Mutex 2

Discussion in 'ProcessGuard' started by Cincinnati slim, Jan 8, 2005.

Thread Status:
Not open for further replies.
  1. I can't get Process Guard to install at all ... i get an error stating "unable to install process guard driver" and sometimes one saying "unable to open mutex 2"

    On a side-note ... i can't keep Port Explorer running long either before having to re-install it.

    Nod32 hangs sometimes during boot ... until the Dcom Server crashes and windows reboots that is. And my firewall bites the dust un-expectedly sometimes. This strange stuff started yesterday ... and seems to be due to some component in svchost.exe ... and a non valid process (according to Taskmanager) called userint.exe.

    I did a full scan with TDS3 (latest radius) and NOD32, but found nothing ...

    i found some suspicious files though, mostly tmp files but they are undeletable (-EX. SET3, SET4, SET 8 AND ~DF66C9.TMP) including a file called kb.log. (keylogger?) And also some strange registry entry's leading to my Temp folders:

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]
    "Type"=dword:00000001
    "ErrorControl"=dword:00000000
    "Start"=dword:00000004
    "ImagePath"="\\??\\C:\\DOCUME~1\\Tim\\LOCALS~1\\Temp\\mc21.tmp"
    "DeleteFlag"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]
    "0"="Root\\LEGACY_MCHINJDRV\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
    "CacheLimit"=dword:00095100
    "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
    "CacheLimit"=dword:00095100
    "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
    "CacheLimit"=dword:00095100
    "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
    "CacheLimit"=dword:00095100
    "CachePath"="C:\\Documents and Settings\\Tim\\Local Settings\\Temporary Internet Files\\Content.IE5\\Cache4"

    [HKEY_CLASSES_ROOT\SystemFileAssociations\Image\Shell\Edit

    Any Ideas? ... im lost.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  3. All scans turned up nothing . I have since found some strange virtual drivers being used (VxD), along with alot of files that are in use, that cannot be deleted ... even in safe mode logged in as Administrator (tmp files at that).

    I have trouble installing software (security based) because "%USERPROFILE% recent" cannot be accessed. I even tried changing the read only status of that folder myself ... but it instantly changes right back (due to the inheritable permissions).

    I have also noticed two listening remote locations in my firewall ... but they are to an invalid I.P.# of 0.0.0.0 ... it must be someone because this PC comes up as being 128 hops away.

    I guess i might have to re-install XP ... or watch it for awhile and see if i can learn something about what it is.
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The Mutex 2 error occurs when the ProcessGuard service is not running correctly. Follow the manual uninstall instructions listed in the helpfile and reinstall. Also make sure your system is clean as mentioned by the others here. :)
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Cincinnati, What OS are you using? VXD's are usually from older OS's like Win 98 & ME
    Did you do an upgrade from say W98 to XP for instance?
     
Thread Status:
Not open for further replies.