDHelper BHO....BUT since you can not even see the key....you have other issues that need to be addressed....I.E.....signin as a True Admin and if your sure you are....I'll have to scratch my head for a bit and wonder if your still infected with something.
     
  11. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Hi Bubba,

    OK, I looked at permissions for each HKEY I have in the registry tree and they have different settings for different HKEYs. I am going to go back into REGEDIT and just right click on each HKEY and then go to permissions, then to advanced and write down and then type out what I find there in all of them.

    I agree that somehow it is messed up. If you go to:
    http://forums.tomcoyote.com/index.php?showtopic=7073&st=0&#entry32751

    You can see the steps I went through with Daemon (four pages on site, over 50 pages if printed off). I made errors at
    1. Renaming Windows to NOTWINDOWS instead of going to WindowsNT>Windows and renaming that to NOTWINDOWS.
    2. Have at present in HKEY_LOCAL_MACHINE\Software\Microsoft>
    the following three folders:
    NOTWINDOWS
    Windows
    WindowsNT>CurrentVersion>Windows

    So I obviously messed up on the renaming back to Windows.
    And looks like I also messed up on re-enabling BHOs.
    And apparently messed up on resetting security settings

    Permissions are skewed also. I guess I will just go to each HKEY and copy down and type in here the permissions that are there,

    AND also copy down the permissions that are on each of the above three Windows folders.

    UNLESS you know a way I can somehow open up the registry and allow someone to look at it and figure out what I need to changeo_O??



    To give you a better understanding of what I have in the HKEY, here is what is in

    First key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NOTWINDOWS\CurrentVersion
    and under that is:
    +App Management
    +App Paths
    +Applets
    Bits
    +Control Panel
    +Controls Folder
    CSCSettings
    +DateTime
    +Dynamic Directory
    +Explorer.



    Proceeding down the tree, second key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    and under that is the above +(s) plus, starting with the +Explorer:
    +Explorer
    Extensions
    H323TSP
    +Hints
    +Installer
    +Internet Settings
    IPConfTSP
    MCD
    +MediaContentIndex
    +ModuleUsage
    +MS-DOS Emulation
    +Nls
    OemStartMenuData
    OptimalLayout
    +policies
    +Reinstall
    +Reliability
    +Run
    Run-
    Run-Disabled
    RunOnce
    RunOnceEx
    RunServices
    RunServices-
    +Setup
    SharedDLLs
    +Shell Extensions
    +ShellCompatibility
    +ShellScrap
    ShellServiceObjectDelayLoad
    +SideBySide
    SMDEn
    +StillImage
    +Syncmgr
    +Telephony
    ThemeManager
    +Themes
    +Unimodem
    +Uninstall
    +URL
    +WebCheck
    +WindowsUpdate
    and Help, HtmlHelp, ITStorage and Shell which are not under the Current Version part of the tree but are part of the Windows sub-tree like CurrentVersion is.



    Proceeding down the tree, part three is:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT and under that is:
    +CurrentVersion (which when opened contains):
    +Accessibility
    AeDebug
    +Asr
    +Classes
    Compatibility
    Compatibility32
    +Console
    Drivers
    drivers.desc
    +Drivers32
    EFS
    Embedding
    Event Viewer
    +File Manager
    Font Drivers
    FontDPI
    FontMapper
    Fonts
    FontSubstitutes
    GRE_Initialize
    +Hotfix
    +ICM
    +Image File Execution Options
    IME Compatibility
    IMM
    +IniFileMapping
    LanguagePack
    LastFontSweep
    MCI
    MCI Extensions
    +MCI32
    Midimap
    ModuleCompatibility
    +Network
    +NetworkCards
    +OpenGLDrivers
    +Perflib
    +PerHwIdStorage
    Ports
    Prefetcher
    +Print
    +ProfileList
    related.desc
    +SeCEdit
    ServicePack
    +Setup
    +Storage
    +SvcHost
    +SystemRestore
    +Terminal Server
    +Time Zones
    +Tracing
    +Type 1 Installer
    Userinstallable.drivers
    Windows
    +Winlogon
    +WOW
    WPAEvents

    (The Windows in this third part of the tree is a folder without any subfolders.)

