TechSpot

Possible Trojan Horse?

Inactive
By NCISabbyfan
Dec 2, 2013
  1. Windows doesn't close the program. I had to click on "Close program" then automatically close the remaining tabs. Even after doing this, my computer is slowed down for up to 2 minutes while Nero BackItUp resurfaces itself. It is only at this point that Nero BackItUp finally closes, but the same situation recurs whenever my printer/scanner turns off manually or automatically. I have Nero installed on my computer, but have never used Nero BackItUp, which opened by itself.

    The first time around, there were almost 55 tabs, which, on that occasion, wouldn't close automatically. I noticed that, besides the appearance of Nero BackItUp, my Printer settings had reverted to Single sided, "Front to Back" from the automatic Double sided, "Back to Front" mode.

    On this occasion (unlike the first, of 53 times), I've had to close 28 tabs of "Nero BackItUp". Hovering my mouse over the tabs, they each say "Microsoft.NET Error Reporting Shim".

    Apart from the first time, my Printer settings have been retained automatically in Double sided, "Back to Front" mode ever since, but every time I turn off my machine manually, or it turns off automatically after 2 hours to save energy, Nero BackItUp appears.
    The most recent appearance of Nero BackItUp opened the program in 78 tabs.

    Due to the above, although I can't be 100% sure, it seems like some trojan or other unwanted malware has crept into my computer.

    Also, in Secunia, only one program wasn't updated automatically.

    Should I update Microsoft XML Core Services (MSXML) 4.x which I've downloaded or should I remove the download, which I've not installed? and

    Is Nero BackItUp appearing because my printer/scanner machine is faulty or do I have malware on my computer?

    I regularly check for malware and viruses to keep my computer in good check, but I've never come across the above before with previous printer/scanners, whether or not the machine is the cause of the problem.

    If my situation relates to this topic, I have a trojan on my computer:

    http://www.landzdown.com/analysis-a...mework-error-shim-errors-after-trojan-aleron/
     
  2. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Since you've been to this forum before and you suspect your computer may be infected you should know what to do...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    Some of the information is much more technical than others but the first isn't, of the results of Malwarebytes' Anti-Malware. This gives the all clear, but according to my printer/scanner manufacturer who I've checked with to determine if it's their machine causing the multiple Nero BackItUp tabs (well over a hundred yesterday, which I had to close Manually on this occasion) and my computer to turn on again the moment I'd turned off the printer/scanner, it's a virus. Whatever it is/wherever it is, it's currently hiding, due to no detections so far.

    I uninstalled then reinstalled Nero, and the problem only stops when Nero BackItUp is uninstalled, which is also invaluable for watching recordings. I can certainly rule out the Nero disk as the culprit, as I've had this since 2011 and it's only since I've started using my new printer/scanner that this has happened, but purely coincidentally, due to the machine not being the cause of the problem.

    My computer has become slower at navigating lately, very likely due to the virus, as my printer/scanner uses around the same amount of space as my previous one.

    OK, here goes with the Malwarebytes scan:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.05.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    David :: DAVID-PC [administrator]

