Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: Gamezertruth on August 21, 2015, 06:44:09 am
-
as you can know this is a newly formatted Windows OS and I have installed anti-virus program To protect me from all kinds of threats! but I've noticed that Security Center/action center wasn’t organize my anti-virus program ?
-
how to correct the problem ?
-
Can you give us a snip of what you mean ?
-
Can you give us a snip of what you mean ?
my antivirus won’t show there/isn’t listed in Security Center/action center
edit i have make a screenshot for you
-
here is other snapshot, however, I do have an antivirus already installed on this new system but Security Center/action center it insists I do not have any antivirus installed ?
-
Mine shows my Norton 360 - what are you using ?
-
Mine shows my Norton 360 - what are you using ?
Amiti Antivirus http://www.netgate.sk/products/amiti-antivirus/ (first use of it)
-
Never heard of it.
Go Start - type Amiti antivirus and in its folder should be an Uninstaller.
Use that to uninstall it, reboot then download the free version of Comodo Antivirus to see if it sees that. https://antivirus.comodo.com/
-
I’m working on it and I will back after the system reboot
-
I'm going to have to shoot off for an hour so but will be back.
-
I'm going to have to shoot off for an hour so but will be back.
ok no problem and I have done of uninstall Amiti Antivirus and reboot the system and install COMODO Internet Security and now my problem is resolved ! :smiley:
but when I have to uninstall Amiti Antivirus I got a problem Through end of uninstall of Amiti Antivirus (it cause a Corrupted dll files to my system I think )
-
So what problems are the corrupt .dll files causing ?
-
I've missed that error message from the end of uninstallation! Is there any way to know? Maybe I should run this program I have to reproduce the error ! I’ll check it now
-
ok I have to download the program once again and I think it found the error During the uninstallation but with no more info
http://www.error.info/search.html?q=%5Fiu14D2N%2Etmp+is+not+responding&q2=The+program+%5Fiu14D2N%2Etmp+version+%2A+stopped+interacting+with+Windows+and+was+closed
http://www.error.info/search.html?q=Setup%2F%2FUninstall+Stopped+responding+and+was+closed&q2=A+pro%2Alem+caused+this+program+to+stop+interacting+with+Windows%2E
Version=1
EventType=AppHangB1
EventTime=130848951868267328
ReportType=1
Consent=1
UploadTime=130848951869897421
ReportIdentifier=eb516b8d-4a60-11e5-bfc6-60eb69d80f07
IntegratorReportIdentifier=eb516b8e-4a60-11e5-bfc6-60eb69d80f07
Response.BucketId=1134692143
Response.BucketTable=5
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=_iu14D2N.tmp
Sig[1].Name=Application Version
Sig[1].Value=51.52.0.0
Sig[2].Name=Application Timestamp
Sig[2].Value=2a425e19
Sig[3].Name=Hang Signature
Sig[3].Value=7b8a
Sig[4].Name=Hang Type
Sig[4].Value=6144
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.1
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Hang Signature 1
DynamicSig[22].Value=7b8a590a3a0b14c8d3952ca292c68ddd
DynamicSig[23].Name=Additional Hang Signature 2
DynamicSig[23].Value=0958
DynamicSig[24].Name=Additional Hang Signature 3
DynamicSig[24].Value=09589e10acd9a47f0949e585e52e5321
DynamicSig[25].Name=Additional Hang Signature 4
DynamicSig[25].Value=7b8a
DynamicSig[26].Name=Additional Hang Signature 5
DynamicSig[26].Value=7b8a590a3a0b14c8d3952ca292c68ddd
DynamicSig[27].Name=Additional Hang Signature 6
DynamicSig[27].Value=0958
DynamicSig[28].Name=Additional Hang Signature 7
DynamicSig[28].Value=09589e10acd9a47f0949e585e52e5321
UI[3]=Setup//Uninstall is not responding
UI[4]=If you close the program, you might lose information.
