[Resolved] Administrator disabled????????

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
I have windows xp pro. I am the only user. When i try to change the display properties i recieve this message "adminstator disabled display panel" . I read a similair post and it said to open regedit so i tried running regedit and I recieve this message "administrator disabled reg editing" Some one help? Can someone explain how that happened? cause i never changed those settings.
 
Joined
Feb 23, 2003
Messages
16,274
Log onto safe mode as administrator and you may be able to repair the user account.
 
Joined
Dec 9, 2000
Messages
45,855
Go to the Control Panel > User Accounts. Open your User Name and make sure it is configured for Administrative priveleges. Under "change account type", Administrator should be checked.

Run regedit from there and look for:

DisableRegistryTools

NodispCPL

usually under

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
 

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
I am the only person on this computer, I am the administrator. I can get acces to the registry only on the Administator account in safe mode. I have my own log on name and the Administator account that is only availible in safe mode. If I go into the registry from the Admin account will it make the changes to my personall account??
 

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
I tried HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

logged in as Administrator, but did not see anything like you mentioned. I have no access to the registry from my user name where the problem occurs. Please help!!!
 
Joined
Dec 9, 2000
Messages
45,855
I'm puzzled by what you are describing. You say you are normally logged in under your User Name, but you do not see that name in the User Accounts applet when logged in as "Administrator" in Safe Mode?

If your normal User Name is there, you must ensure it is enabled with Administrative priveleges. In User Accounts you must select the "change an Account" option to do this.

The registry changes sound like they were made through the Group Policy Editor. This is only available on XP Pro, which I do not have so I can't give you explicit instructions on using it.

However if you can access the registry in Safe Mode you should be able to find the settings. Try clicking Edit > Find and entering

DisableRegistryTools

And search the entire registry; the entry may be in HKLM rather than HKCU

Do the search with the file tree collapsed and My Computer hightlighted in the editor, or you may not get a complete search.
 

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
I did a search, found nothing.

when i start in safe mode i can choose between Administrator or My usual account.

I need help with this problem, You mentioned the group policy editor, could you explain what to do in it?

And yes i have XP pro.
 
Joined
Dec 9, 2000
Messages
45,855
Ok, when you are in Safe Mode and you see your User Account, does it say Adminstrator?

If not, select the "Change Account" option, then select "change account type" and select that account and check "Administrator"

I don't know how this could change unless you were hacked. Personally I don't use a password, but once you get this straightened out, you should probably enable one.

If all else fails you might try a System Restore if you know about when this began. You may have to to this from the Administrator's account.

But I don't see any reason why you can't give your User Name Administrative privelege.

I'm not familiar enought with the Group Policy Editor, gpedit.msc

to steer you through any use of it, but here is one MS link for it:

http://www.microsoft.com/technet/tr.../winxppro/proddocs/gpedit_startStandalone.asp
 

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
OK i do not think i mentioned this but, This happened yesterday I turned my computer on and i went to shut off the screensaver and i got the message about the Admin disableing it.

I read a similar post on this site and the answer was to go into the registry and change a setting. I ran regedit and got the message Admin disabled reg editing.

I could do these things a couple days ago. I recently found 2 viri on my comp win32.pinfi and the ronor.worm. Do you think those viri have anything to do with my problem?

Yes i see the administrator account in safe mode.
 
Joined
Dec 9, 2000
Messages
45,855
Give us a post of a HijackThis Scanlog and we may see if there is anything still on the system from the virus.

http://www.tomcoyote.org/hjt/

I know you see the "Administrator" account in safe mode, but do you also see your User Name and does it say "Administrator"? If your User Name does not say Administrator, then you must set it so by logging in under the Administrator login, and going through the "change account" process for your User Name.

More than one account can have Administrator priveleges, but they have to be enabled.
 

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
Yes my user account has administrator priveleges. I will be right back with the hijack log post
 

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
here you go, Thanks for helping me!


Logfile of HijackThis v1.97.2
Scan saved at 7:41:02 PM, on 9/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\conve.exe
C:\Program Files\CPUCooL\CooLSrv.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Z:\highjack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.180.101.44:8080
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM956\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30e0e0511e038ceb6a02/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://209.53.152.71/activex/AxisCamControl.ocx
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
 
Joined
Dec 9, 2000
Messages
45,855
Ok, several things.

1 -- we can see the disable regedit entry in HijackThis, whether it will be able to successfully fix it I don't know. You can also follow the Symantec instructions for copying and renaming regedit.exe to regedit.com and run it that way.

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

2 -- You still have this worm:

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

as indicated by this entry:

O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe

3 -- this is a complete unknown to me, do you know what it is?

C:\WINDOWS\conve.exe

How to fix...

I would reboot in Safe Mode and delete the file: systools.exe

Also remove the registry entry using HijackThis to "fix" it.

If you don't know what conve.exe is, just rename or send it to the recycle bin for now.

I don't know where it is starting from; it might be enabled as a service so you may get an error message on restart.

You can see from the Symantec link that it is responsibe for your access problems.
 

JimZ

Thread Starter
Joined
Jun 26, 2003
Messages
174
Wow, you are good!!!

I asked so many people about this and they thought I was Bull S***ing about having Admin priveleges.

Ok, I do not know what conve.exe is. I was wondering that also.


I tried deleting systools.exe but it will not let me.


how do I fix this?
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top