site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES

Search Topic:
 Uniqs:
1055		 Share Topic
Posting?
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

Syco C

join:2009-05-19
Nicholasville, KY

Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES

Okay first off we noticed there was no sound, we went to check on our soundcard and it acted like it didnt exist
I went to device manager to see if there was a conflict and it says MMC.EXE is not a valid win32 application

I went to download the malicious software removal tool, and it didnt allow it, and closed it, I tried to download the host expert restore program, I ran it, and when it went to restore the host file, it was denied.. said system 32 something

I searched on google and found alot of people with these problems but no solutions

in the search I found out other things that are also happening

I cant go to USERS under control panel to see if the account has ADMIN PERMISSION when this is the ONLY user account

We went to run a system restore to a week ago, sit here for 2 hours only to find out when it was done it said we didnt have sufficient privileges to change system or something like that.. basically its saying were not admin

I cant get into user to change it.. Im thinking there is a virus, but the thing is.. we had COMODO Firewall RUNNING, and NOD32 UP TO DATE, in which we just scanned and it found nothing..

here is the hijackthis log if u can find anything, and if u have any suggestions

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:04 AM, on 5/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: www.adobe.com
O15 - Trusted Zone: »www.adobe.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5777 bytes
to forum · permalink · 2009-05-19 01:46:48 · (locked)


Its a Secret
Please speak into the microphone
Premium
join:2008-02-23
Da wet coast
kudos:3

Mods: please move to Sec Cleanup

to forum · permalink · 2009-05-19 01:53:20 · (locked)

The Snowman
Premium
join:2007-05-20
kudos:4

reply to Syco C


Fully agree with my friend ITs a Secret........I was just curious when I noticed in the hijack log that the OP was using "anti-crash"...which is a very old program made for win98.....and dis-continued years ago....it installs a java applet that no one quiet understands what the applet does...(that was years ago, of course) also:
______________________
What is mmc.exe?
mmc.exe is the Microsoft Management Console application and is used to display various management plug-ins accessed from the Control Panel, such as the Device Manager. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems

_______________________

perhaps the folks in Clean-up will find use for this info.

to forum · permalink · 2009-05-19 02:05:17 · (locked)


Unknown_Poster

@verizon.net

reply to Syco C
You can boot into 'safe mode' (keep hitting F8 at startup).
When you get the menu, use the arrow keys on your keyboard to highlight 'safe mode', then log-in under the default 'Administrator' account (by typing in the word Administrator).

That will allow you to search around and do things, like see what's up with your user accounts.

to forum · permalink · 2009-05-19 02:20:17 · (locked)

Syco C

join:2009-05-19
Nicholasville, KY

reply to Syco C
sorry for posting in the wrong spot...i'll post again in security clean up...the anti crash was sent to me from a friend of mine. He said it would keep my programs from crashing....i wasn't aware that the program was so out of date. I am running Windows XP

to forum · permalink · 2009-05-19 02:41:54 · (locked)
Forums > Broadband Tech > Security > Security

Thursday, 31-May 05:29:35 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics