We help IT Professionals succeed at work.

Registry damaged and can't access security tab and many other things

cavagnaro asked
Last Modified: 2008-07-31
Hi guys,
I have the following problem:
Sympthom 1:
My computer was working fine, suddenly after a reboot I lost Wireless Connections and LAN Network. I deleted the devices and recreated them, so I could navigate and work again.
Sympthom 2:
I tried to do a System Restore and it warned me that I had no enought priviledges (I'm a domain admin)
Sympthom 3:
When went to Event Viewer I couldn't access Security tab anymore prompting also that I had no enought permissions.
Sympthom 4:
Launched secpol.msc Tried to edit the "Manage the secutity and audinting registries" and when I double click it, it is grayed and warns me:
"This configuration is not compatible with equipments that executes Windows 2000 SP1 or previous. Apply group policies objects, that contain this configuration, only to equipments that executes a more recent version of the OS".
Now this is weird as I have XP SP2...
Sympthom 5:
I tried to do a VPN and now I only get:
Error 720: Unkown error after my user was correctly validated, this was on the TCP attempt to establish the connection. I know error 720 is well documented, however the warn for me is "Unkown Error" which is very strange. Tried to fix as a normal 720 but no success.

I installed the OS on another partition, was working fine like 24 hours and then exact same problem. I was poiniting to my AV Kaspersky however on this second installation there was no AV so it is discarded completely...right? The AV console is active and knows my PC...as same name was used.

Sympthom 6:
Same thing has happened on 5 other computers at my work, here happens something more notorious:
When user tries to login Explorer crashes (this time not to me) and what we have to do is delete the user profile and recreate it and he can login again BUT same problems related to securiy persists.

I found this question on MS forum (in spanish) which has exactly the same sympthoms however this is dated on 2005! And he had an Intel application and no solution provided ever.


Now as this is part of a multiple problem and can't reproduce I only point to things all PC's have in common:
1. AV discarded as my PC last time didn't had nothing of it installed
2. Computers on domain, can be however if it was a policy I think ALL computers on my GPO or others were similar users also were affected will be done. I'm the only domain admin affected up to now. The rest of users were simple users.
3. Exchange Server...not sure it can damage the system in that way...
4. Brands, ok on PC but not on Laptops, mine is a Lenovo T61 and have also happened on a HP and a Dell.

On my event viewer I can't see nothing significant.

Any idea?
Watch Question

Brands should not affect at all.I don't think is a gpo or exchange issue. To make sure, log in on safe mode. If you get the same lack of administration error, then is more than likely a virus. When it comes to malware cleanup, sometimes you have to hit it with multiple tools. The error "you dont have admin..." point very clearly to this.


I have found another clue:
On services the "Security Center" is stopped, when try to launch it it fails. On event viewer I get:
"The security center service stopped. A software policy group prevented its execution". Event ID 1807
Will try on Safe Mode


On Safe Mode same things happens.

I will start by running something like cccleaner or cleanup (my favorite). Then run several antispyware in a row till you get negatives. I normally use spybot, adaware, avg. Also, you can try, if you cannot install them, houscall y trend micro. Get Hijcakthis from trend micro and post the results, I will take a look,



This is Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:21 a.m., on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Archivos comunes\Lenovo\tvt_reg_monitor_svc.exe
C:\Archivos de programa\Archivos comunes\Lenovo\Scheduler\tvtsched.exe
C:\Archivos de programa\Lenovo\System Update\SUService.exe
C:\Archivos de programa\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Archivos de programa\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\Archivos de programa\ThinkPad\ConnectUtilities\ACTray.exe
C:\Archivos de programa\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Archivos de programa\Archivos comunes\Lenovo\Scheduler\scheduler_proxy.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Archivos de programa\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Archivos de programa\Lenovo\HOTKEY\TPONSCR.exe
C:\Archivos de programa\Lenovo\Zoom\TpScrex.exe
C:\Archivos de programa\BillP Studios\WinPatrol\winpatrol.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Alcatel-Lucent\My Instant Communicator\iCommunicator.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Archivos de programa\Opera\Opera.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\CleanUp\CleanUp.exe
c:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.alcatelunleashed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ­nculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ACTray] C:\Archivos de programa\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Archivos de programa\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Archivos de programa\Archivos comunes\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\Archivos de programa\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Archivos de programa\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [LPManager] C:\ARCHIV~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\ARCHIV~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\ARCHIV~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\ARCHIV~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\ARCHIV~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OmnitouchExtensions] "C:\WINXP\system32\wscript.exe" "C:\Archivos de programa\Alcatel-Lucent\Extensions\MyExtensions\OmnitouchUC_Word.vbs"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Archivos de programa\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [muBlinder] C:\LapTop Vista\MuBlinder\muBlinder.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MyInstantCommunicator] "C:\Archivos de programa\Alcatel-Lucent\My Instant Communicator\iCommunicator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - Startup: Recorte de pantalla e Inicio rĂ¡pido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Archivos de programa\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ebdperu.local
O17 - HKLM\Software\..\Telephony: DomainName = ebdperu.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ebdperu.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ebdperu.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Archivos de programa\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Archivos de programa\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINXP\system32\ibmpmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Archivos de programa\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Archivos de programa\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Archivos de programa\Archivos comunes\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Archivos de programa\Archivos comunes\Lenovo\Scheduler\tvtsched.exe

End of file - 8049 bytes


Ran Spybot and Ad-Aware and only found cookies and a bad registry key...

There are three entries like this :C:\ARCHIV~1\THINKV~1\PrdCtr\LPMGR.exe

What are those?

In the mean time, download memtest86 http://www.memtest86.com/ and run it to make sure that your memory is ok.


Those are software from Lenovo which include and manage my screen for expositions, visual adjustment, etc.


I run the memtest86 software and everything seems to be ok...
Thanks for the ideas...

Now time to test the  HD, Hitachi disk ftitness tests, http://www.hitachigst.com/


Hard disk is also ok...
Now just remember that this issue has been also ackowledged by another computers at my network...so I can't point on hardware issues for all of them at least...I appreciate all your help and ideas. So what is next?
This one is on us!
(Get your first solution completely free - no credit card required)
This one is on us!
(Get your first solution completely free - no credit card required)
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.