1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Fast something turned off my Firewall

Discussion in 'Virus & Other Malware Removal' started by Darlene C, Oct 12, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    Help fast, something turned off my firewall and I can't turn it back on it is saying I need a Supervisor or something. I am the only user and I just ran my Norton Anti Virus today and it was clean, I have not been to more than a couple places on the net today. I have Spybot and SpywareBlaster both updated today and checked. This happened just a while ago at 6.00 Eastern Time. What do I do now?
     
  2. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    Download HiJackThis from http://www.tomcoyote.org/hjt/ and unzip it.

    Then click the HiJackThis.exe.

    Click Scan.

    When it's done the "Scan" button changes to a "Save Log". Save the log file it creates (it should open in Notepad),

    Copy and Paste the results here in your post, so someone can determind what all is running in the background.

    Note: Do not attempt to fix anything till told too!
     
  3. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    Logfile of HijackThis v1.97.3
    Scan saved at 8:56:29 PM, on 10/12/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Darlene\My Documents\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnetdaily.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.6237615741
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
     
  4. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    After a couple of reboots it finally came back on, before I tried to block traffic and it said Restricted Accounts are not allowed to Block or Allow Traffic..When double clicking on any item in firewall it said "You do not have the necessary rights to configure the items you have double clicked" I am the only one on this computer.
     
  5. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    Did anyone find anything in my Hijackthis log?
     
  6. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    The only thing I see is

    O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)

    looks like a Xupiter leftover. Some of the more knowledegable members may see something I've missed.


    Run Hijack This a put a check by it had have it fix it.

    Then you can try Free Version of Ad-Aware 6

    and follow

    Ad-Aware 6: Reference Guide by Winchester73 instructions on how to update and use it.

    If that don't work, try to restore to a time before this happened using System Restore.
     
  7. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    Thanks VirtualMe,
    I will put a check next to that item. Is there any chance that could be my Merriam-Webster Dictionary I don't see it listed on the list above? I thought I removed Jupiter some time ago and this just happened yesterday. I defraged last night thinking this might be the problem but this morning it wouldn't come on again unit I kept rebooting it. Why would it say I need authorization? How would I change authorization if I am the only user? This is a home computer and I am it.
     
  8. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    If you go to http://www.spywareinfo.com/toolbars/ and scroll down to X {57E69D5A-6539-4d7d-9637-775DE8A385B4}: Xupitertoolbar.dll - Xupiter you see it is linked to Xupiter.

    I don't think it has anything to do with Merriam-Webster Dictionary.

    Your log don't show Xupiter as still being installed. It just shows a reference that was left in the registry after you unistalled it, and I don't think that whould have anything to do with your problem anyway.

    I'm new to Windows XP so I don't know my way around it very well yet.

    I don't know if a system restore before your troubles started will help or not, but may be worth a try.

    I had to use my system restore Saturday when I was messing around with my Windows XP. :D
     
  9. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Darlene, do you know what this entry is:

    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe

    :confused:
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  11. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Thanks flrman1. (y)

    Looks pretty cool, I'm tempted to download it myself.

    :)
     
  12. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    VirtualMe and Buckaroo,
    Thanks for the help, I will have it deleted. Bucharoo that is a "SysMetrix and it is really useful. I needed it when my CPU was at 100%, and nothing worked, now I can't be without it. It has controls for Winamp, Click on the Weather it gives the temp. from your local Airport, Ram used, Memory, Swap, click for e-mail, empty the trash, and more things are added every new version. You can get skins for it at WinCustomize also for your Windows XP. I will try to insert a picture of my recent desktop. The calender is Rainlendar and the thing in the middle is BeatNik clock and date. All are free except the WindowBlinds, but all the skins can be downloaded at WinCustomize also. You can change it whenever you want. I hope my firewall problem is solved soon. Maybe I will be having 2004 put on earlier than need be. Does anyone know if a new Firewall needs to be bought or just the Norton AntiVirus. I hope this picture turns out I never sent one before.
     

    Attached Files:

  13. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    Sorry, I had to send another desktop they said the first one was too big, but you can get an idea of what I am talking about the SystMetrix is at the top of Tierce with Golden apple. Check out WinCustomize http://www.wincustomize.com/skins.asp?library=1
     
  14. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    Here is another...
     

    Attached Files:

  15. Darlene C

    Darlene C Thread Starter

    Joined:
    Nov 16, 2002
    Messages:
    105
    One More...
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171511

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice