Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: SFC and Trusted Installer? Is this normal?

18 Dec 2013   #31
Netlace

Windows 7 starter 32bit
 
 

Whatever is on all of our computers has somehow affected the running of things. I know I need to clear the three Legacy drivers to stand a chance. I had the paid version and it blocked a OUTgoing to Korea and after that it said it was outdated by 253(or so) days. This is the same thing this said for 1st use. I have ccleaner and it is not doing right either. Whatever is on our computers is clever, and must appear normal to all programs. I am lost what to do...


My System SpecsSystem Spec
.
18 Dec 2013   #32
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Reading through this thread again in my opinion you have infected computers. With what I don't know. Something is stopping you from using basic programs and installing security programs. Those are signs of a possible infection.
If they were my computers I would go to the Security section of our Forum and post. Let the security experts give you a hand.

System Security - Windows 7 Help Forums
My System SpecsSystem Spec
18 Dec 2013   #33
Netlace

Windows 7 starter 32bit
 
 
mbam/malwarebytes log

Here is a SystemLook of Mbam. Also one for Ccleaner
I cant believe how many special logons have took place today alone.


Attached Files
File Type: zip SystemLook mbam.zip (2.1 KB, 3 views)
File Type: zip SystemLook cc.zip (1,006 Bytes, 0 views)
My System SpecsSystem Spec
.

18 Dec 2013   #34
carwiz

Windows 7 Pro-x64
 
 

I just joined the thread and was looking at previous posts. The -18, 19 and 20 are system services and normal.

Code:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2452422238-2317045706-931954555-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2452422238-2317045706-931954555-501
These two SIDs are disturbing. The S-1-5-21-xxx-501 is a Guest Account that doesn't need a password. By default, Windows disables Guest Accounts.
I'm not sure what the SID S-1-5-21-xxx-1000 might be but it's assigned to the same domain (class). It could have Administrative rights to control a network group.

It sure looks like someone has a back door into your system. There's probably logging going on so I sure hope you don't use the PC for your personal business.
My System SpecsSystem Spec
19 Dec 2013   #35
Netlace

Windows 7 starter 32bit
 
 

I am glad someone see's a problem. I am so tired of people telling me my scans are clear. This has been going on for so long. This one I am on seems to be the one spreading things. I don't know what to do. I cant even delete things from the registry, and I am or was the admin. Java is out of control. When I start to get somewhere everything is renewed. We cant afford all new laptops. There has to be a way to find it. All I do all day is search and try to contain this beast. I am Disabled and tired. I just want to go online and enjoy. No luck!
My System SpecsSystem Spec
19 Dec 2013   #36
Netlace

Windows 7 starter 32bit
 
 

My Vista laptop, shows W7 in the services. I have re-installed the OS 4 times and it changes on first shutdown. That is before going online. So it has to be from the bios, or my disk has been added to. Or airborn!
My System SpecsSystem Spec
19 Dec 2013   #37
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

I did ask for some more help here Netlace and the thread has been moved to Security if you hadn't noticed.
Yes you definitely have some self replicating and spreading infection. I don't have the skill, but there are other here who do, they have helped me with a real bad one several months ago.

Are you able to delete the rogue account through Control Panel? I would suggest trying it with only one machine on the network if it works, go to the next one.
My System SpecsSystem Spec
19 Dec 2013   #38
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Quote   Quote: Originally Posted by carwiz View Post
I just joined the thread and was looking at previous posts. The -18, 19 and 20 are system services and normal.

Code:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2452422238-2317045706-931954555-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2452422238-2317045706-931954555-501
These two SIDs are disturbing. The S-1-5-21-xxx-501 is a Guest Account that doesn't need a password. By default, Windows disables Guest Accounts.
I'm not sure what the SID S-1-5-21-xxx-1000 might be but it's assigned to the same domain (class). It could have Administrative rights to control a network group.

.
-1000 is the original User/Admin account created at setup.
My System SpecsSystem Spec
19 Dec 2013   #39
Netlace

Windows 7 starter 32bit
 
 

Could someone with MWB tell me if they have this key?
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
Default {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
Also on the properties via right click from programs, I have 2 build.conf and custom.conf that have old dates. Everything else has date I downloaded it.
My System SpecsSystem Spec
20 Dec 2013   #40
carwiz

Windows 7 Pro-x64
 
 

Not sure what you mean by "properties via right click from programs". I have the same value for MBAM. That's the shell extension that provides the right click menu for MBAM.


Attached Thumbnails
SFC and Trusted Installer? Is this normal?-mbam-shellext.jpg  
My System SpecsSystem Spec
Reply

 SFC and Trusted Installer? Is this normal?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Only trusted installer access - change
I have corrupted files involving volume control They show 0 bytes but have files which show if I use properties review . I have a copies from another computer but when I try anything associated with the empty file location on the troubled machine I get stuck because only trusted installer can...
Performance & Maintenance
require permission from trusted installer
Hello, I am trying to perform a very basic task. Moving the windows calculator to the desktop. When I try I receive the message "You require permission from TrustedInstaller to make changes to this file" I think it has something to do with permissions so I tried to change the owner of calc.exe to...
General Discussion
To be trusted?
Download Mz CPU Accelerator 4.1 Free - A small utility that will allow you to run applications much faster than the original speed - Softpedia I was wondering if this is reliable and does not make programs crash. Any experience with this thing? Martin
Performance & Maintenance
trusted installer
Why do I need permission from trusted installer to do stuff on my own PC,who is this guy and how do I get rid of him
General Discussion
which update installs trusted installer
Can anyone tell me which update installs Trustedinstaller.exe in win 7? I'd like to uninstall that update, I have heard that it creates a lot of pronlems
Windows Updates & Activation


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:54.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App