Main Forum > General Computer Support
action center in windows 7 (solved)
Samson:
Given that 2 independent programs, Comodo and MBAM both agree it is unlikely, follow their advice.
Gamezertruth:
ok will do, will time to marks this topic as solved
edit lol topic already marks solved
Gamezertruth:
will I’m going to uninstall Comodo antivirus due to a hiding registry keys was make it ! and I was thought I had a rootkits of all this time :smiley: and that can’t be removed even with Trend Micro RootkitBuster ! :smiley:
+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1180
| Computer Name: B-PC
| OS version: 6.1-7601
| User Name: b
+----------------------------------------------------
--== Dump malicious MBR ==--
No hidden MBR found.
--== Dump Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.
--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Configurations
Root : 9a8b820
SubKey : Configurations
ValueName : SymbolicLinkValue
Data : \Registry\MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\CisConfigs
ValueType : 6
AccessType: 0
FullLength: 81
DataSize : 142
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Data
Root : 9a8b820
SubKey : Data
ValueName : SymbolicLinkValue
Data : \Registry\MACHINE\SOFTWARE\COMODO\CIS\Data
ValueType : 6
AccessType: 0
FullLength: 71
DataSize : 84
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Options
Root : 9a8b820
SubKey : Options
ValueName : SymbolicLinkValue
Data : \Registry\MACHINE\SOFTWARE\COMODO\CIS\Options
ValueType : 6
AccessType: 0
FullLength: 74
DataSize : 90
3 hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.
--== Dump Hidden Driver ==--
No hidden drivers found.
--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAdjustPrivilegesToken
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83099e37
CurrentHandler : 0x8bcdf50e
ServiceNumber : 0xc
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcConnectPort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8308a3fd
CurrentHandler : 0x8bcdf91a
ServiceNumber : 0x16
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcCreatePort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83008d50
CurrentHandler : 0x8bcdf8c8
ServiceNumber : 0x17
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwConnectPort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8308ceff
CurrentHandler : 0x8bcde754
ServiceNumber : 0x3b
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEvent
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8305508e
CurrentHandler : 0x8bcdd82a
ServiceNumber : 0x40
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEventPair
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83121054
CurrentHandler : 0x8bcdd882
ServiceNumber : 0x41
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateFile
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83063c66
CurrentHandler : 0x8bcdf13c
ServiceNumber : 0x42
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830248bb
CurrentHandler : 0x8bcdd7d4
ServiceNumber : 0x4a
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreatePort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83005838
CurrentHandler : 0x8bcdd77c
ServiceNumber : 0x4d
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSection
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830376eb
CurrentHandler : 0x8bcdee58
ServiceNumber : 0x54
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSemaphore
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83019b4e
CurrentHandler : 0x8bcdd8d4
ServiceNumber : 0x55
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830159a0
CurrentHandler : 0x8bce07ac
ServiceNumber : 0x56
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830f14a6
CurrentHandler : 0x8bcde0fe
ServiceNumber : 0x57
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThreadEx
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83085307
CurrentHandler : 0x8bcdfb64
ServiceNumber : 0x58
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x82fd9af1
CurrentHandler : 0x8bce01b2
ServiceNumber : 0x9b
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMakeTemporaryObject
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8301fa46
CurrentHandler : 0x8bcdea2c
ServiceNumber : 0xa4
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenFile
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8304646b
CurrentHandler : 0x8bcdf334
ServiceNumber : 0xb3
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8307e27b
CurrentHandler : 0x8bcdece0
ServiceNumber : 0xc2
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationProcess
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8304d045
CurrentHandler : 0x8bcdf702
ServiceNumber : 0x14d
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83062b70
CurrentHandler : 0x8bce04b2
ServiceNumber : 0x15e
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwShutdownSystem
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83119599
CurrentHandler : 0x8bcde9a2
ServiceNumber : 0x168
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8309a766
CurrentHandler : 0x8bcdebcc
ServiceNumber : 0x170
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8306f5d1
CurrentHandler : 0x8bcde534
ServiceNumber : 0x172
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8308d52a
CurrentHandler : 0x8bcde302
ServiceNumber : 0x173
ModuleName : cmdguard.sys
SDTType : 0x0
No hidden operating system service hooks found.
--== Dump Hidden Port ==--
No hidden ports found.
--== Dump Kernel Code Patching ==--
No kernel code patching detected.
--== Dump Hidden Services ==--
No hidden services found.
Samson:
Probably hidden to prevent modification by malware. Which AV have you selected to reject next? :rolleyes:
Boggin:
Can you give us a list of all of the security programs that you have installed -
I have Norton 360, the free version of MBAM and the free version of SuperAntiSpyware but because Norton does such a good job of keeping the crap out, it's very rare that I run MBAM and have found SAS useful for clearing the tracking cookies as well as clearing the Temp folder.
I occasionally run AdwCleaner to see if any PuPs have crept in, but that tends not to find anything.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version