Changes to the registry administrator blocked

Whenever I try to enter regedit, I get above message (I tried to translate Danish).  I'm not aware that I did something to get into this situation- but how to make out of it.   I am running XP SP3

Delvist!

Such things sometimes come in these groups, and you can see one or several, so I just difficulty em all at once if they need fixing or not.

Even if you use a 'good' software of scans, it will usually leave these kinds of things only because they look like they could be legitimate changes made to the system and not infection.

And, if you have had this problem, everything you use for protection has failed you.

Not all programs scan all know.  Software to scan runs own does not mean there are no infecton.  It simply means that the scanning software does nothing that it recognizes.

The MBAM and SAS are good things to use.  SAS will usually just seem to find a lot of tracking cookies, but sometimes taken things MBAM have not - yet.

Do, or do not. There is no test.

I decided to implement the points for a new puppy instead of a pony!

Tags: Windows

Similar Questions

  • What can I do to change an XP registry administrator, but not allowed

    Computer is XP SP3. I'm in the management group. The only user. In the control panel listed as administrative rights. In the management of users and groups listed as administrative group. BUT I can't edit/change the registry somehow. Says not allowed. Error in editing the data. Cannot delete a test subkey.

    Basically, I'm locked out to make changes to the registry. WHY? And what I can do to fix this?

    Thank you.

    Three things, you might want to try.
    First of all, see if safe boot mode allows you access. (if a key is used, it may not let you delete it).

    Second, if it is a recent development, try to do a system restore to a point in time before it's a problem. If not, choose a system restore point a few days back and try anyway.

    "How to restore Windows XP to a previous state"
      <>http://support.Microsoft.com/kb/306084 >

    Thirdly, check if you have permissions to delete the key.  In Regedit, right click on the key-> permissions.  Even administrators can deny access to key (but you are not allowed to change the permissions).

    HTH,
    JW

  • Unable to make changes to the registry.

    Original title: The status bar notification

    I used to be able to go to regedit, theoretically/local settings, current version, and then in the notification bar and remove previous workflow icon and another thing after the cache then go to Explorer and delete, but now I can not do this way somehow.

    I already know how this hide them

    Hello

    Thanks for posting your query on the Microsoft Community.

    According to the description of the problem, you cannot make changes in the registry, that you were able to do before. The question might be if there is a file system corruption or corruption of the registry settings. Then, I suggest you to try the steps below and see if it helps.

    Method 1

    There could be a chance that there is a file system corruption. So, I suggest you run SFC scan and see if it makes a difference.

    The file system check is a utility built into the operating system that will check for the corruption of system files. The sfc/scannow command. (System File Check) analyzes the integrity of all protected operating system files and replaces incorrect versions, damaged, altered, or damaged with correct versions where possible.

    How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7.

    • Go to Start, click all programs and open the Accessories.
    • Right-click on command prompt in the list programs, and then select run as administrator. If you are prompted for an administrator password or for confirmation, type your password, or click OK.
    • In the command prompt, type the following command and press ENTER:

    sfc/scannow

    For more information, refer to this link:

    http://support.Microsoft.com/kb/929833/en-us

    Method 2

    If the problem persists, then there might be a corruption of the registry settings so, I suggest you to check the steps in the below mentioned thread and see if it helps you to solve the problem.

    Access denied - owner and/or setting permissions on the registry key

    Registry warning : This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base:

    You can use the following link to back up and restore the registry in Windows: http://support.microsoft.com/kb/322756/

    Hope it would help. If problem persists always post back with the current state of your computer and the result of the proposed suggestion, we will be happy to help you.

    Kind regards

  • Change via the registry account lockout policy

    I'm trying to change through the registry account lockout policy; However I can't find the way/keys relevant Registry. The specific setting I need to change is the LockoutDuration. The PC is a stand alone and is not on a domain.

    Does anyone know the specific keys, I need to enter or what buttons I should add to set the LockoutDuration 0 to 30?

