please help regedit and safemode...please

I am using win xp sp-2 and facing some problems

1. regedit and taskman disabled (by admin)
2. Cannot install any kind of antivirus software
3. when I enter safe mode it says error 0*000000007B.
4. I used comboFix and The report is given to attachment.
5. gpedit->user configuration->admin templete->system->prevent access to registry editing tool->disable
but still cannot access to regedit

please please send the solution...Thanks.......

Greetings galib and Welcome to the Forums,

That combofix log you attached is from the second time you ran it. Can you post the log from the first run please? Thanks!

thanks a lot....here is the first combfix report.....please...

Copy the data in the code box below into notepad and save it as FixRegTools.reg
Set File type to "all files"

Double-click that file and confirm you want to merge it with the registry.

Reboot the computer. On your next reply, let us know if you are having any other issues. Thanks!

same result....regedit is desabled by ur admin...I changed the file types from tools->folder option->file types and set the .REG as "all files".am I right?I double clicked and it doesnot gives the confirmation to marge....when double clicked its says "regedit is disabled by admin"......please take a look again....thanks

Try it again with your ESET file protection disabled. Make sure you are logged on with "administrator" rights. You might also consider uninstalling Kaspersky unless you are able to keep it disabled for on demand use only.

I know ESET has a file protection component that wrestles with combofix...most often I have users uninstall it during a fix routine. If you still have issues, boot to safe mode and try it there. Post back your results.

I have just updated combofix and ran it...It ran without any problems...Then I ran windows in safe mode.for The first time I was able to access safe mode...In The safe mode Everything is ok(taskman and regedit).Then restarted my pc and canNot access to safe mode.It again gives the error 0*0000007B.

Then I accessed to normal mode and ran RegistryFix.exe and I have access to regedit for a few seconds!!!!Then again it disabled!!Then I copied RegistryFix.exe in every drive and double clicked on It and then Regedit is accessible for a few seconds for every drive ....Now it gives the same result and not accessable......What can I do now...?...Thanks for ur attention...

Let's have a better look at things. Please refrain from using combofix anymore unless you can assure me that you have been trained in it's proper use and know what to do if things get turned sideways on you by accident.

Please do the following:

Step 1
Please download the free utility DDS.

Disable any script blocker you may have running, then double click dds.scr to run the tool.

• When it completes, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop.

Step 2
Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to your desktop
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please agree to do so
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
• In the right panel, you will see several boxes that, by default, have already been checked. Please uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All <--don't miss this one
• Then click the Scan button & wait for it to finish
• Once the scan completes, click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save it where you can easily find it, such as your desktop

Do NOT take any action on any of these "<--- ROOKIT" entries without proper guidance from an expert user.

Please include the following logs in your next reply, Thanks!:

• DDS.txt
• Attach.txt
• ark.txt

Here is Three files.(unchecked show all) thanks

Uninstall the following software:
Ask Toolbar

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


KillAll::

File::
c:\windows\system32\rrt_vf.wav
c:\windows\system32\rrt_tv.wav
c:\windows\system32\rrt_tn.wav
c:\windows\system32\rrt_is.wav

RootKit::
c:\windows\system32\drivers\jogjrn.sys

Driver::
abp470n5

FireFox::
FF - ProfilePath - c:\docume~1\galib\applic~1\mozilla\firefox\profiles\u6ag15bz.default\
FF - prefs.js: browser.search.selectedEngine -

Folder::
c:\program files\Ask.com

DDS::
mRun: [RRT-Auto] D:\RRT.exe auto

here is the log....

While I review the log, return to post 4 and repeat those instructions. Post back those results. Thanks!

same result......I again created FixRegTools.reg according to post 4 and The result is same.....(regedit is disabled by ur admin)....

I am suspicious of several remaining files. Based upon some of them listed
Here, this could be related to a Virut infection. Virut in it's older version(s) can sometimes be removed but the newer variants are impossible to cleanup. Let's not jump the gun though just yet...I need you to take these files to a free on line scanner Here. Upload each one of these, one at a time of course, and save the results to post them back here. Thanks!

c:\windows\system32\mlfcache.dat
c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
c:\windows\new_reg.exe
c:\windows\regedit.exe
c:\windows\Installer\182c9c.msi

...by the way, I realize it's possible you used an online regfix tool available at PCTools having the same name as one of those files. However, if you did and found that it failed, then tried step two, then you did it wrong. That could also be part of this issue. If any of that sounds familiar then please search your memory and fill me in on what all you did exactly in the event that we may need to un-do it. Thanks!

I canot enter http://virscan.org/. I want to copy my valuable data into other HDD and format this one and make partition again.....Is it possible to get rid of the virus by doing this ? thanks