Active System locks up in IE Explorer 8 and Mozilla Firefox

I have also noticed that on the security tab that under Group or user name I suddenly have Account Unknown(S-1-5-80-2375682873-768044350-3534.... that goes for quite some length and I cannot remove this user or edit the user as it states: with the yellow caution sign, You can't remove this Account. Unknown(S-1....) because this object is inheriting permission from its parent. To remove Account (the listing) you must prevent this object from inheriting permissions. Turn off the option for inheriting permissions, and then try removing Account (listing above). I have no idea where this came from nor can I find where the permission comes from? I can provide you with the complete number if it helps.

 

Hi

Have you tried running CF immediately after you unblocked it. (without rebooting first) ?
If not please try that.
----------------------------------------------------------------------------------
If that don't work.
Lets get a on line scan. I see noahdfear had you run Kaspersky.

Let try this one.

Run ATF Cleaner making sure the cookies has been checked

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Geri

 

Geri, Long time no bugging you, probably thought you were off the hook? lol I found by finally getting Dr. Web Anti-virus to run that my combo-fix had a virus in it? Could this be why I was unable to run the program? I also have still not found the hierarchy for the unknown user on the system so I can remove this as it seems this could also be a major problem? What do you think? Thanks.

 

Hi
Dr Web will flag certain processes that Combofix uses as a "virus ", this is not the case however. Combofix had no virus in it.

Please do the Panda scan and post the log, also please post the Dr. Web log if you have it.

Geri

 

ADAPT_Installe0.exe\data032;C:\Documents and Settings\Steven Vakula\DoctorWeb\Quarantine\ADAPT_Installe0.exe;Probably SCRIPT.Virus;;
ADAPT_Installe0.exe;C:\Documents and Settings\Steven Vakula\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;

 

I have tried everything with CF. I have run it on 3 other computers but this one is the only one that will not run the program. It is also the only one with this mysterious user that I cannot seem to remove. I will post the panda log after I run it for you, Thanks.

 

Here is the Panda scan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-04-03 03:07:58
PROTECTIONS: 3
MALWARE: 1
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Lavasoft Ad-Watch Live! No Yes
Windows Defender 1.1.1505.0 No Yes
SUPERAntiSpyware 4, 26, 0, 1000 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Steven Vakula\AppData\Roaming\Microsoft\Windows\Cookies\steven_vakula@doubleclick[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location ��aP��39

;===================================================================================================================================================================================
No C:\Users\Steven Vakula\Desktop\trashreg\TrashReg.exe ��aP��39

No C:\Users\Steven Vakula\DoctorWeb\Quarantine\$R6I6C7M.exe ��aP��39

;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ��aP��39

;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Hi
Did you install this?
trashreg

Geri

 

I haven't installed anything? I also have had a hard time signing online with any browser aside from Firefox since April 1, Internet Explorer will load and crash immediately.

 

I have noticed that there appears to be something flashing in the lower left screen about in the area of the start button for window. It is very quick but appears to be some type of program? I have notice that suddenly I will have new things appear also and have no idea where they have come from as they just suddenly will appear on the desk top?

 

Hi
OK please do this.

Go here and run this tool. for single computer.
BitDefender

Then delete this folder.
C:\Users\Steven Vakula\Desktop\trashreg

Please post a new DDS log.

Thanks
Geri

 

Thank you Geri!

CountVak, in addition to a fresh DDS log, I'd like for you to run another rootkit scanner. Download GMER Rootkit Scanner from here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in ark.txt

Save it where you can easily find it, such as your desktop then post the contents here.

**Caution**
Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries

Note - Please close all other programs, and all open browser windows prior to starting the scan.