Sign in with
Sign up | Sign in
Your question

Cannot Delete Registry Key

Last response: in Windows XP
Share
Anonymous
August 17, 2005 8:47:36 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello, I am in the process of cleaning spyware off of a computer and
have almost completely cleaned it. However, one registry key remains
that just will not go away. The key is
HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
take ownership of this key, and I am logged in as an administrator of
this machine. I continually get a cannot delete registry key error.
Also, this is the only problem that is found in Spybot, and spybot will
not "fix" the problem either.

I have done all the major spyware and virus sweeps in safe mode, and
have followed normal best practices for removing spyware. This one key
eludes me. Can anyone help?

Thanks.

More about : delete registry key

Anonymous
August 17, 2005 9:07:37 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks for the response.

Unfortunately, I have done all of the prescribed steps. I have
assigned full control permissions on the invalid key, and have also
tried to take ownership of the key. For some reason, it will not allow
me to delete it. I am an administrator on this machine, and according
to the permissions on the bad key, I have full control. Any other
suggestions?

Thanks,
Brian

Wesley Vogel wrote:
> Forget regedt32, use regedit.
>
> [[Regedt32.exe
> In Windows XP and Windows Server 2003, Regedt32.exe is a small
> program that just runs Regedit.exe. ]]
> Differences Between Regedit.exe and Regedt32.exe
> http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
>
> Caution
> [[Incorrectly editing the registry may severely damage your system. Before
> making changes to the registry, you should back up any valued data on your
> computer. ]]
>
> Try this...
> Reset the registry permissions
> As soon as you have found the registry subkey that has the incorrect
> permissions, update the permissions for that subkey.
>
> To update the permissions of the registry subkey, follow these steps:
> a. Click Start, click Run, type regedit, and then click OK to start
> Registry Editor.
> b. Locate and right-click the registry subkey:
> and then click Permissions.
> c. Under Group or user names, click Administrators.
> d. Under Permissions for Administrators, make sure that the Allow check box
> for the following entries is selected:
> · Full Control
> · Read
> e. Click Apply, and then click OK.
> f. On the File menu, click Exit to quit Registry Editor.
>
> Open the Registry Editor again and see if you can delete the key now.
>
> If not, try this...
> Start | Run | Type: regedit | OK |
> Navigate to >>>
> the said key
> Right click the key in the left hand pane | Permissions... | Advanced
> button | Owner tab | click the new owner and then click OK.
>
> [[You can take ownership of a registry key if you are logged on as an
> administrator or if you have been specifically assigned the permission to
> take ownership of the registry key by the current owner. ]]
>
> See permissions, registry in Registry Editor HELP.
>
> To assign permissions to a registry key
> http://www.microsoft.com/resources/documentation/window...
>
> To assign special access to a registry key
> http://www.microsoft.com/resources/documentation/window...
>
> To grant Full Control of a registry key
> http://www.microsoft.com/resources/documentation/window...
>
> To add users or groups to the audit list
> http://www.microsoft.com/resources/documentation/window...
>
> To add users or groups to the Permissions list
> http://www.microsoft.com/resources/documentation/window...
>
> To remove a user or group from the Permissions list
> http://www.microsoft.com/resources/documentation/window...
>
> To take ownership of a registry key
> http://www.microsoft.com/resources/documentation/window...
>
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
> Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
> > Hello, I am in the process of cleaning spyware off of a computer and
> > have almost completely cleaned it. However, one registry key remains
> > that just will not go away. The key is
> > HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
> > take ownership of this key, and I am logged in as an administrator of
> > this machine. I continually get a cannot delete registry key error.
> > Also, this is the only problem that is found in Spybot, and spybot will
> > not "fix" the problem either.
> >
> > I have done all the major spyware and virus sweeps in safe mode, and
> > have followed normal best practices for removing spyware. This one key
> > eludes me. Can anyone help?
> >
> > Thanks.
Anonymous
August 17, 2005 9:56:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Forget regedt32, use regedit.

[[Regedt32.exe
In Windows XP and Windows Server 2003, Regedt32.exe is a small
program that just runs Regedit.exe. ]]
Differences Between Regedit.exe and Regedt32.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;141377

Caution
[[Incorrectly editing the registry may severely damage your system. Before
making changes to the registry, you should back up any valued data on your
computer. ]]

Try this...
Reset the registry permissions
As soon as you have found the registry subkey that has the incorrect
permissions, update the permissions for that subkey.

To update the permissions of the registry subkey, follow these steps:
a. Click Start, click Run, type regedit, and then click OK to start
Registry Editor.
b. Locate and right-click the registry subkey:
and then click Permissions.
c. Under Group or user names, click Administrators.
d. Under Permissions for Administrators, make sure that the Allow check box
for the following entries is selected:
• Full Control
• Read
e. Click Apply, and then click OK.
f. On the File menu, click Exit to quit Registry Editor.

Open the Registry Editor again and see if you can delete the key now.

If not, try this...
Start | Run | Type: regedit | OK |
Navigate to >>>
the said key
Right click the key in the left hand pane | Permissions... | Advanced
button | Owner tab | click the new owner and then click OK.

[[You can take ownership of a registry key if you are logged on as an
administrator or if you have been specifically assigned the permission to
take ownership of the registry key by the current owner. ]]

See permissions, registry in Registry Editor HELP.

To assign permissions to a registry key
http://www.microsoft.com/resources/documentation/window...

To assign special access to a registry key
http://www.microsoft.com/resources/documentation/window...

To grant Full Control of a registry key
http://www.microsoft.com/resources/documentation/window...

To add users or groups to the audit list
http://www.microsoft.com/resources/documentation/window...

To add users or groups to the Permissions list
http://www.microsoft.com/resources/documentation/window...

To remove a user or group from the Permissions list
http://www.microsoft.com/resources/documentation/window...

To take ownership of a registry key
http://www.microsoft.com/resources/documentation/window...


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
> Hello, I am in the process of cleaning spyware off of a computer and
> have almost completely cleaned it. However, one registry key remains
> that just will not go away. The key is
> HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
> take ownership of this key, and I am logged in as an administrator of
> this machine. I continually get a cannot delete registry key error.
> Also, this is the only problem that is found in Spybot, and spybot will
> not "fix" the problem either.
>
> I have done all the major spyware and virus sweeps in safe mode, and
> have followed normal best practices for removing spyware. This one key
> eludes me. Can anyone help?
>
> Thanks.
Related resources
Anonymous
August 17, 2005 10:12:47 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Reboot and try again. <shrug>

When something won't work the first time, I always try rebooting.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:1124323657.218189.96270@g14g2000cwa.googlegroups.com,
Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
> Thanks for the response.
>
> Unfortunately, I have done all of the prescribed steps. I have
> assigned full control permissions on the invalid key, and have also
> tried to take ownership of the key. For some reason, it will not allow
> me to delete it. I am an administrator on this machine, and according
> to the permissions on the bad key, I have full control. Any other
> suggestions?
>
> Thanks,
> Brian
>
> Wesley Vogel wrote:
>> Forget regedt32, use regedit.
>>
>> [[Regedt32.exe
>> In Windows XP and Windows Server 2003, Regedt32.exe is a small
>> program that just runs Regedit.exe. ]]
>> Differences Between Regedit.exe and Regedt32.exe
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
>>
>> Caution
>> [[Incorrectly editing the registry may severely damage your system.
>> Before making changes to the registry, you should back up any valued
>> data on your computer. ]]
>>
>> Try this...
>> Reset the registry permissions
>> As soon as you have found the registry subkey that has the incorrect
>> permissions, update the permissions for that subkey.
>>
>> To update the permissions of the registry subkey, follow these steps:
>> a. Click Start, click Run, type regedit, and then click OK to start
>> Registry Editor.
>> b. Locate and right-click the registry subkey:
>> and then click Permissions.
>> c. Under Group or user names, click Administrators.
>> d. Under Permissions for Administrators, make sure that the Allow check
>> box for the following entries is selected:
>> · Full Control
>> · Read
>> e. Click Apply, and then click OK.
>> f. On the File menu, click Exit to quit Registry Editor.
>>
>> Open the Registry Editor again and see if you can delete the key now.
>>
>> If not, try this...
>> Start | Run | Type: regedit | OK |
>> Navigate to >>>
>> the said key
>> Right click the key in the left hand pane | Permissions... | Advanced
>> button | Owner tab | click the new owner and then click OK.
>>
>> [[You can take ownership of a registry key if you are logged on as an
>> administrator or if you have been specifically assigned the permission to
>> take ownership of the registry key by the current owner. ]]
>>
>> See permissions, registry in Registry Editor HELP.
>>
>> To assign permissions to a registry key
>>
http://www.microsoft.com/resources/documentation/window...
>>
>> To assign special access to a registry key
>>
http://www.microsoft.com/resources/documentation/window...
>>
>> To grant Full Control of a registry key
>>
http://www.microsoft.com/resources/documentation/window...
>>
>> To add users or groups to the audit list
>>
http://www.microsoft.com/resources/documentation/window...
>>
>> To add users or groups to the Permissions list
>>
http://www.microsoft.com/resources/documentation/window...
>>
>> To remove a user or group from the Permissions list
>>
http://www.microsoft.com/resources/documentation/window...
>>
>> To take ownership of a registry key
>>
http://www.microsoft.com/resources/documentation/window...
>>
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
>> Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
>>> Hello, I am in the process of cleaning spyware off of a computer and
>>> have almost completely cleaned it. However, one registry key remains
>>> that just will not go away. The key is
>>> HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
>>> take ownership of this key, and I am logged in as an administrator of
>>> this machine. I continually get a cannot delete registry key error.
>>> Also, this is the only problem that is found in Spybot, and spybot will
>>> not "fix" the problem either.
>>>
>>> I have done all the major spyware and virus sweeps in safe mode, and
>>> have followed normal best practices for removing spyware. This one key
>>> eludes me. Can anyone help?
>>>
>>> Thanks.
Anonymous
August 18, 2005 8:43:11 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hey Fitz,

Yes I did try in safe mode. I have rebooted multiple times as well...

The key I am trying to delete is
HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\PSGuard

If anyone has any other ideas, it would be much appreciated. This
thing is stubborn.

Thank you!


Fitz wrote:
> I didn't see in your post if you tried to delete the key while in Safe Mode.
> By the way, what is the key you're trying to delete?
>
>
> "Brian Pritts" <capn.elwood@gmail.com> wrote in message
> news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
> Thanks for the response.
>
> Unfortunately, I have done all of the prescribed steps. I have
> assigned full control permissions on the invalid key, and have also
> tried to take ownership of the key. For some reason, it will not allow
> me to delete it. I am an administrator on this machine, and according
> to the permissions on the bad key, I have full control. Any other
> suggestions?
August 18, 2005 8:47:13 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I didn't see in your post if you tried to delete the key while in Safe Mode.
By the way, what is the key you're trying to delete?


"Brian Pritts" <capn.elwood@gmail.com> wrote in message
news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
Thanks for the response.

Unfortunately, I have done all of the prescribed steps. I have
assigned full control permissions on the invalid key, and have also
tried to take ownership of the key. For some reason, it will not allow
me to delete it. I am an administrator on this machine, and according
to the permissions on the bad key, I have full control. Any other
suggestions?

Thanks,
Brian

Wesley Vogel wrote:
> Forget regedt32, use regedit.
>
> [[Regedt32.exe
> In Windows XP and Windows Server 2003, Regedt32.exe is a small
> program that just runs Regedit.exe. ]]
> Differences Between Regedit.exe and Regedt32.exe
> http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
>
> Caution
> [[Incorrectly editing the registry may severely damage your system. Before
> making changes to the registry, you should back up any valued data on your
> computer. ]]
>
> Try this...
> Reset the registry permissions
> As soon as you have found the registry subkey that has the incorrect
> permissions, update the permissions for that subkey.
>
> To update the permissions of the registry subkey, follow these steps:
> a. Click Start, click Run, type regedit, and then click OK to start
> Registry Editor.
> b. Locate and right-click the registry subkey:
> and then click Permissions.
> c. Under Group or user names, click Administrators.
> d. Under Permissions for Administrators, make sure that the Allow check
> box
> for the following entries is selected:
> · Full Control
> · Read
> e. Click Apply, and then click OK.
> f. On the File menu, click Exit to quit Registry Editor.
>
> Open the Registry Editor again and see if you can delete the key now.
>
> If not, try this...
> Start | Run | Type: regedit | OK |
> Navigate to >>>
> the said key
> Right click the key in the left hand pane | Permissions... | Advanced
> button | Owner tab | click the new owner and then click OK.
>
> [[You can take ownership of a registry key if you are logged on as an
> administrator or if you have been specifically assigned the permission to
> take ownership of the registry key by the current owner. ]]
>
> See permissions, registry in Registry Editor HELP.
>
> To assign permissions to a registry key
> http://www.microsoft.com/resources/documentation/window...
>
> To assign special access to a registry key
> http://www.microsoft.com/resources/documentation/window...
>
> To grant Full Control of a registry key
> http://www.microsoft.com/resources/documentation/window...
>
> To add users or groups to the audit list
> http://www.microsoft.com/resources/documentation/window...
>
> To add users or groups to the Permissions list
> http://www.microsoft.com/resources/documentation/window...
>
> To remove a user or group from the Permissions list
> http://www.microsoft.com/resources/documentation/window...
>
> To take ownership of a registry key
> http://www.microsoft.com/resources/documentation/window...
>
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
> Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
> > Hello, I am in the process of cleaning spyware off of a computer and
> > have almost completely cleaned it. However, one registry key remains
> > that just will not go away. The key is
> > HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
> > take ownership of this key, and I am logged in as an administrator of
> > this machine. I continually get a cannot delete registry key error.
> > Also, this is the only problem that is found in Spybot, and spybot will
> > not "fix" the problem either.
> >
> > I have done all the major spyware and virus sweeps in safe mode, and
> > have followed normal best practices for removing spyware. This one key
> > eludes me. Can anyone help?
> >
> > Thanks.
August 18, 2005 9:39:15 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Try this link and see if it helps. Let us know.
http://www.bleepingcomputer.com/forums/How_to_remove_th...


"Brian Pritts" <capn.elwood@gmail.com> wrote in message
news:1124365391.824501.59070@g44g2000cwa.googlegroups.com...
> Hey Fitz,
>
> Yes I did try in safe mode. I have rebooted multiple times as well...
>
> The key I am trying to delete is
> HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\PSGuard
>
> If anyone has any other ideas, it would be much appreciated. This
> thing is stubborn.
>
> Thank you!
>
>
> Fitz wrote:
>> I didn't see in your post if you tried to delete the key while in Safe
>> Mode.
>> By the way, what is the key you're trying to delete?
>>
>>
>> "Brian Pritts" <capn.elwood@gmail.com> wrote in message
>> news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
>> Thanks for the response.
>>
>> Unfortunately, I have done all of the prescribed steps. I have
>> assigned full control permissions on the invalid key, and have also
>> tried to take ownership of the key. For some reason, it will not allow
>> me to delete it. I am an administrator on this machine, and according
>> to the permissions on the bad key, I have full control. Any other
>> suggestions?
>
August 18, 2005 9:57:46 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Also try this one:
http://labs.paretologic.com/spyware.aspx?remove=PSGuard


"Fitz" <SENDNOMAIL@hotmail.com> wrote in message
news:7J3Ne.142104$Kp2.13606489@twister.southeast.rr.com...
> Try this link and see if it helps. Let us know.
> http://www.bleepingcomputer.com/forums/How_to_remove_th...
>
>
> "Brian Pritts" <capn.elwood@gmail.com> wrote in message
> news:1124365391.824501.59070@g44g2000cwa.googlegroups.com...
>> Hey Fitz,
>>
>> Yes I did try in safe mode. I have rebooted multiple times as well...
>>
>> The key I am trying to delete is
>> HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\PSGuard
>>
>> If anyone has any other ideas, it would be much appreciated. This
>> thing is stubborn.
>>
>> Thank you!
>>
>>
>> Fitz wrote:
>>> I didn't see in your post if you tried to delete the key while in Safe
>>> Mode.
>>> By the way, what is the key you're trying to delete?
>>>
>>>
>>> "Brian Pritts" <capn.elwood@gmail.com> wrote in message
>>> news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
>>> Thanks for the response.
>>>
>>> Unfortunately, I have done all of the prescribed steps. I have
>>> assigned full control permissions on the invalid key, and have also
>>> tried to take ownership of the key. For some reason, it will not allow
>>> me to delete it. I am an administrator on this machine, and according
>>> to the permissions on the bad key, I have full control. Any other
>>> suggestions?
>>
>
>
!