    In this case, you can have a look at:

    http://support.Microsoft.com/kb/816118

    This could help you.

    According to the article, it would be:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout

  • How I undo these changes to the registry?

    Please, Please, Please read this completely and appropriate response.  I have 20 years of experience, so I understand the language, but I'm stuck here and what I don't want is a bunch of irrelevant answers to what I'm asking.

    I tried to solve the problem of not being able to see the photos in Photoshop and found what appeared to be a response to several in another forum. I need change the registry with a file I downloaded.  I knew to make a system restore point and thought it was all that I needed.  When changes did not work, I tried to undo some changes had been made to the registry, but the restore point keeps giving me an error that it cannot restore.  I am fully functional right now, but I really want to let my register changed, not knowing what has been published.
    This is the contents of the .reg file that I ran.
    ---------------------
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
    "C:\\Program Files (x 86) \\Common Files\\Adobe\\Shell\\psicon.dll"=dword:00000001.
    [HKEY_CLASSES_ROOT\.psd\ShellEx]
    [HKEY_CLASSES_ROOT\.psd\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1]}
    @= "{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}".
    [HKEY_CLASSES_ROOT\CLSID\ {0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}]
    @= "Photoshop icon Manager".
    [HKEY_CLASSES_ROOT\CLSID\ {0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D} \InProcServer32]
    @= "C:\\Program Files (x 86) \\Common.
    "ThreadingModel"="Apartment".
    ---------------------
    Because I did backup my registry manually, I you change manually.  But I don't know exactly how.  I see these registry keys, but I don't know if I should remove them or not.
    Can you tell me how I should go about it?  Can I just find and delete the keys above (I backed up my registry this time so at least if it doesn't work, I can restore it - I wish just that I had restored beforehand).
    Thanks for any instructions, you can provide.  If you do not know, please don't answer (I say this most respectfully).
    In the meantime, I have no way to see the thumbnails in Explorer Windows Adobe Photoshop again and I open Photoshop and manually review all files to find the ones I want.  Pain in the you know what...
    I'm under 64-bit Windows 8.  Thank you very much.
    Oh and by the way, is where I got the instruction to make these changes and the Adobe.reg file I used. http://www.Josh.biz/technical-notes/view-thumbnail-images-for-Photoshop-PSD-files-in-Windows/

    Unfortunately, your question cannot be answered as asked.  I don't know of all way to tell if these keys from registry/data amended existing registry information or were created as data and new keys.  If created as new then you could just delete them, but if they have modified existing entries and then removing them could cause system problems.  You can try to ask the source of the registry file you have merged to give you their provenances and their actions, but the part that there is really no way of knowing what they were doing.

  • How can I uninstall a progrm when the system administrator blocks? Who is the system administrator? If its me, how will I know what to do to correct the situation?

    I'm trying to uninstall SKYPE but I am stuck because the system administrator does not allow me.  Who is the system administrator?  If its me, how can I correct the situation?

    Hello

    If you forget the administrator password, and you do not have a password reset disk or another administrator account, you will not be able to reset the password. If there is no other user account on the computer, you will not be able to connect to Windows and you will need to re - install Windows.

    What to do if you forget your Windows password:

    http://Windows.Microsoft.com/en-us/Windows7/what-to-do-if-you-forget-your-Windows-password

    Microsoft's strategy concerning lost or forgotten passwords:

    http://support.Microsoft.com/kb/189126

  • KB971029 update will cancel my changes in the registry?

    If my registry is already configured to block the AutoPlay for all devices, update KB971029 Undo my changes and enable AutoPlay work on CD/DVD devices?

    Hi Dwight787,

    You can check the link below which contains information about the update and the changes that will apply. Update of the Autorun in Windows feature: http://support.microsoft.com/kb/971029

    With regard to:

    Samhrutha G S - Microsoft technical support.

  • How to stop an automatic change of the windows administrator password?

    Hello!

    This process could change a password for local administrator automatically during a restart on a Windows Vista business domain?

