Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help help help help


  • Please log in to reply
5 replies to this topic

#1 wadedrow

wadedrow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 27 September 2004 - 05:48 PM

I have tried every trick I know. I am locked out of just about every usable program. Taskbar is locked, desktop is locked, I have internet access (as you can see) but my email is not working. My open programs are not diplaying in the taskbar. System restore will NOT open. Norton is NOT working. AVG, Spybot, Ad-aware find no problems! Did something get screwy in the registry. Here is the log.

Logfile of HijackThis v1.97.7
Scan saved at 6:43:05 PM, on 9/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GTA\GNAT Box VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\GTA\GNAT Box VPN Client\IPSecMon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\GTA\GNAT Box VPN Client\SafeCfg.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\SYSTEM32\Restore\rstrui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\walkerw\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by The Empire Company
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://smbusiness.dellnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SprintPort] "C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GNAT Box VPN Client.lnk = C:\Program Files\GTA\GNAT Box VPN Client\SafeCfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://accelerator.bellsouth.net/sdccommon...oad/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = empireco.com
O17 - HKLM\Software\..\Telephony: DomainName = empireco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = empireco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = empireco.com

Please help! This is company laptop on a vpn connection.

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:02 PM

Posted 27 September 2004 - 06:17 PM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#3 wadedrow

wadedrow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 27 September 2004 - 06:46 PM

ok here it is.

Logfile of HijackThis v1.98.2
Scan saved at 7:45:07 PM, on 9/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GTA\GNAT Box VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\GTA\GNAT Box VPN Client\IPSecMon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\GTA\GNAT Box VPN Client\SafeCfg.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\SYSTEM32\Restore\rstrui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\walkerw\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by The Empire Company
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SprintPort] "C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GNAT Box VPN Client.lnk = C:\Program Files\GTA\GNAT Box VPN Client\SafeCfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://accelerator.bellsouth.net/sdccommon...oad/tgctlcm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = empireco.com
O17 - HKLM\Software\..\Telephony: DomainName = empireco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = empireco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = empireco.com

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:02 PM

Posted 27 September 2004 - 07:00 PM

Nothing bad here....you can fix this and you should be able to get back into the Internet Options control panel.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Are you sure you are set as a admnistrator of your machine?

#5 wadedrow

wadedrow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 27 September 2004 - 07:14 PM

Under system, it shows "administrator-RMT/Walker" that's me. I still cannot run system restore. My Outlook will not send/receive. It keeps telling me, operation failed. Anyway to know if I am the admin? Or reach a restore point. I was fine this morning.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:02 PM

Posted 28 September 2004 - 09:17 AM

Have you tried to use system restore in safe mode?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users