    05/12/2013 11:56:15
    mbam-log-2013-12-05 (11-56-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211175
    Time elapsed: 11 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16520
    Run by David at 12:35:54 on 2013-12-05
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.810 [GMT 0:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\Thomson\ST330\service\st330service.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    c:\program files\acesoft\tracks eraser pro\te.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\PrintDisp.exe
    C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Radio Downloader\Radio Downloader.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\PrintCtrl.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Comodo\COMODO Internet Security\cis.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Comodo\IceDragon\icedragon.exe
    C:\Program Files\Comodo\IceDragon\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\WmiPrvSE.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k swprv
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://uk.yahoo.com?fr=fp-comodo
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Radio Downloader] "c:\program files\radio downloader\Radio Downloader.exe" /hidemainwindow
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [diagnostics] "c:\program files\thomson\st330\diagnostics\diagnostics.exe" /icon -l:en
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-System: EnableUIADesktopToggle = dword:0
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41} : DHCPNameServer = 192.168.0.1
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 584496]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 43728]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\comodo\icedragon\icedragon_updater.exe [2013-11-13 1821384]
    R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-5-24 77824]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 131288]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-8-4 30464]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
    S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
    S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-7-29 30464]
    S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-7-29 12672]
    S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2008-7-29 35328]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    .
    =============== Created Last 30 ================
    .
    2013-12-04 19:04:56 -------- d-----w- c:\users\david\appdata\local\Nero_AG
    2013-12-03 19:35:38 -------- d-----w- c:\program files\Nero
    2013-11-29 10:52:40 580712 ------w- c:\windows\system32\HPDiscoPMB111.dll
    2013-11-28 18:31:15 -------- d-----w- c:\programdata\Visan
    2013-11-28 18:31:15 -------- d-----w- c:\programdata\HP Photo Creations
    2013-11-28 18:31:15 -------- d-----w- c:\program files\HP Photo Creations
    2013-11-28 18:24:49 -------- d-----w- c:\users\david\appdata\local\HP
    2013-11-13 11:54:00 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2013-11-13 11:54:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-13 11:54:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-13 11:54:00 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2013-11-13 09:10:09 297984 ----a-w- c:\windows\system32\gdi32.dll
    2013-11-13 09:10:07 993792 ----a-w- c:\windows\system32\crypt32.dll
    2013-11-13 09:09:46 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-11-13 09:09:46 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-11-07 15:53:27 -------- d-----w- c:\program files\iPod
    2013-11-07 15:53:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-11-07 15:53:11 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2013-12-02 08:41:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-12-02 08:41:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-11-14 11:38:10 584496 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2013-11-14 11:38:01 36000 ----a-w- c:\windows\system32\cmdcsr.dll
    2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
    2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-09-24 10:54:03 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2013-09-24 10:54:01 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2013-09-24 10:53:51 354240 ----a-w- c:\windows\system32\guard32.dll
    2013-09-24 10:53:35 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
    2013-09-24 10:53:34 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
    .
    ============= FINISH: 12:36:12.99 ===============
     
  5. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/09/2007 00:21:32
    System Uptime: 05/12/2013 10:08:16 (2 hours ago)
    .
    Motherboard: FOXCONN | | G33M03
    Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | SOCKET775 M/B | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 84.99 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&11AE2885&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&11AE2885&0
    Service: i8042prt
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&11AE2885&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&11AE2885&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP2104: 03/12/2013 21:07:22 - Installed Nero BackItUp and Burn.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    "Nero SoundTrax Help
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.8)
    Advanced Uninstaller PRO - Version 11
    Advertising Center
    Apple Application Support
    Apple Software Update
    Audacity 1.2.6
    BBC iPlayer Downloads
    Bonjour
    CCleaner
    Comodo IceDragon
    COMODO Internet Security Premium
    Defraggler
    DolbyFiles
    Glary Utilities 2.53.0.1726
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP IDF Software
    HP Photo Creations
    HP Photosmart 5520 series Basic Device Software
    HP Photosmart 5520 series Help
    HP Photosmart 5520 series Product Improvement Study
    HP Update
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Malwarebytes Anti-Malware version 1.75.0.1300
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Movie Templates - Starter Kit
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9
    Nero BackItUp
    Nero BackItUp and Burn
    Nero Burning ROM Help
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Live
    Nero Live Help
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero Vision Help
    Nero WaveEditor
    NeroBurningROM
    NeroExpress
    NeroLiveGadget
    NeroLiveGadget Help
    neroxml
    OGA Notifier 2.0.0048.0
    PowerAdapter
    QuickTime
    Radio Downloader
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Secunia PSI (3.0.0.7011)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Sophos Virus Removal Tool
    SoundTrax
    Speccy
    SpeedTouch 330
    SpywareBlaster 5.0
    SUPERAntiSpyware
    Tracks Eraser Pro v8.0 build 1000
    Tweaking.com - Windows Repair (All in One)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows 7 Upgrade Advisor
    .
    ==== Event Viewer Messages From Past Week ========
    .
    05/12/2013 10:13:52, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    05/12/2013 10:13:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    05/12/2013 10:09:57, Error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: The specified module could not be found.
    05/12/2013 10:08:58, Error: EventLog [6008] - The previous system shutdown at 00:15:29 on 05/12/2013 was unexpected.
    04/12/2013 23:44:59, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    04/12/2013 23:41:58, Error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
    04/12/2013 12:34:05, Error: EventLog [6008] - The previous system shutdown at 00:12:03 on 04/12/2013 was unexpected.
    03/12/2013 15:36:00, Error: EventLog [6008] - The previous system shutdown at 12:27:32 on 03/12/2013 was unexpected.
    03/12/2013 11:57:39, Error: EventLog [6008] - The previous system shutdown at 09:52:15 on 03/12/2013 was unexpected.
    03/12/2013 09:10:15, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    03/12/2013 09:10:15, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    03/12/2013 09:09:22, Error: EventLog [6008] - The previous system shutdown at 00:16:09 on 03/12/2013 was unexpected.
    .
    ==== End Of File ===========================
     