    The change is done automatically in about a week after the reset of the password by a domain administrator.

    How to stop auto change?

    Disconnect LAN cable for a moment to restart windows prevents the automatic modification of the password, but causes the windows user account blocking after several restarts of the tel.

    Concerning

    Administrateu

    I suggest you take a look at:

    http://TechNet.Microsoft.com/en-us/library/ee829687 (WS.10) .aspx

    It might help you.

    But if he will not try to do system restore and reset AD and GP or contact Microsoft Support.

  • You want to change the registry to restrict limited users.

    IOriginal title: backup of registry permissions.

    I found a few customizations that involves changing the registry permissions rather than the entries to allow limited users to do some harmless things that seem to require an account administration.
    Things like change the profiles of power and using Java.

    I am well aware of the importance of a key export before making changes, but which affects permissions, or just the contents of the key, if I try ot restore it? Given the format of a REG file, it seems to be just the content.

    Creating a system restore point be the best way to make the backup in case I live? I think what happens if I accidentally click on the wrong thing and take away the permission rather than add it. Of course, I intend to be careful, but I never know if I'll be surprised or something and saw things. A lesson I learned at the time of the Apple II when my cat (may she rest in peace, I have not had since) jumped on the keyboard and the FUBARed the floppy disk in the computer.

    Hi SlickRCBD2,

    If you export a key before making changes to the registry, it will not affect the set of permissions on your computer.

    I suggest you create a system restore point before making any changes on the computer.

    How to set a system restore point in Windows XP?

    You can follow these links & check if it helps.

    How to back up and restore the registry in Windows XP?

    How do to set or change registry editing permissions in Windows XP or Windows Server 2003?

    Hope the helps of information.
    Please post back and we do know.

  • Can I change the default windows folder explore in the registry? No shortcuts fixed please.

    How can I change the default folder, windows Explorer opens in just to run and type "explorer". I know that I could type in extra stuff, for example "explorer.exe C:\somedir\stuff\" but I prefer to be able to put it permanently in the registry so that when I type explorer.exe (no extra stuff) it should open where I want. Is this possible? What registry entry be? I do not use desktop shortcuts or shortcuts, start changing them, that's not what I'm looking for.

    If it was going to be everywhere, so it would probably be somewhere in this multi key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer branches, but that the use of parameters on the end of the "shortcut" probably is used to send instructions from command line directly on the .exe, it is more likely it is that stored anything in the registry?

    Many setup programs accept command line parameters yet Windows will have no knowledge of these programs, so that they are installed it is why I think that it would be futile in the search for a registry location?  I could be completely wrong of course and bow to the superior knowledge.

    You could use an article like this one to make some changes and use the following (RegShot) program to see what has changed in the registry, if anything.

    How to customize the Windows Explorer views in Windows XP
    http://support.Microsoft.com/default.aspx?scid=kb;en-us;307856 & SD = Tech #AppliesTo

    If you want to really dive in and get dirty, you could take a snapshot of your registry before you make the change and the other afterwards and see if you can pick up any changes.  This little freeware program can help you achieve this goal.

    http://www.Softpedia.com/get/tweak/registry-tweak/reg-shot.shtml

  • What are the security risks by allowing a program to change the registry keys in Windows 7, without knowing what are the changes?

    Original title: security risks by allowing a program to change the registry keys in Windows 7, without knowing what are the changes?

    What are the security risks by allowing a program to change the registry keys in Windows 7, without knowing what are the changes?

    Hello

    If you had made any changes in the registry without taking the backup copy of the registry, then there could be chances that your computer can find themselves in no situation to start and finally end up in the reinstallation of the operating system; This is why it is recommended to take a backup changed in the register of representation.

    Before editing a registry key or subkey, we recommend that you export, or make a backup copy of the key or the subkey. You can save the backup copy to a location that you specify, for example, a folder on your hard drive or a removable storage device. If you make changes that you want to cancel, you can import the backup copy.

    . Are what program you referring?

