Welcome to MalwareRemoval.com, What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
OK I downloaded Rootkit Unhooker to my desk top and clicked on it to run it. Nothing happened so I rebooted my computer and tried it again and let it run 8 hours and still nothing... What next?
My Comodo said I had a virus..TrojWare32.TrojanProxy.Horse~0@25568469.. So I shut my computer off and tried to reboot in safe mode and it wont allow me to boot in safe mode
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Here's what my ESET scan found....... G:\Documents and Settings\K. Albert 2\My Documents\Downloads\Internet Connection Optimization Software - TweakMaster Pro v. 3.04.r3127 {numberone}\TweakMaster Pro v. 3.04.zip probably a variant of Win32/HackTool.Patcher.A application G:\Documents and Settings\K. Albert 2\Local Settings\temp\1111 a variant of Win32/TrojanDownloader.Fosniw.AH trojan G:\Documents and Settings\K. Albert 2\My Documents\Downloads\Zemana AntiLogger v1.9.2.205.rar a variant of Win32/Keygen.AN application G:\System Volume Information\_restore{E6254C3E-FE19-4532-B2DA-C044DE707783}(2)\RP262\A0094580.exe a variant of Win32/Adware.Kraddare.P application
Comodo said I had to reboot to remove the virus I was going to reboot in safe mode and run Comodo again but couldn't get into safe mode. Sometimes my keyboard wont type I've installed a new one but have the same problem
I have both and the one I'm using now is PS2..... ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2011/01/13 16:15 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ==================================================
Hidden/Locked Files ------------------- Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine Status: Locked to the Windows API!
Path: \\?\G:\Program Files\COMODO\COMODO Internet Security\Quarantine\* Status: Could not enumerate files with the Windows API (0x00000005)!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001086.exe Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001086.exe.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001087.exe Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001087.exe.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001088.exe Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001088.exe.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0080904.exe Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0080904.exe.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\DUMeter.exe Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\DUMeter.exe.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\FFF - Your Uninstaller! 2008 6.1.1231 KeyGen.exe Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\FFF - Your Uninstaller! 2008 6.1.1231 KeyGen.exe.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d23 Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d23.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d46 Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d46.info Status: Invisible to the Windows API!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp Status: Invisible to the Windows API!
Path: \\?\G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\* Status: Could not enumerate files with the Windows API (0x00000005)!
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd Status: Invisible to the Windows API!
Path: \\?\G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\* Status: Could not enumerate files with the Windows API (0x00000005)!
SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c80a
#: 031 Function Name: NtConnectPort Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198bd8a
#: 037 Function Name: NtCreateFile Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c470
#: 041 Function Name: NtCreateKey Status: Hooked by "TfSysMon.sys" at address 0xf744ba1c
#: 046 Function Name: NtCreatePort Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198bc66
#: 050 Function Name: NtCreateSection Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198f13c
#: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198f4c2
#: 053 Function Name: NtCreateThread Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b652
#: 063 Function Name: NtDeleteKey Status: Hooked by "TfSysMon.sys" at address 0xf744bc10
#: 065 Function Name: NtDeleteValueKey Status: Hooked by "TfSysMon.sys" at address 0xf744bcb6
#: 068 Function Name: NtDuplicateObject Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b458
#: 071 Function Name: NtEnumerateKey Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198d7bc
#: 073 Function Name: NtEnumerateValueKey Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198da12
#: 097 Function Name: NtLoadDriver Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198eb4c
#: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c052
#: 116 Function Name: NtOpenFile Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c64c
#: 119 Function Name: NtOpenKey Status: Hooked by "TfSysMon.sys" at address 0xf744b90c
#: 122 Function Name: NtOpenProcess Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b086
#: 125 Function Name: NtOpenSection Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c2f6
#: 128 Function Name: NtOpenThread Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b28a
#: 160 Function Name: NtQueryKey Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198dc20
#: 161 Function Name: NtQueryMultipleValueKey Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198e074
#: 177 Function Name: NtQueryValueKey Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198de32
#: 192 Function Name: NtRenameKey Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198d5d4
#: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198e5e4
#: 210 Function Name: NtSecureConnectPort Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198e898
#: 237 Function Name: NtSetSecurityObject Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198ce46
#: 240 Function Name: NtSetSystemInformation Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198ee44
#: 247 Function Name: NtSetValueKey Status: Hooked by "TfSysMon.sys" at address 0xf744be52
#: 249 Function Name: NtShutdownSystem Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198bfbc
#: 255 Function Name: NtSystemDebugControl Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c1e2
#: 257 Function Name: NtTerminateProcess Status: Hooked by "TfSysMon.sys" at address 0xf744db30
#: 258 Function Name: NtTerminateThread Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b856
Shadow SSDT ------------------- #: 013 Function Name: NtGdiBitBlt Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb19916e4
#: 122 Function Name: NtGdiDeleteObjectApp Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991f90
#: 227 Function Name: NtGdiMaskBlt Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991824
#: 233 Function Name: NtGdiOpenDCW Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991e4a
#: 237 Function Name: NtGdiPlgBlt Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991970
#: 292 Function Name: NtGdiStretchBlt Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991ab0
#: 310 Function Name: NtUserBlockInput Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb199155c
#: 319 Function Name: NtUserCallHwndParamLock Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb19905a4
#: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991202
#: 389 Function Name: NtUserGetClipboardData Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991bf6
#: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990f4a
#: 416 Function Name: NtUserGetKeyState Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb199109e
#: 460 Function Name: NtUserMessageCall Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990bd4
#: 465 Function Name: NtUserMoveWindow Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb19902a0
#: 475 Function Name: NtUserPostMessage Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb199085e
#: 476 Function Name: NtUserPostThreadMessage Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990a18
#: 490 Function Name: NtUserRegisterHotKey Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991d1a
#: 491 Function Name: NtUserRegisterRawInputDevices Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991366
#: 502 Function Name: NtUserSendInput Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990ddc
#: 509 Function Name: NtUserSetClipboardViewer Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991464
#: 529 Function Name: NtUserSetParent Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990430
#: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991fce
#: 552 Function Name: NtUserSetWinEventHook Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1992264
#: 559 Function Name: NtUserSystemParametersInfo Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990742
==EOF==
MBRCheck, version 1.2.3 (c) 2010, AD
Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000000f0
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: HDS728080PLAT20, Rev: PF2OA21B PhysicalDrive1 Model Number: WDCWD2500JB-50FUA0, Rev: 15.05R15
Size Device Name MBR Status -------------------------------------------- 76 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 232 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Not a Malware Issue Your problem does not appear to be "malware" related. TheMalware Removal forum deals with removing malware. I suggest you try a PC troubleshooting forum. Links for some are provided below. These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues. Registration is free, it only takes a few minutes. The Elder Geek on Windows BleepingComputer.com WhattheTech...formerly TomCoyote
If you have any questions or require additional malware help, please let me know.
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.