UI[5]=Close the program
UI[6]=Close the program
UI[7]=Close the program
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=DataRequest
State[1].Value=Bucket=1134692143/nBucketTable=5/nResponse=1/n
FriendlyEventName=Stopped responding and was closed
ConsentKey=AppHangXProcB1
AppName=Setup//Uninstall
AppPath=C:\Users\b\AppData\Local\temp\_iu14D2N.tmp
ReportDescription=A problem caused this program to stop interacting with Windows.
This error was last recorded at 8/24/2015 4:06:26 PM
The program _iu14D2N.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1880
Start Time: 01d0de6cef14e5f4
Termination Time: 5
Application Path: C:\Users\b\AppData\Local\Temp\_iu14D2N.tmp
Report Id:
This error was last recorded at 8/24/2015 4:06:34 PM
-
When you install an active AV program on top of another you can get problems anyway, so prior to reinstalling AMITI you should uninstall Comodo.
What I've seen for uninstalling Comodo, it can be done from Programs and Features but before you uninstall it, run this MS Fixit.
https://support.microsoft.com/en-gb/mats/program_install_and_uninstall
There is a more manual method for uninstalling AMITI which may prove more successful.
Use the second method in this article which includes removing registry entries and then you shouldn't get any errors, but reboot again afterwards before reinstalling Comodo.
http://www.how-to-uninstall-program.com/uninstaller/uninstall-amiti-antivirus-amiti-antivirus-removal-amiti-antivirus-windows-uninstaller.html
-
ok I will do this tomorrow !
-
I forgot to add that before making any changes in the registry, always create a restore point first - although it's unlikely that you will want to go back to those entries, but is always a safeguard.
-
I forgot to add that before making any changes in the registry, always create a restore point first - although it's unlikely that you will want to go back to those entries, but is always a safeguard.
ok I’m working on it now :artist:
-
I have done cleanup of it
fixlist content:
*****************
HKU\S-1-5-21-3892608168-563591042-444535462-1000\...\Run: [AmitiAntivirus] => C:\Program Files\NETGATE\Amiti Antivirus\AmitiAntivirus.exe
S2 AmitiAvHealth; C:\Program Files\NETGATE\Amiti Antivirus\AmitiAntivirusHealth.exe [X]
*****************
HKU\S-1-5-21-3892608168-563591042-444535462-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AmitiAntivirus => value removed successfully.
AmitiAvHealth => service removed successfully.
==== End of Fixlog 15:42:05 ====
-
So I take it you don't get any more errors from AMITI and you can reinstall Comodo ?
Was AMITI a free AV program ?
-
So I take it you don't get any more errors from AMITI and you can reinstall Comodo ?
Was AMITI a free AV program ?
yes that correct no more error and I was able to reinstall Comodo antivirus ! and I think AMITI antivirus is available for a free and for a paid version !
-
So another thread you can mark as Solved then :D
-
So another thread you can mark as Solved then :D
ok :cheesy: and thank you for help my :smiley:
-
first installed of Comodo antivirus and guess what! many security software's have defected some of Comodo files as a virus so I don’t feel comfortable with it!
-
What other security programs do you have installed ?
-
1- Malwarebytes Anti-Malware (detected by)
2- SUPERAntiSpyware (not detected by)
3- Removal Tool (not detected by)
that was detected by many portable scanner too (kaspersky virus removal tool )
-
While I've never used Comodo Free, I know a member of another forum who swears by it which is why I suggested it and I would think that he has MBAM installed.
When you run an antimalware scan on a system it checks all programs and you will see the scanner checking listing them as it works through them which is normal.
If the scanner wants to remove the program then that is a different matter.
Should anything have come down with the Comodo install, then download AdwCleaner and/or Junkware Removal Tool and see if they find anything serious.
What is that Removal Tool you've listed ?
-
aha thanks for heads up reply and I will check this out with adware cleaner tool and post back
Removal too is an anti-malware program http://9-lab.com/ :tongue:
-
I've never heard of 9Lab or seen it listed in any reviews.
-
I've never heard of 9Lab or seen it listed in any reviews.
aha :tongue:this software has a Similar detection of Mbam ! lol so there is something should Concern about?
-
Not if it works - I tend to stay with the more well known brands that have a proven track record.
While it's wise to have more than one scanner installed as one can pick up what another can miss - how effective is that one ?
When I get a chance, I'll Google to see if there are any reviews on it.
-
it’s party powerful scanner as I have used for a while :smiley:
-
So are you going to stay with Comodo or did any of the scanners want to remove it and have you ran ADW or JRT yet ?
-
So are you going to stay with Comodo or did any of the scanners want to remove it and have you ran ADW or JRT yet ?
Will I think about it if I will stay with it or no and I’m going to run both tools right now from a USB ! is that Okay ?
and yes kaspersky want to remove it but The system got the unexpected shutdown
and I have a lot of security software's on the new USB hard drive so I may run all of that scanner for a test
-
I just done that and here the logs files , so even adw and JRT have detected some of Comodo ! and I will post Mbam log here
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.8 (08.24.2015:1)
OS: Windows 7 Ultimate x86
Ran by b on Fri 08/28/2015 at 1:45:45.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
Successfully deleted: [File] C:\Users\Public\Desktop\geekbuddy.lnk
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/28/2015 at 1:51:00.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v5.003 - Logfile created 28/08/2015 at 01:52:42
# Updated 20/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : b - B-PC
# Running from : F:\malware scanner\adwcleaner_5.003.exe
# Option : Cleaning
***** [ Services ] *****
[-] Service Deleted : MasSvc_{MaxthonAppStore_1.0.0.10539}
***** [ Folders ] *****
***** [ Files ] *****
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP
***** [ Web browsers ] *****
*************************
:: Proxy settings cleared
:: Winsock settings cleared
*************************
C:\AdwCleaner[S2].txt - [669 bytes] - [15/08/2015 14:55:55]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [898 bytes] ##########
-
I’m running a malware check again with Mbam :artist:
-
Where is Comodo mentioned in those logs ?
-
Where is Comodo mentioned in those logs ?
hmmm this other Comodo products it come installed with a Comodo antivirus setup so it bundle my with some other Comodo’s products
GeekBuddy is a Comodo products
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/28/2015
Scan Time: 1:58 AM
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.08.27.05
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: b
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329419
Time Elapsed: 17 min, 17 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 5
CrackTool.Agent, C:\ProgramData\Comodo\Cis\Quarantine\data\{3DCCA088-67F4-4999-AF8A-9D1801895814}, , [f0e1a964fc8f5fd708f47f779d632bd5],
PUP.Optional.InstallCore, C:\ProgramData\Comodo\Cis\Quarantine\data\{516F8FCB-513F-4E96-B087-E5B59276E948}, , [b51c3fce22693afc1dda1f725baa7f81],
PUP.RiskWareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{B72002FA-D632-4FBA-B9C1-9F8744047EA1}, , [e3ee56b7a7e4a492787ef4d2cb363cc4],
PUP.RiskWare.Patcher, C:\ProgramData\Comodo\Cis\Quarantine\data\{B8E80BC7-7413-47CE-9422-5424CC1F3896}, , [1fb20ffec2c9ce68ffe66561bf429769],
PUP.RiskWareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{E1131FEE-15F4-4EBA-AC01-DEED2C68402E}, , [884941cc4a4183b3fafc893d9d648f71],
Physical Sectors: 0
(No malicious items detected)
(end)
-
Emsisoft Emergency Kit - Version 10.0
Last update: 8/28/2015 3:21:29 AM
User account: b-PC\b
Scan settings:
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 8/28/2015 3:28:19 AM
C:\ProgramData\Comodo\Cis\Quarantine\data\{E1131FEE-15F4-4EBA-AC01-DEED2C68402E} detected: Gen:Variant.Kazy.143588 (B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{B72002FA-D632-4FBA-B9C1-9F8744047EA1} detected: Gen:Variant.Kazy.143588 (B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{516F8FCB-513F-4E96-B087-E5B59276E948} detected: Gen:Variant.Mikey.22543 (B)
Scanned 178833
Found 3
Scan end: 8/28/2015 4:17:33 AM
Scan time: 0:49:14
-
Geekbuddy is Comodo remote assistance (an optional extra offered during install....." you must always read before hitting the Next, Install or Download button." - Boggin), who would probably charge you, then recommend WR!