    Warning: Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up the registry, click on the number below to view the article in the Microsoft Knowledge Base:

     

    Back up the registry:

    http://Windows.Microsoft.com/en-us/Windows7/back-up-the-registry

    Let us know the status of the issue. If you need help, please after return. We will be happy to help you.

  • OBIEE Patch - the registry changes?

    All,

    I'm looking for a definitive answer on this but have not been able to find. When I apply a fix, for example, I'm about to apply patch 11.1. 1.6.6 to the system, does make changes to the registry?

    No he won't do any changes to the registry.

    Mark as correct if it is useful.

    Thank you.

  • Update the registry access denied problem

    Hi all
    I use win7 ultimate x 64 as a MSDN. English version.

    This week I tried to install privateinternetaccess.com's private Internet access software.

    The installation failed and it turns out that I have some sort of error message access denied on updates of the register.

    I just tried to upgrade to the latest version of vmware player and I get this message:

    The MSI failed "C:\users" (the msi vmware)

    Could not write value for the \system\currentcontrolset\services\vmware\performance key. Check that you have sufficient access to that key or contact your support team.

    Since this is the second product which complained access refused to write a registry entry, I think that the problem is really that there is a problem in writing to registry entries. I'm an admins on the machine and I am the only user of the machine. I have had the machine for three years so I admined in my user name years.

    I went looking for a restore point that is usually automatically created by windows update. But when I checked for restore points there is not. This seems odd. I've seen windows update tell me he was creating restore points.

    What I want to do is to see if I can go back to a previous state relatively easily. But I can not find the opportunity to go back through the windows update process. Because I thought that windows update took points of restoration and protection of the disks in drive C is turned on I didn't manually restore points.

    So my questions are:

    Q1. Has anyone seen a problem where the ability to write registry keys is suddenly disabled for a user who is an administrator? I can't imagine just trying to install privateinternetaccess has disabled my ability to update registry keys. There must be something else that would have caused this. I also had Director of windows fails, and I could not make it work for a few months. It could be related.

    Q2. If I did not restore points manually and the disk protection is enabled for the drive C and windows update has updated the operating system for years. How should I go back a month or two, through the windows update option? Is it possible to do?

    Q3. If I can reinstall everything else fails. I put the MSDN DVD in the machine to run through the process of preparation for resettlement. When he asks if I want to update or install quite a new OS with none of the backup files, I said it upgraded. But in the phase of 'control' it says that the OS on the machine is newer than the operating system on the DVD (DVD win7 is 2009). So I wonder if I would have to reinstall the OS from scratch.

    This has been a very annoying problem. I can't, for the life of me, find out how my ability to write to the registry is blocked as an admins. I can only imagine that there is some sort of permissions problem where something said that writing in the register should be blocked. The only thing I can imagine is that some app, perhaps privateinternetaccess has changed a few settings to block updates.

    Another thing. I recently bought a small mp3 to wear while jogging. He was not able to find the update of the driver on this machine, so I tried to plug it into my laptop running win7 as well. The pilot was found immediately. It was a week ago. So this could be another symptom of this problem where the driver for an mp3 player was not found.

    Any pointers would be greatly appreciated. Thank you in advance if you're able to point me in the right direction on this one.

    PS. I found this entry.

    http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7-system/access-denied-setting-owner-andor-permissions-on/71cdd66a-75Ce-4E79-BACE-89637e0dacae

    So I went in regedit as admins and looked over my permissions for the local computer. I am an administrator and full permissions for the registry entries. I see that the key of vmware isn't there and this would confirm that I wasn't able to write the registry key in the installation process. So it seems quite as my user is blocked update registry entries for a reason any.

    PPS. I've logged on username administrator and also tried installing vmware player and received the same message. So not even administrator has the ability to write to the registry for the moment. ?? very strange.

