I can't get Process Guard to install at all ... i get an error stating "unable to install process guard driver" and sometimes one saying "unable to open mutex 2" On a side-note ... i can't keep Port Explorer running long either before having to re-install it. Nod32 hangs sometimes during boot ... until the Dcom Server crashes and windows reboots that is. And my firewall bites the dust un-expectedly sometimes. This strange stuff started yesterday ... and seems to be due to some component in svchost.exe ... and a non valid process (according to Taskmanager) called userint.exe. I did a full scan with TDS3 (latest radius) and NOD32, but found nothing ... i found some suspicious files though, mostly tmp files but they are undeletable (-EX. SET3, SET4, SET 8 AND ~DF66C9.TMP) including a file called kb.log. (keylogger?) And also some strange registry entry's leading to my Temp folders: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv] "Type"=dword:00000001 "ErrorControl"=dword:00000000 "Start"=dword:00000004 "ImagePath"="\\??\\C:\\DOCUME~1\\Tim\\LOCALS~1\\Temp\\mc21.tmp" "DeleteFlag"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum] "0"="Root\\LEGACY_MCHINJDRV\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1] "CacheLimit"=dword:00095100 "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2] "CacheLimit"=dword:00095100 "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3] "CacheLimit"=dword:00095100 "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache3" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4] "CacheLimit"=dword:00095100 "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache4" [HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Edit Any Ideas? ... im lost.
Hi Cincinnati, It looks as though your system is badly infected. Please go here: https://www.wilderssecurity.com/showthread.php?t=50662 and clean up. Then come back here if you need any more hep with ProcessGuard. Thanks and good luck. Pilli
All scans turned up nothing . I have since found some strange virtual drivers being used (VxD), along with alot of files that are in use, that cannot be deleted ... even in safe mode logged in as Administrator (tmp files at that). I have trouble installing software (security based) because "%USERPROFILE% recent" cannot be accessed. I even tried changing the read only status of that folder myself ... but it instantly changes right back (due to the inheritable permissions). I have also noticed two listening remote locations in my firewall ... but they are to an invalid I.P.# of 0.0.0.0 ... it must be someone because this PC comes up as being 128 hops away. I guess i might have to re-install XP ... or watch it for awhile and see if i can learn something about what it is.
The Mutex 2 error occurs when the ProcessGuard service is not running correctly. Follow the manual uninstall instructions listed in the helpfile and reinstall. Also make sure your system is clean as mentioned by the others here.
Cincinnati, What OS are you using? VXD's are usually from older OS's like Win 98 & ME Did you do an upgrade from say W98 to XP for instance?