The other stuff looks like generic detections that Comodo has quarantined.
-
good to know that Samson :smiley:
-
I would also not recommend deleting the contents of your AV's quaratine immediately. Sometimes a false positive could end up in there. Leave items in there for a while, say a month or so, and if no ill effects you can rescan them or delete them.
-
I would also not recommend deleting the contents of your AV's quaratine immediately. Sometimes a false positive could end up in there. Leave items in there for a while, say a month or so, and if no ill effects you can rescan them or delete them.
then I’ll keep them there for a month :smiley: and sure I will do that to see if they a false positive
-
Re scan with updated virus defs after a month or so, if in doubt leave them in Quarantine.
-
will do :tongue:
-
other scanner flag Comodo files ?
-
Look at the location of those, they appear to be in Comodo's quarantine. Also they have been "skipped" under actions.
-
Look at the location of those, they appear to be in Comodo's quarantine. Also they have been "skipped" under actions.
yes But I'm wondering since this Scanner has a different detection! you need to took a closely look at the screenshot
-
Compare that list with what is in Comodo's quarantine.
EDIT: Also, whatever scanner that was has detected UVK as a trojan.....What scanner is that which you have posted the results for above?
-
ok I’ll check that and reply back
-
Compare that list with what is in Comodo's quarantine.
EDIT: Also, whatever scanner that was has detected UVK as a trojan.....What scanner is that which you have posted the results for above?
ok so Comodo have detected a Different items and quarantine it so I’m going now to deleted all quarantine’s items and re scanning my system as a test ! (I don't need to keep any file in quarantine )
and the scanner was zillya malware removal tool http://zillya.com/
from here http://zillya.com/zillya-scanner
-
I have a new problem with Comodo antivirus (some of program option not display ) it’s gone of the main GUI!
edit : add a screenshot
-
What if those files in quarantine are important or false positives? delete 'em and they are gone! In quarantine they are doing no harm and can be restored if important.
Why do you insist on using so many "Noname" random virus/ malware scanners? Don't tell me,, you Googled it? :rolleyes:
VIRTUAL MACHINE! Again
-
Reinstall Comodo - could that scanner have removed part of Comodo to the point of breaking it ?
What exactly is missing from the GUI ?
The free version of MBAM is an adequate robust scanner - leave those obscure ones alone.
-
no not important and I think it was a false positives
and this laptop is now protected ! i tell you that no more crap downloaded so that’s all
-
what is missing are a scan button and other options
-
no not important and I think it was a false positives
How can you possibly know that. If they are false positives then you do not want to delete them. Do you understand the difference between "delete" and "restore". If you delete them from quarantine, they are gone. Possibly important files, gone!
-
Then reinstall Comodo and get rid of that scanner and install the free version of MBAM instead.
-
will do and I will check it again :smiley: I’m searching for my topic at Mbam forum
-
aha wrong screenshot lol
-
cracktool ???? anyway I have reinstall Comodo and that seemed fix the problem and that have cleared out the quarantine ?
-
cracktool ???? anyway I have reinstall Comodo and that seemed fix the problem and that have cleared out the quarantine ?
ok other new reason to uninstall Mbam :smiley: :cheesy: :angry:
-
ok other new reason to uninstall Mbam :smiley: :cheesy: :angry:
Why?
-
ok other new reason to uninstall Mbam :smiley: :cheesy: :angry:
Why?
Because mbam have list this detection as "a cracktool" and that detection "avz temp" isn’t a cracktool yo!
-
What are those scan results from? MBAM and comodo? if the first is mbam and the second is comodo, then comodo also has quarantined the same file. CrackTool.Agent is a keylogger.
-
nope! :smiley: do you even know what "avz" is ? :wink:
-
nope! :smiley: do you even know what "avz" is ? :wink:
Do tell me. Another random program you have downloaded.
I'm sure that you are right and MBAM and Comodo know less about malware than you clearly do. :rolleyes:
They have both detected it as malware and yet you chose to disagree with both.
-
nope! :smiley: do you even know what "avz" is ? :wink:
Do tell me.
I'm sure that you are right and MBAM and Comodo know less about malware than you clearly do. :rolleyes:
hhmmm I’m a Kaspersky member form a long time and I know a lot of thing and a member of Kaspersky Behind his program http://www.z-oleg.com/secur/avz/
and If I’m wrong then correct my info :smiley: https://support.kaspersky.com/common/service.aspx?el=1698
EDIT : Kaspersky link added
-
"The AVZ utility collects information about your computer"... So hardly suprising that MBAM and Comodo have flagged it as malware.
-
"The AVZ utility collects information about your computer"... So hardly suprising that MBAM and Comodo have flagged it as malware.
aha Now I'm confused! lol and could be a False positives by both mbam and Comodo ?
+
can someone submit it to mbam ?
-
Given that 2 independent programs, Comodo and MBAM both agree it is unlikely, follow their advice.
-
ok will do, will time to marks this topic as solved
edit lol topic already marks solved
-
will I’m going to uninstall Comodo antivirus due to a hiding registry keys was make it ! and I was thought I had a rootkits of all this time :smiley: and that can’t be removed even with Trend Micro RootkitBuster ! :smiley:
+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1180
| Computer Name: B-PC
| OS version: 6.1-7601
| User Name: b
+----------------------------------------------------
--== Dump malicious MBR ==--
No hidden MBR found.
--== Dump Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.
--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Configurations
Root : 9a8b820
SubKey : Configurations
ValueName : SymbolicLinkValue
Data : \Registry\MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\CisConfigs
ValueType : 6
AccessType: 0
FullLength: 81
DataSize : 142
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Data
Root : 9a8b820
SubKey : Data
ValueName : SymbolicLinkValue
Data : \Registry\MACHINE\SOFTWARE\COMODO\CIS\Data
ValueType : 6
AccessType: 0
FullLength: 71
DataSize : 84
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Options
Root : 9a8b820
SubKey : Options
ValueName : SymbolicLinkValue
Data : \Registry\MACHINE\SOFTWARE\COMODO\CIS\Options
ValueType : 6
AccessType: 0
FullLength: 74
DataSize : 90
3 hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.
--== Dump Hidden Driver ==--
No hidden drivers found.
--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAdjustPrivilegesToken
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83099e37
CurrentHandler : 0x8bcdf50e
ServiceNumber : 0xc
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcConnectPort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8308a3fd
CurrentHandler : 0x8bcdf91a
ServiceNumber : 0x16
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcCreatePort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83008d50
CurrentHandler : 0x8bcdf8c8
ServiceNumber : 0x17
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwConnectPort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8308ceff
CurrentHandler : 0x8bcde754
ServiceNumber : 0x3b
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEvent
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8305508e
CurrentHandler : 0x8bcdd82a
ServiceNumber : 0x40
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEventPair
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83121054
CurrentHandler : 0x8bcdd882
ServiceNumber : 0x41
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateFile
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83063c66
CurrentHandler : 0x8bcdf13c
ServiceNumber : 0x42
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830248bb
CurrentHandler : 0x8bcdd7d4
ServiceNumber : 0x4a
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreatePort
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83005838
CurrentHandler : 0x8bcdd77c
ServiceNumber : 0x4d
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSection
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830376eb
CurrentHandler : 0x8bcdee58
ServiceNumber : 0x54
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSemaphore
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83019b4e
CurrentHandler : 0x8bcdd8d4
ServiceNumber : 0x55
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830159a0
CurrentHandler : 0x8bce07ac
ServiceNumber : 0x56
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x830f14a6
CurrentHandler : 0x8bcde0fe
ServiceNumber : 0x57
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThreadEx
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83085307
CurrentHandler : 0x8bcdfb64
ServiceNumber : 0x58
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x82fd9af1
CurrentHandler : 0x8bce01b2
ServiceNumber : 0x9b
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMakeTemporaryObject
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8301fa46
CurrentHandler : 0x8bcdea2c
ServiceNumber : 0xa4
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenFile
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8304646b
CurrentHandler : 0x8bcdf334
ServiceNumber : 0xb3
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8307e27b
CurrentHandler : 0x8bcdece0
ServiceNumber : 0xc2
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationProcess
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8304d045
CurrentHandler : 0x8bcdf702
ServiceNumber : 0x14d
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83062b70
CurrentHandler : 0x8bce04b2
ServiceNumber : 0x15e
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwShutdownSystem
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x83119599
CurrentHandler : 0x8bcde9a2
ServiceNumber : 0x168
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8309a766
CurrentHandler : 0x8bcdebcc
ServiceNumber : 0x170
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8306f5d1
CurrentHandler : 0x8bcde534
ServiceNumber : 0x172
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\Windows\system32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8308d52a
CurrentHandler : 0x8bcde302
ServiceNumber : 0x173
ModuleName : cmdguard.sys
SDTType : 0x0
No hidden operating system service hooks found.
--== Dump Hidden Port ==--
No hidden ports found.
--== Dump Kernel Code Patching ==--
No kernel code patching detected.
--== Dump Hidden Services ==--
No hidden services found.
-
Probably hidden to prevent modification by malware. Which AV have you selected to reject next? :rolleyes:
-
Can you give us a list of all of the security programs that you have installed -
I have Norton 360, the free version of MBAM and the free version of SuperAntiSpyware but because Norton does such a good job of keeping the crap out, it's very rare that I run MBAM and have found SAS useful for clearing the tracking cookies as well as clearing the Temp folder.
I occasionally run AdwCleaner to see if any PuPs have crept in, but that tends not to find anything.
-
Probably hidden to prevent modification by malware. Which AV have you selected to reject next? :rolleyes:
I don’t know but a Mbam staff and members had tell my something UN-good about Comodo company !
and I’m going trough it digital-defender antivirus it more great and lighter then a lot of other antivirus software's (i have already test it on my XP with 512 ram :cheesy: and no problem at all :cheesy:)
http://www.digital-defender.com/
-
Can you give us a list of all of the security programs that you have installed -
I have Norton 360, the free version of MBAM and the free version of SuperAntiSpyware but because Norton does such a good job of keeping the crap out, it's very rare that I run MBAM and have found SAS useful for clearing the tracking cookies as well as clearing the Temp folder.
I occasionally run AdwCleaner to see if any PuPs have crept in, but that tends not to find anything.
yup I can do :shy:
1- Malwarebytes Anti-Malware
2- SUPERAntiSpyware
3- Removal Tool
4- COMODO Internet Security
and I will give it adware cleaner other try and report back ! (and I thing no adware or malware on this new formatted system)
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Ultimate x86
Ran by b on Mon 08/31/2015 at 14:34:35.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\b\AppData\Roaming\mozilla\firefox\profiles\pihkw1ul.default-1440614188705\minidumps [3 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/31/2015 at 14:40:07.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v5.004 - Logfile created 31/08/2015 at 14:42:50
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : b - B-PC
# Running from : F:\malware scanner\adwcleaner_5.004.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\GeekBuddyRSP
***** [ Web browsers ] *****
*************************
C:\AdwCleaner[S2].txt - [669 bytes] - [15/08/2015 14:55:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [679 bytes] ##########
-
and I’m going trough it digital-defender antivirus it more great and lighter then a lot of other antivirus software's (i have already test it on my XP with 512 ram :cheesy: and no problem at all :cheesy:)
http://www.digital-defender.com/
2/5 is n't a great review http://uk.pcmag.com/digital-defender-free-20/22291/review/digital-defender-free-20
-
and I’m going trough it digital-defender antivirus it more great and lighter then a lot of other antivirus software's (i have already test it on my XP with 512 ram :cheesy: and no problem at all :cheesy:)
http://www.digital-defender.com/
2/5 is n't a great review http://uk.pcmag.com/digital-defender-free-20/22291/review/digital-defender-free-20
aha I see now :smiley: so which free antivirus I needed ?