    Best regards

    Peter

    If you still get the problem of the erratically during the installation with elevated privileges, I would advise you all to first uninstall any partial installation of vmware/privateinternetaccess programs using the Revo uninstall utility.  The program comes in freeware or professional and freeware is not a "paralyzed" piece of software. The software quickly and completely uninstall the software that won't leave your computer and will catch installs partial which do not arise with the traditional programs and feature, uninstall native utility Windows.

    Professional and Revo Uninstaller Freeware

    When your system was purified of any previous attempts installation, perform a clean boot to prevent outside process interfere with the installation process.

    How to perform a clean boot for a problem in Windows Vista, Windows 7 or Windows 8

    This will start Windows conventional (i.e. not safe boot) and allow you to install the software. If you restart the installation process using run as administrator , I suspect you will have success.

  • I try to install the latest Java and I get a Windows Installer error message: the system administrator has set policies to prevent this installation.

    I am running XP Home Edition.   It is in Mode without failure. I get the same error trying to install no mode without failure.
    I tried to install using IE8 and Firefox, and I'm administrator.
    I can't find where to change the settings!  Help?

    You anti-virus app may have made a change in the registry.

    If you are in a Corp. environment administrator can prevent it.

  • Problem to save the changes to the register at the next reboot

    Hello

    I've been infected 2 days ago and Windows Update does more (error code 80246008). So I cleaned the files corrupted with MicrosoftFixit found on the Web.

    Finally, I got the BITS service works again with the next batch, who calls himself the file 'BITS.reg ': program

    SC create BITS binpath = "c:\windows\system32\svchost.exe-k netsvcs" = delayed auto start
    Regedit /s c:\Users\fab\Desktop\BITS. REG
    net start bits
    rmdir /q /s %windir%\SoftwareDistribution
    regsvr32 /s c:\windows\system32\wuaueng.dll
    regsvr32 /s wuaueng1.dll
    regsvr32 /s atl.dll
    regsvr32 /s c:\windows\system32\wups.dll
    regsvr32 /s wups2.dll
    regsvr32 /s wuweb.dll
    regsvr32 /s c:\windows\system32\dllcache\wucltui.dll
    net start wuauserv

    I have run this command as an administrator file and the BIT key appears in the registry with Windows Update work very well.

    The problem is that the changes in the registry is not taken into account for the next boot of Windows 7     : I no longer see the BIT key and I have to run this program bacth whenever there is a new startup of Windows 7.

    Is it a straight issue of permissions on this key? I have change the owner as an administrator?

    Here is the BITS.reg file:

    ------------------------------------------------------------------------------------------------------------------------