    If I navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects and try to open, I am denied permission.
    If I right click on it, I am told I do not have permission to view the current permission settings for browser helper objects but that I can make permission changes.o_Oo_O

    Does that make any senseo_O? And will work on getting the permissions information done and ready to post if you want to try and help me with getting it back to what it should be.

    Don
     
  12. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Don,

    I have just finished reading that thread that you linked to at Tom Coyote's Forum and will take a closer look @ this thread and that one again before commenting further. Right now Fubar is the only word I can think of.

    We may also consider moving this thread to a more appropriate Forum since SpywareBlaster or SpywareGuard is definetly a secondary issue at the moment if at all.
     
  13. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    HA! :D Are you sure your not from Texas? ;)
     
  14. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Bubba,
    I really hate to see that word FUBAR, guess it's a 'Nam thing.

    Agree on moving it, I still want the SpywareGuard installed but in looking at the advanced security settings for all the different HKEY(s), I see that the owner on all of them is Administrator (FamilyRoom\Administrator) and as the account for JustUs2 is the account for my self, JustUs2 should probably be the owner in advanced settings for all the HKEY(s)o_O

    Weird, in user accounts under control panel, JustUs2 is listed as Administrator and I can change the kids limited accounts but I can't install SpywareGuard?

    Let me know if you want to move it and where, and I have written down all the advanced security settings for all the HKEYS and will type them out in notepad or something and have them ready to post.?

    Also, I did a current registry backup that I guess I could send as an attachment? and what I see from this end could be looked at from that end?

    Don
     
  15. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Never mind the last, can't upload the registry backup due to being .reg type file.
    Don
     
  16. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Don,

    The only suggestion I have short of formatting is to export the below reg and then import the key back after you have carefully gone thru and changed each and every entry of the Key name NotWindows to Windows.While this may take awhile....the other suggestion of formatting is my only other suggestion. I hope someone comes along an offers a quicker fix but in ALL my years of assisting....I have never come across a case where someone has renamed the Windows key in the registry :(

    Export this key---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NotWindows

    After that we may then can visit the problem about Inherited\Uninherited.
     
  17. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Hi Bubba,
    Exported it to desktop, opened with registrar, clicked on rename, renamed Windows and got "Error renaming"
    So guess that is not going to work?

    So, guess I need to figure out how to backup everything on this computer and get ready to re-format. Will have to be a drawn out process as is a Compaq so all the disks are proprietory (sp?), is no single disk that states is for WinXPHome.

    So, if anyone comes up with another idea, would sure love to hear it.
    Meanwhile, am going to start burning CD's to save all I can find on here.

    Will check back here as well as check e-mail in case someone comes up with something.
    Don :(
     
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    After you export the file....you can then open it with notepad in order to do all your editing.
     
  19. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Bubba,

    OK, now see all the NOTWINDOWS now (Lots of them!) . So I rename everyone of them to WINDOWS and then how do I merge that back into registry?

    Thanks
    Don
     
  20. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Don,

    If you right click the file you should have a selection of merge and say OK when it asks if you want to merge. You have triple checked for all instances of....HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NotWindows ?
     
  21. Fokkerdon

    Fokkerdon Registered Member

    Joined:
    May 3, 2004
    Posts:
    14
    Bubba,
    sorry, our life just kinda fell apart here. 1 year anniversary of death of our nephew and we lost another family member. :'( Was more concerned with holding family together than worrying about computer.

    Anyway, decided to just let it all alone. Somehow there seems to have been a copy of the windows folder made and I looked at it and the notwindows folder and the items in them are the same. the computer works fine so I am just going to leave it all alone now.

    have regained full functions, have ownership of all HKEYs now so am just going to leave it alone.

    thank you very much for your assistance and again, apologies for delay in reply.

    Will probably see you on forums in future.
    Don
     
Thread Status:
Not open for further replies.