btw : no spyware antivirus like avast
-
EDIT: Also, whatever scanner that was has detected UVK as a trojan.....
lol I just read this https://toolslib.net/forum/viewthread/213-adwcleaner-white-listing/
-
@ Gamez, change the title of this thread from "Solved" to "Never Ending" :wink:
A pattern is emerging.
You ask for a recommendation for AV.
You install it.
You then decide for whatever reason that it is Spyware/ Malware or a Rootkit.
You uninstall it.
You install a random, "Noname" AV.
Then circle back to asking for a recommendation for AV.
Perhaps, and this is a bit off the wall, if you went for a paid solution, then you would be less inclined to dismiss it out of hand due to the financial loss...A loop escape if you like :wink:
-
I will make a very simple answer :smiley: (I don’t have an antivirus from a quit some years so I have the right to question it :smiley: hope you got it the clue idea :blank:)
-
I will make a very simple answer too.
You did have MSE but removed it, "I have removed MSE? I've heard it's used too much memory"
http://www.tweaking.com/forums/index.php/topic,3260.msg22912.html#msg22912
Then tried Amiti Antivirus.
http://www.tweaking.com/forums/index.php/topic,3541.msg25426.html#msg25426
Removed Amiti and installed Comodo.
http://www.tweaking.com/forums/index.php/topic,3541.msg25464.html#msg25464
Removed Comodo and installed Digital defender.
http://www.tweaking.com/forums/index.php/topic,3541.msg25750.html#msg25750
And inbetween ran just about every known, and some unknown scanners.
http://www.tweaking.com/forums/index.php/topic,3178.msg21997.html#msg21997
Looks like a pretty clear pattern of behaviour to me, "hope you got it the clue idea"
-
What did the MBAM staff have to say about Comodo that wasn't complimentary ?
-
wow cold down Samson you’ve make an attack to my :smiley: and how you/who’s said I’m done uninstall Comodo ? Comodo still running on my laptop :smiley:
Boggin I didn’t yet find that topic and I’m still searching for it :smiley:
-
ok other reason to uninstalling Comodo :smiley: right ? :smiley: https://forums.malwarebytes.org/index.php?/topic/165235-comodo-ships-adware-privdog-worse-than-superfish/
https://forums.malwarebytes.org/index.php?/topic/170398-suspicious-malware-or-infection-win-81-x64-comodo/
https://forums.malwarebytes.org/index.php?/topic/49138-if-you-use-comodo/
-
wow cold down Samson you’ve make an attack to my
Not an attack Gamez, don't play the victim. I and others are genuinely trying to help you, inspite of yourself. You have had more help on this forum for infections and problems than anyone else.
-
wow cold down Samson you’ve make an attack to my
Not an attack Gamez, don't play the victim. I and others are genuinely trying to help you, inspite of yourself. You have had more help on this forum for infections and problems than anyone else.
ok you said "don't play the victim" but I do not play such silly things and I never ask for a malware removal help on this forum so why this forum still activity ? and who have Suggest to Shane to make a pro idea ? (that was my :smiley:)that’s because I’m the best here to make a posting ? will I was thinking about buying WR pro 2 copy's but you make my to leave this forum !
anyway I’m leaving :cheesy:
topic locked :smiley: brb - )