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    'DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000 '.
    "ImagePath" = hex (2): 25, 00, 53, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6 d, 00, 52, 00, 6f, 00, 6f, 00,------.
    74,00,25,00, 5 C, 00, 53, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6 D, 00, 33, 00, 32, 00, 5 C, 00, 73,------.
    00,76,00,63,00,68,00, 6f, 00, 73, 00, 74, 00, 2nd, 00, 65, 00, 78, 00, 65, 00, 20, 00, 2d, 00,------.
    6 b, 20, 00, 00, 6F, 00, 65, 00, 74, 00, 73, 00, 76, 00, 63, 00, 73, 00, 00, 00
    'Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001 '.
    "LocalSystem ObjectName"=""
    "ErrorControl" = DWORD: 00000001
    "Start" =: 00000002
    "DelayedAutoStart" = DWORD: 00000001
    'Type' = dword:00000020
    "DependOnService" is hex (7): 52, 00, 70, 00, 63, 00, 53, 00, 73, 00, 00, 00, 45, 00, 76, 00, 65, 00,------.
    6th, 00, 74, 00, 53, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6 d, 00, 00, 00, 00, 00
    "ServiceSidType" = DWORD: 00000001
    "RequiredPrivileges" is hex (7): 53, 00, 65, 00, 43, 00, 72, 00 65 00, 61, 00, 74, 00, 65, 00, 47,------.
    00, 6 c, 00, 6f, 00, 62, 00, 61, 00, 6 c, 00, 50, 00, 72, 00, 69, 00, 76, 00, 69, 00, 6 c, 00, 65, 00,------.
    67,00,65,00,00,00,53,00,65,00,49,00, 6 d, 00, 70, 00, 65, 00, 72, 00, 73, 00, 6f, 00, 6,.
    00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00, 6 C, 00, 65, 00, 67, 00, 65, 00,------.
    00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00, 6 C, 00, 65,.
    00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00, 6F, 00, 50, 00,------.
    72,00,69,00, 6 d, 00, 61, 00, 72, 00, 79, 00, 54, 00, 6f, 00, 6 b, 65, 00, 00, 6F, 00, 00, 50, 72,------.
    00,69,00,76,00,69,00, 6 C, 00, 00, 65, 00, 67, 00, 65, 00, 00, 00, 53, 00, 65, 00, 49, 00, 6F,
    63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00, 6f, 00, 74, 00, 61, 00, 50, 00, 72,------.
    00,69,00,76,00,69,00 6 C 00, 65, 00, 67, 00, 65, 00, 00, 00, 00, 00
    "FailureActions" = hex: 80, 51, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 00, 00, 14, 00, 00,------.
    00,01,00,00,00,60, EE, 00, 00, 01, 00, 00, 00, c0 d4, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
    "ServiceDll" = hex (2): 25, 00, 53, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6 d, 00, 52, 00, 6f, 00, 6f,
    00,74,00,25,00, 5 C, 00, 53, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6 D, 00, 33, 00, 32, 00, 5 C, 00,------.
    71.00, 6 d, 00, 00, 72, 67, 00, 2nd, 00, 64, 00, 6 c, 00, 6 c, 00, 00, 00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance]
    "Library"="bitsperf.dll."
    "Open" = "PerfMon_Open."
    "Collect"="PerfMon_Collect."
    "Close" ="PerfMon_Close."
    "InstallType" = DWORD: 00000001
    "PerfIniFile"="bitsctrs.ini."
    "First of all Counter" = dword:00000774
    "Last Counter" = dword:00000784
    "First aid" = dword:00000775
    "Last Help" = dword:00000785
    "Object list"="1908."
    'PerfMMFileName '=' Global\\MMF_BITS_s. '

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security]
    "Security" = hex: 01, 00, 14, 90, 90, 00, 00, 00, a0, 00, 00, 00, 14, 00, 00, 00, 34, 00, 00, 00, 02,------.
    00,20,00,01,00,00,00,02, c0, 18, 00, 00, 00, 0c, 00, 01, 02, 00, 00, 00, 00, 00, 05, 20, 00,------.
    00,00,20,02,00,00,02,00, 5 c, 00, 04, 00, 00, 00, 00, 02, 14, 00, ff, 01, 0f, 00, 01, 01, 00,------.
    00,00,00,00,05,12,00,00,00,00,00,18,00, ff, 01, 0f, 00, 01, 02, 00, 00, 00, 00, 00, 05,------.
    20,00,00,00,20,02,00,00,00,00,14,00, 8 d, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05, 04,
    00,00,00,00,00,14,00, 8 d, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05, 06, 00, 00, 00, 01, 02,------.
    00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,------.
    00,20,02,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum]
    "0" = "Root\\LEGACY_BITS\\0000."
    "Count" = DWORD: 00000001
    "NextInstance" = DWORD: 00000001

    ----------------------------------------------------------------------------------------------------

    Any help would be appreciated

    Maybe the virus or parts of it is still there. Here are some tests I ran:

    • Reboot safe mode to check if the problem persists.
    • Restart in Repair Mode, and then load the system hive (probably located on drive C :) to check if the key has survived the shutdown process.
    • Create the artificial key HKLM\SYSTEM\CurrentControlSet\Services\BITSTest and fill it with some values and data to see if the problem affects a new key or if it focuses on the BITS.
    My own attitude is that an infected machine is a compromised machine. I don't have the time or patience to do battle with these facilities.

Maybe you are looking for