1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Administrator disabled????????

Discussion in 'Windows XP' started by JimZ, Sep 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    I have windows xp pro. I am the only user. When i try to change the display properties i recieve this message "adminstator disabled display panel" . I read a similair post and it said to open regedit so i tried running regedit and I recieve this message "administrator disabled reg editing" Some one help? Can someone explain how that happened? cause i never changed those settings.
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Log onto safe mode as administrator and you may be able to repair the user account.
     
  3. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    How do I repair the user account?
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Go to the Control Panel > User Accounts. Open your User Name and make sure it is configured for Administrative priveleges. Under "change account type", Administrator should be checked.

    Run regedit from there and look for:

    DisableRegistryTools

    NodispCPL

    usually under

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
     
  5. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    I am the only person on this computer, I am the administrator. I can get acces to the registry only on the Administator account in safe mode. I have my own log on name and the Administator account that is only availible in safe mode. If I go into the registry from the Admin account will it make the changes to my personall account??
     
  6. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    I tried HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

    logged in as Administrator, but did not see anything like you mentioned. I have no access to the registry from my user name where the problem occurs. Please help!!!
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm puzzled by what you are describing. You say you are normally logged in under your User Name, but you do not see that name in the User Accounts applet when logged in as "Administrator" in Safe Mode?

    If your normal User Name is there, you must ensure it is enabled with Administrative priveleges. In User Accounts you must select the "change an Account" option to do this.

    The registry changes sound like they were made through the Group Policy Editor. This is only available on XP Pro, which I do not have so I can't give you explicit instructions on using it.

    However if you can access the registry in Safe Mode you should be able to find the settings. Try clicking Edit > Find and entering

    DisableRegistryTools

    And search the entire registry; the entry may be in HKLM rather than HKCU

    Do the search with the file tree collapsed and My Computer hightlighted in the editor, or you may not get a complete search.
     
  8. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    I did a search, found nothing.

    when i start in safe mode i can choose between Administrator or My usual account.

    I need help with this problem, You mentioned the group policy editor, could you explain what to do in it?

    And yes i have XP pro.
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, when you are in Safe Mode and you see your User Account, does it say Adminstrator?

    If not, select the "Change Account" option, then select "change account type" and select that account and check "Administrator"

    I don't know how this could change unless you were hacked. Personally I don't use a password, but once you get this straightened out, you should probably enable one.

    If all else fails you might try a System Restore if you know about when this began. You may have to to this from the Administrator's account.

    But I don't see any reason why you can't give your User Name Administrative privelege.

    I'm not familiar enought with the Group Policy Editor, gpedit.msc

    to steer you through any use of it, but here is one MS link for it:

    http://www.microsoft.com/technet/tr.../winxppro/proddocs/gpedit_startStandalone.asp
     
  10. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    OK i do not think i mentioned this but, This happened yesterday I turned my computer on and i went to shut off the screensaver and i got the message about the Admin disableing it.

    I read a similar post on this site and the answer was to go into the registry and change a setting. I ran regedit and got the message Admin disabled reg editing.

    I could do these things a couple days ago. I recently found 2 viri on my comp win32.pinfi and the ronor.worm. Do you think those viri have anything to do with my problem?

    Yes i see the administrator account in safe mode.
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Give us a post of a HijackThis Scanlog and we may see if there is anything still on the system from the virus.

    http://www.tomcoyote.org/hjt/

    I know you see the "Administrator" account in safe mode, but do you also see your User Name and does it say "Administrator"? If your User Name does not say Administrator, then you must set it so by logging in under the Administrator login, and going through the "change account" process for your User Name.

    More than one account can have Administrator priveleges, but they have to be enabled.
     
  12. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    Yes my user account has administrator priveleges. I will be right back with the hijack log post
     
  13. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    here you go, Thanks for helping me!


    Logfile of HijackThis v1.97.2
    Scan saved at 7:41:02 PM, on 9/14/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\conve.exe
    C:\Program Files\CPUCooL\CooLSrv.exe
    C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    Z:\highjack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.180.101.44:8080
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM956\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30e0e0511e038ceb6a02/netzip/RdxIE601.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://209.53.152.71/activex/AxisCamControl.ocx
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, several things.

    1 -- we can see the disable regedit entry in HijackThis, whether it will be able to successfully fix it I don't know. You can also follow the Symantec instructions for copying and renaming regedit.exe to regedit.com and run it that way.

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    2 -- You still have this worm:

    http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

    as indicated by this entry:

    O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe

    3 -- this is a complete unknown to me, do you know what it is?

    C:\WINDOWS\conve.exe

    How to fix...

    I would reboot in Safe Mode and delete the file: systools.exe

    Also remove the registry entry using HijackThis to "fix" it.

    If you don't know what conve.exe is, just rename or send it to the recycle bin for now.

    I don't know where it is starting from; it might be enabled as a service so you may get an error message on restart.

    You can see from the Symantec link that it is responsibe for your access problems.
     
  15. JimZ

    JimZ Thread Starter

    Joined:
    Jun 26, 2003
    Messages:
    174
    Wow, you are good!!!

    I asked so many people about this and they thought I was Bull S***ing about having Admin priveleges.

    Ok, I do not know what conve.exe is. I was wondering that also.


    I tried deleting systools.exe but it will not let me.


    how do I fix this?
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - [Resolved] Administrator disabled
  1. Mumof21318
    Replies:
    1
    Views:
    318
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164664

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice