Whatever is on all of our computers has somehow affected the running of things. I know I need to clear the three Legacy drivers to stand a chance. I had the paid version and it blocked a OUTgoing to Korea and after that it said it was outdated by 253(or so) days. This is the same thing this said for 1st use. I have ccleaner and it is not doing right either. Whatever is on our computers is clever, and must appear normal to all programs. I am lost what to do...
Reading through this thread again in my opinion you have infected computers. With what I don't know. Something is stopping you from using basic programs and installing security programs. Those are signs of a possible infection.
If they were my computers I would go to the Security section of our Forum and post. Let the security experts give you a hand.
System Security - Windows 7 Help Forums
Here is a SystemLook of Mbam. Also one for Ccleaner
I cant believe how many special logons have took place today alone.
I just joined the thread and was looking at previous posts. The -18, 19 and 20 are system services and normal.
These two SIDs are disturbing. The S-1-5-21-xxx-501 is a Guest Account that doesn't need a password. By default, Windows disables Guest Accounts.Code:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2452422238-2317045706-931954555-1000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2452422238-2317045706-931954555-501
I'm not sure what the SID S-1-5-21-xxx-1000 might be but it's assigned to the same domain (class). It could have Administrative rights to control a network group.
It sure looks like someone has a back door into your system. There's probably logging going on so I sure hope you don't use the PC for your personal business.
I am glad someone see's a problem. I am so tired of people telling me my scans are clear. This has been going on for so long. This one I am on seems to be the one spreading things. I don't know what to do. I cant even delete things from the registry, and I am or was the admin. Java is out of control. When I start to get somewhere everything is renewed. We cant afford all new laptops. There has to be a way to find it. All I do all day is search and try to contain this beast. I am Disabled and tired. I just want to go online and enjoy. No luck!
My Vista laptop, shows W7 in the services. I have re-installed the OS 4 times and it changes on first shutdown. That is before going online. So it has to be from the bios, or my disk has been added to. Or airborn!
I did ask for some more help here Netlace and the thread has been moved to Security if you hadn't noticed.
Yes you definitely have some self replicating and spreading infection. I don't have the skill, but there are other here who do, they have helped me with a real bad one several months ago.
Are you able to delete the rogue account through Control Panel? I would suggest trying it with only one machine on the network if it works, go to the next one.
Could someone with MWB tell me if they have this key?
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
Default {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
Also on the properties via right click from programs, I have 2 build.conf and custom.conf that have old dates. Everything else has date I downloaded it.
Not sure what you mean by "properties via right click from programs". I have the same value for MBAM. That's the shell extension that provides the right click menu for MBAM.
Quote