RegCreateKeyEx Failed: code 5

Thread Status:
Not open for further replies.
  1. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Hello, I am new to this forum but hoping I came to the right place.

    My computer recently was acting up, and I suspected a virus was the case. I installed a trial version of Kaspersky Anti-Virus and it found and deleted 2 backdoor Trojans. Everything seemed back to normal for a few days, now out of no where, the PC will just restart and the latest problem has been an error message I am getting while trying to install a program called "Driver Genius 2007" - I run the .exe and it goes all the way through setup, then fails with the following message:

    Error creating registry key: HKEY_LOCAL_MACHINE\SOftware\Microsoft\WIndows\CurentVersion\Uninstall\Driver Genius Professional Edition_2007_is1

    RegCreateKeyEx failed; code 5.
    Access is Denied

    I went into the admin setting and ran regedit32, allowed settings in the admin and current user panel, and it still is doing the same thing. Any help would be great.

    I really dont want to have to f-disk and reinstall windows, but if that's the case, could anyone reccomend a good way to clone my hard drive before I do so?
     
  2. Gandalf

    Gandalf The White Wizard Tech Member Elite Member PCHF $Donator

    Joined:
    Apr 27, 2007
    Posts:
    7,468
    Likes Received:
    1,012
    Local time:
    00:31
    My System
    Loading...

    *wel to PCHF.

    Please click on the PreWork in my signature area and follow the directions found there.

    Good Luck...
     
  3. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Gandalf, Thanks I am going through it all now but I have one problem... when I boot up in Safe Mode the screen is twice the size of my monitor, so I cant access all the options in AVG. I tried adjusting the monitor display in normal mode and it still is the same when I boot up in safe mode, without any possibilities of changing the screen size.


    Edit* I managed to get things to work ok despite the oversized display in safe mode.
     
  4. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Ok, I went through the pre-work instructions. Attatched are my logs from the scans.
     

    Attached Files:

  5. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Upon finding problems with safe mode display being too large, I attempted to update the driver from the intel website. The result was a driver that wouldnt work, and getting access denied errors when trying to reinstall or roll back the old driver. I went into the emachines live chat and authorized remote acces to my pc, they did the same things I have tried (disabling the devices in hardware manager), rebooted my pc, and it was still messed up. I restarted again, and all the problems seemed to be fixed, including getting access denied errors I was originally getting when I started this thread.

    I am still scratching my head over this, as to how they fixed everything by just changing some hardware driver settings... but at least things are back to normal for now it seems.
     
  6. Gandalf

    Gandalf The White Wizard Tech Member Elite Member PCHF $Donator

    Joined:
    Apr 27, 2007
    Posts:
    7,468
    Likes Received:
    1,012
    Local time:
    00:31
    My System
    Loading...

    Security...even though Scorpios says his computer is back to normal, I think the logs should be check.

    Moving this thread to the HiJackThis! forum

    Thanks...
     
  7. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Yes, I would like to know if everything is ok on my PC. Although most things seem to be acting normal, now when I try to install Zone Alarm, I keep getting an error message saying I need to do so from an Administrator account, which my normal login SHOULD be.
    Thanks.
     
  8. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    17:31
    My System
    Loading...

    Hi.
    Not sure if you are still getting help with this but you do have a Wareout infection that needs to be removed...

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:


    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.94 85.255.112.225
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.94 85.255.112.225

    Post a new log when done...
     
  9. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Thanks, I went through what you said. However, I didnt see the 017 logs in the HijackThis reports. Attatched are the logs from Fixware out and HijackThis. Please let me know if I need to do anything else, and thanks again.
     
  10. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    17:31
    My System
    Loading...

    Just need the HJT log....
     
  11. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Pancake, ok I attatched the most recent Hijackthis log in my last response. I still seem to be having issues installing Zone Alarm and for some reason, when logging into myspace the computer will just shutdown and restart, it was doing this when I originally started noticing evident problems, and happened again today.
     
  12. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    17:31
    My System
    Loading...

    I still dont see any HJT log ?? Maybe you should copy and paste it.
     
  13. Scorpios

    Scorpios Member Silver Member

    Joined:
    Jul 31, 2007
    Posts:
    187
    Likes Received:
    1
    Local time:
    09:31
    My System
    Loading...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:02:31 PM, on 8/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\sdpasvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Tony\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Audionews.ru
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = eMachines Computers
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
    O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - (no file)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Lexmark International, Inc. - (no file)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 9120 bytes
     
  14. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    17:31
    My System
    Loading...

    Thats about it now.All you need to do is remove this entry from the log...

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000

    and then update your java..


    It is very important to keep Sun Java up to date to help avoid exploitation by malware .
    The current version is Java Runtime Environment (JRE) 6.0
    Download the latest version of Java Runtime Environment (JRE) 6.0 .
    Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
    Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
    Proceed with reinstalling Java. Reboot.



    As there is no malware present all I can suggest with your My Space is to uninstall and them reinstall.If that does not help try one of the other forums as for Zone Alarm try these guys.CastleCops® Zone Alarm
     
  15. chiaz

    chiaz Well-Known Member Elite Member

    Joined:
    Jun 7, 2006
    Posts:
    4,685
    Likes Received:
    75
    Local time:
    08:31
    My System
    Loading...

    What issues are you having with ZoneAlarm Scorpio? I may be able to help in some ways.
     
Similar Threads
Forum Title Date
System Security RegCreateKeyEx failed; code 5 Apr 22, 2014
System Security RegCreateKeyEx failed; code 5 Jun 12, 2009
System Security RegCreateKeyEx failed; code 5, Access is Denied Nov 29, 2006
System Security Cocreateinstance Failed Malwarebytes 0×80040154 error message Jan 12, 2013

Thread Status:
Not open for further replies.