  6. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    As I have been advised that I have a virus on my computer, I've started to proceed with the instructions you gave me before, initially with Rogue Killer which has deleted 2 undesirable files:

    RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : David [Admin rights]
    Mode : Remove -- Date : 12/05/2013 18:53:45
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
    [Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
    [Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
    [Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
    [Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)
    [Inline] EAT @explorer.exe (@System@AllocMemSize) : rtl70.bpl -> HOOKED (Unknown @ 0x3F076858)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250410AS ATA Device +++++
    --- User ---
    [MBR] 6d4017b63e8881db5b1cb75e8d7d7cd0
    [BSP] 6624d789313a09ea88f34d53a019a1c4 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Photosmart 5520 USB Device +++++
    Error reading User MBR! ([0x15] The device is not ready. )
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_D_12052013_185345.txt >>
    RKreport[0]_S_12052013_185204.txt
     
  7. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : David [Admin rights]
    Mode : Scan -- Date : 12/05/2013 18:52:04
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
    [Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
    [Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
    [Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
    [Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)
    [Inline] EAT @explorer.exe (@System@AllocMemSize) : rtl70.bpl -> HOOKED (Unknown @ 0x3F076858)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250410AS ATA Device +++++
    --- User ---
    [MBR] 6d4017b63e8881db5b1cb75e8d7d7cd0
    [BSP] 6624d789313a09ea88f34d53a019a1c4 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Photosmart 5520 USB Device +++++
    Error reading User MBR! ([0x15] The device is not ready. )
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_S_12052013_185204.txt >>
     
  8. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    On occasions, including now, the Comodo Internet Security window (which has "Secure" displayed when everything is activated, but is active upon typing in "Comodo Internet Security" in "Start" - "Search") and the bottom right ">" (preventing access to other icons) are nowhere in sight since I used Combofix. I'm not sure how to reactive them for display and access, but here is a quick note prior to the results of Combofix:

    While monitoring Combofix, a window came up stating "PEV.exe has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available".

    Underneath this was "Close program". Windows did not automatically close the program. I initially waited while Combofix was running, but as nothing was happening, I had to manually close the program. NB: This did not disrupt Combofix in any way, it allowed Combofix to continue its scan and later log.

    As well as this, Comodo's alert came up stating "PV.3XE" is an unrecognized file", which was then Sandboxed as "Partially Limited".

    Here is the Combofix log:

    ComboFix 13-12-04.04 - David 05/12/2013 20:31:03.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.844 [GMT 0:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1375804039.1544.bin
    c:\programdata\1375804039.1568.bin
    c:\programdata\1375804039.1956.bin
    c:\programdata\1375804039.2160.bin
    c:\programdata\1375804039.3004.bin
    c:\programdata\1375804039.3296.bin
    c:\programdata\1375804039.3336.bin
    c:\programdata\1375804039.3920.bin
    c:\programdata\1375804039.456.bin
    c:\programdata\1375804039.528.bin
    c:\programdata\1375804322.bdinstall.bin
    c:\programdata\1376056372.bdinstall.bin
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-05 to 2013-12-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-05 19:36 . 2013-12-05 19:53 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-04 19:04 . 2013-12-04 19:04 -------- d-----w- c:\users\David\AppData\Local\Nero_AG
    2013-12-03 19:35 . 2013-12-03 21:07 -------- d-----w- c:\program files\Nero
    2013-11-29 10:52 . 2012-10-17 04:04 580712 ------w- c:\windows\system32\HPDiscoPMB111.dll
    2013-11-28 18:31 . 2013-11-28 18:31 -------- d-----w- c:\program files\HP Photo Creations
    2013-11-28 18:31 . 2013-11-28 18:31 -------- d-----w- c:\programdata\Visan
    2013-11-28 18:31 . 2013-11-28 18:31 -------- d-----w- c:\programdata\HP Photo Creations
    2013-11-28 18:24 . 2013-11-29 10:54 -------- d-----w- c:\users\David\AppData\Local\HP
    2013-11-26 07:58 . 2013-11-26 07:58 -------- d-----w- c:\programdata\McAfee
    2013-11-13 11:54 . 2013-10-13 10:49 149744 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2013-11-13 11:54 . 2013-10-13 09:33 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
    2013-11-13 11:54 . 2013-10-13 09:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-13 11:54 . 2013-10-13 09:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-13 09:10 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
    2013-11-13 09:10 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
    2013-11-13 09:09 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-11-13 09:09 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-11-07 15:53 . 2013-11-07 15:53 -------- d-----w- c:\program files\iPod
    2013-11-07 15:53 . 2013-11-07 15:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-11-07 15:53 . 2013-11-07 15:54 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-02 08:41 . 2012-04-09 06:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-12-02 08:41 . 2011-05-17 06:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-14 11:38 . 2013-06-18 15:15 584496 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2013-11-14 11:38 . 2013-06-18 15:15 36000 ----a-w- c:\windows\system32\cmdcsr.dll
    2013-09-24 10:54 . 2013-06-18 15:16 85464 ----a-w- c:\windows\system32\drivers\inspect.sys
    2013-09-24 10:54 . 2013-06-18 15:15 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2013-09-24 10:54 . 2013-06-18 15:15 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2013-09-24 10:53 . 2013-06-18 15:15 354240 ----a-w- c:\windows\system32\guard32.dll
    2013-09-24 10:53 . 2013-06-18 15:15 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
    2013-09-24 10:53 . 2013-06-18 15:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" [2012-11-16 529888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-29 6144000]
    "diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2008-07-29 557149]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 154136]
    "PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-08-27 295512]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
    backupExtension=.Startup
    backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-10-28 12:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2013-11-02 00:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 08:41]
    .
    2013-12-05 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2013-02-01 15:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://uk.yahoo.com?fr=fp-comodo
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41}: NameServer = 156.154.70.22,156.154.71.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-12-05 20:40
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
    "ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
    57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:30,35,8b,dc,2d,26,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2013-12-05 20:43:51
    ComboFix-quarantined-files.txt 2013-12-05 20:43
    .
    Pre-Run: 87,634,886,656 bytes free
    Post-Run: 87,588,446,208 bytes free
    .
    - - End Of File - - DF761D780DAD53113C9D5A17FC7508CA
    5C616939100B85E558DA92B899A0FC36
     
  9. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    My "Comodo" Secure window and bottom right taskbars with the "<" have resurfaced since AdwCleaner restarted my computer.

    Here are the results of AdwCleaner's log:

    # AdwCleaner v3.014 - Report created 05/12/2013 at 20:59:52
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : David - DAVID-PC
    # Running from : C:\Users\David\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    *************************

    AdwCleaner[R5].txt - [644 octets] - [05/12/2013 20:58:32]
    AdwCleaner[S2].txt - [566 octets] - [05/12/2013 20:59:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [625 octets] ##########
     
  10. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    AdwCleaner other report:

    # AdwCleaner v3.014 - Report created 05/12/2013 at 20:58:32
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : David - DAVID-PC
    # Running from : C:\Users\David\Desktop\adwcleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    *************************

    AdwCleaner[R5].txt - [506 octets] - [05/12/2013 20:58:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [565 octets] ##########
     
  11. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    You didn't read my rules I posted in my first reply.
    One of them says:

    In any case there is nothing malicious on your computer.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     
     
  12. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.3.2 (08.03.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by David on 05/12/2013 at 21:12:14.63
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 05/12/2013 at 21:17:36.93
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    You're still not reading my replies.
     
  14. NCISabbyfan

    NCISabbyfan TS Rookie Topic Starter Posts: 97

    No, I did read your rules, but your information is ambiguous, as you also said

    From this, I did what you said I should know what to do. I proceeded through your previous instructions of a few months ago.

    I am very puzzled by this, as Rogue Killer removed 2 items that shouldn't have been on my computer and the printer/scanner manufacturer I contacted told me that the appearance of Nero BackItUp automatically opening up multiple tabs the moment my machine is turned off automatically or manually is caused by a virus.

    That's fine, except for the fact that the virus situation remains unresolved.

    After my JRT scan completed, the Nero error (not caused by Nero) returned.

    No. I have read all your replies. It just happened to be that I didn't see your reply before this until after I posted my JRT scan results.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    1. My rules are far from being ambiguous. On a contrary one of the rules clearly says:
    Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    It doesn't say anything about following my instructions from few months ago, does it?

    2. There is nothing malicious on your computer thus there is nothing for us to do in this forum. Period.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.