Error 1402.Could not open key:

[Ben]

When I try to install the Microsoft Antispyware program
that I downloaded on 3/19/05. I get this error.

"Error 1402.Could not open key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurentVersio
n\Run." Verify that you have sufficient access to that
key, or contact your support personnel.

I also get this error when trying to log onto the
administrator accout.

"Unable to log you on because of an account restriction."

The only thing I did before trying to install Microsoft
Antispyware was running a McAfee and Ad-Aware scan off a
BartsPE disc updated to 2/19/05. The scans found plenty
to delete. I also ran a Hijack This scan and deleted
everything in the long list. A few items remain. This is
what the Log looks like now.

"Logfile of HijackThis v1.99.0
Scan saved at 12:37:34 PM, on 03/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system\fiuvg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis99\HijackThis99.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O10 - Unknown file in Winsock LSP: c:\windows\system32
\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
\calsp.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)"

Any advice would be greatly appriciated. My email is
(e-mail address removed). Thank you.

 

[Monitor]

I like your post
Microsoft reads the posts here, and encourages users to
post feedback,
positive and negative.
Monitor

 

[Ron Kinner]

Bill Peterson kindly thought of me when he saw your
HijackThis log and asked me to look at it. He knows I
like to do HijackThis logs.

Usually the first login you set up on an XP Home will have
admin privileges by default. The error message you are
getting about the Administrator account is the one you get
if you do not boot into Safe Mode first. Hopefully that
is all it is or your first logon still has the Admin
rights. We are going to need Admin rights to fix
anything. Look at the following link and see if it helps
you log on as administrator.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;290109

From your log I can see that you have a process

C:\WINDOWS\system\fiuvg.exe

running. This is definitely part of your problem. Get
pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

Extract it to the folder you used for HijackThis and run
it. In the bottom right of the screen you will see a box
next to a yellow triangle with a ! in it. If you press on
the little down arrow you will get a list of running
processes. Select the fiuvg.exe and then press the yellow
triangle. I think it tells you that it will only stop the
process but tell it OK. Then copy and paste

C:\WINDOWS\system\fiuvg.exe

in the box where it says Full Path of File to Delete and
press the Red circle with white X. If it is able to
delete the file then good. Otherwise click on Delete on
Reboot or Replace on Reboot and try again.

You should also get lspfix.exe from:

http://www.cexx.org/lspfix.htm

Extract it to the same folder. Open it, Check I know what
I am doing and then highlight

calsp.dll
aklsp.dll

and move them to the right window and press Delete.

Reboot into Safe Mode (F8) without Networking.

Deleting everything blindly in a Hijack is not a good
idea. You kill off a lot of good things that way.
Hopefully you did not change the default config which
automatically makes backups. Run HijackThis and select
View The List of Backups from the Main menu or from the
Scan page, Configure then Backups. Delete All. Then run
press the Back button and run a new Scan and save the
log. Delete everything again and reboot into regular mode.

Run a new scan and log and send me both logs. While you
are waiting for a reply, get cwshredder and run it. Tell
it to Fix your system. IF it asks you if a file is random
tell it No but then ask me about it.

http://www.intermute.com/spysubtract/cwshredder_download.ht
ml

you want the StandAlone version of CWShredder. Resist any
attempts to sell you their demo.

Once logged into the system with admin rights and without
any obvious badguys running you can probably fix your
registry problem by running regedit (Start, Run, regedit,
OK). Drill down to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurentVersio
n\Run and up on the toolbar select Security then
Permission. Make sure your login and the system have full
control.

Ron

 

[Ron Kinner]

Oops. I meant to write Bill Sanderson

Ron

-----Original Message-----
Bill Peterson kindly thought of me when he saw your
HijackThis log and asked me to look at it. He knows I
like to do HijackThis logs.

Usually the first login you set up on an XP Home will have
admin privileges by default. The error message you are
getting about the Administrator account is the one you get
if you do not boot into Safe Mode first. Hopefully that
is all it is or your first logon still has the Admin
rights. We are going to need Admin rights to fix
anything. Look at the following link and see if it helps
you log on as administrator.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;290109

From your log I can see that you have a process

C:\WINDOWS\system\fiuvg.exe

running. This is definitely part of your problem. Get
pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

Extract it to the folder you used for HijackThis and run
it. In the bottom right of the screen you will see a box
next to a yellow triangle with a ! in it. If you press on
the little down arrow you will get a list of running
processes. Select the fiuvg.exe and then press the yellow
triangle. I think it tells you that it will only stop the
process but tell it OK. Then copy and paste

C:\WINDOWS\system\fiuvg.exe

in the box where it says Full Path of File to Delete and
press the Red circle with white X. If it is able to
delete the file then good. Otherwise click on Delete on
Reboot or Replace on Reboot and try again.

You should also get lspfix.exe from:

http://www.cexx.org/lspfix.htm

Extract it to the same folder. Open it, Check I know what
I am doing and then highlight

calsp.dll
aklsp.dll

and move them to the right window and press Delete.

Reboot into Safe Mode (F8) without Networking.

Deleting everything blindly in a Hijack is not a good
idea. You kill off a lot of good things that way.
Hopefully you did not change the default config which
automatically makes backups. Run HijackThis and select
View The List of Backups from the Main menu or from the
Scan page, Configure then Backups. Delete All. Then run
press the Back button and run a new Scan and save the
log. Delete everything again and reboot into regular mode.

Run a new scan and log and send me both logs. While you
are waiting for a reply, get cwshredder and run it. Tell
it to Fix your system. IF it asks you if a file is random
tell it No but then ask me about it.

http://www.intermute.com/spysubtract/cwshredder_download.h t
ml

you want the StandAlone version of CWShredder. Resist any
attempts to sell you their demo.

Once logged into the system with admin rights and without
any obvious badguys running you can probably fix your
registry problem by running regedit (Start, Run, regedit,
OK). Drill down to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurentVersio
n\Run and up on the toolbar select Security then
Permission. Make sure your login and the system have full
.