Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES

Author	All Replies
Syco C join:2009-05-19 Nicholasville, KY	Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES Okay first off we noticed there was no sound, we went to check on our soundcard and it acted like it didnt exist I went to device manager to see if there was a conflict and it says MMC.EXE is not a valid win32 application I went to download the malicious software removal tool, and it didnt allow it, and closed it, I tried to download the host expert restore program, I ran it, and when it went to restore the host file, it was denied.. said system 32 something I searched on google and found alot of people with these problems but no solutions in the search I found out other things that are also happening I cant go to USERS under control panel to see if the account has ADMIN PERMISSION when this is the ONLY user account We went to run a system restore to a week ago, sit here for 2 hours only to find out when it was done it said we didnt have sufficient privileges to change system or something like that.. basically its saying were not admin I cant get into user to change it.. Im thinking there is a virus, but the thing is.. we had COMODO Firewall RUNNING, and NOD32 UP TO DATE, in which we just scanned and it found nothing.. here is the hijackthis log if u can find anything, and if u have any suggestions Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:04 AM, on 5/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\LTMSG.exe C:\WINDOWS\System32\igfxtray.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\Integrator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Eset\nod32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: www.adobe.com O15 - Trusted Zone: »www.adobe.com O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 5777 bytes
Syco C join:2009-05-19 Nicholasville, KY	to forum · permalink · · 2009-05-19 01:46:48 · (locked)
Its a Secret Whatever Premium join:2008-02-23 U B Funny	Mods: please move to Sec Cleanup
	to forum · permalink · · 2009-05-19 01:53:20 · (locked)
The Snowman Premium join:2007-05-20 ·Verizon Online DSL	reply to Syco C Fully agree with my friend ITs a Secret........I was just curious when I noticed in the hijack log that the OP was using "anti-crash"...which is a very old program made for win98.....and dis-continued years ago....it installs a java applet that no one quiet understands what the applet does...(that was years ago, of course) also: ______________________ What is mmc.exe? mmc.exe is the Microsoft Management Console application and is used to display various management plug-ins accessed from the Control Panel, such as the Device Manager. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems _______________________ perhaps the folks in Clean-up will find use for this info.
The Snowman Premium join:2007-05-20 ·Verizon Online DSL	to forum · permalink · · 2009-05-19 02:05:17 · (locked)
Unknown_Poster @verizon.net	reply to Syco C You can boot into 'safe mode' (keep hitting F8 at startup). When you get the menu, use the arrow keys on your keyboard to highlight 'safe mode', then log-in under the default 'Administrator' account (by typing in the word Administrator). That will allow you to search around and do things, like see what's up with your user accounts.
Unknown_Poster @verizon.net	to forum · permalink · 2009-05-19 02:20:17 · (locked)
Syco C join:2009-05-19 Nicholasville, KY	reply to Syco C sorry for posting in the wrong spot...i'll post again in security clean up...the anti crash was sent to me from a friend of mine. He said it would keep my programs from crashing....i wasn't aware that the program was so out of date. I am running Windows XP
Syco C join:2009-05-19 Nicholasville, KY	to forum · permalink · · 2009-05-19 02:41:54 · (locked)


Saturday, 05-Dec 00:11:24	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF