in the twilight zone

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

evyinia

Thread Starter
Joined
Dec 31, 2005
Messages
4
Hello,
I messed up during a download, and lost my administrator profile. So I rebooted in safe mode, and ran system restore. It the booted me into another area of my computer. It has a different administrator, and my son was the only profile present. When I tried to find myself, I couldnt, so I went into regedit and I wasnt active, but an administrator named "S-1-5-21-3247022818-307151660-2394032123-1007" is. I have none of my personal programs, I had to reinstall my information for my outlook express even.

When I check Security Task Manager, there are programs I dont recall seeing. One is LEXPPS.EXE and it says it is sending to my computer on port 0. It is also running Power Cinema Resident Program for Dell that is a PCM2 Launcher.

I have a son that has abused use of my computer and I put on restricted access. When he moved home (he is an adult, even if he doesnt act like one) I put in DSL and networked his computer with mine so he could use the internet. His computer died (he punched a whole into the laptop LCD monitor) so he has been using mine. I am wondering if he could have convinced my computer that it was also his, and has a different connection that brought me into this twilight zone that has nothing of mine located here.

I would love it if someone could tell me why my computer is doing this, if my son has anything to do with it, and how do I make it all go away so that I just have my computer for myself with no other accounts. I am VERY worried about the administrator that is the list of numbers rather than a name.

Can anyone please help me???? I am so frustrated, and scared that I have lost the pictures of my grandson in my "real" computer forever.
Thank you for any assistance,
evyinia
 
Joined
Mar 12, 2002
Messages
5,520
Howdy evyinia...

It the booted me into another area of my computer.
Not sure what area you are talking about here, can you elaborate ?

When I tried to find myself, I couldnt, so I went into regedit and I wasnt active, but an administrator named "S-1-5-21-3247022818-307151660-2394032123-1007" is.
This is probably your account that is miss-identified in the registry, your files "should" still be there but your account isn't being reconized, open My Computer - Documents and settings and see if your account is still there...

When I check Security Task Manager, there are programs I dont recall seeing. One is LEXPPS.EXE and it says it is sending to my computer on port 0. It is also running Power Cinema Resident Program for Dell that is a PCM2 Launcher.
LEXPPS.EXE is for your Lexmark printer, Power Cinema without looking it up I think would be for a DVD player ( maybe ? ), so I wouldn't worry about them...
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,345
may want to post a hijack this log, just for kicks....sounds like her son has installed god knows what on that machine.....
 

evyinia

Thread Starter
Joined
Dec 31, 2005
Messages
4
Hey ya'll,
Thanks for the responses.
JediMaster: The "weird place" was, I think, a partition. I have some logs that talk about partitions anyway. The places that talk about partitions have the owner as the numbers administrator or my son. I found a path to where I was and it said partion(2) so I tried to go to the number 1, and ended up crashing the computer. I reinstalled windows, but there is still stuff left over, that I have no idea if it should be on here or not.
The administrator thats all numbers and letters is still there. I couldnt figure out a way to copy and paste from the registry, and I didnt want to mess anything up by trying too much. Especially after I crashed the whole computer. From what I could understand, the numbers administrator is only active in the Current Configurations keys.
I'm glad the different programs weren't anything to worry about, I am doing enough of that already.
Valis:
Here is a HJT log that I just ran, post windows reinstall and Dell reinstall of components. So if I am missing anything, or have something I shouldnt, I will be waiting to hear. Hopefully I can C/P this ok:
Logfile of HijackThis v1.99.1
Scan saved at 8:35:57 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Evelyn Kotouc\Hijack This\hijackthis.exe

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Thanks again ya'll,
evy
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,345
jedi: to me that log looks pretty clean. But I am not a guru on this stuff yet. You see anything?
 

evyinia

Thread Starter
Joined
Dec 31, 2005
Messages
4
Oh, and I forgot, I have duplicate user my document files, but some wont let me delete them. I am afraid to mess it up again, so I havent done anything. How do I know if its safe to delete one? Also, I tried to open a file, and it said I didnt have the authority, because I wasnt the administrator. How do I get the computer to understand that I am the administrator, and not the numbers guy, or the one that I think was my son.
thanks bunches
evy
 

evyinia

Thread Starter
Joined
Dec 31, 2005
Messages
4
Last question, I promise, I am just really stressed so forgetful. I have no other users on the computer (that I am aware of) and I have a password on my user account. So is there any way that my son can still get into my computer???? It is a real pain in the butt to disconnect my computer and take it to bed with me at night.
thanks, and I will try and not think of anymore questions,
evy
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top