Inactive Possible Trojan Horse?

N

NCISabbyfan

Posts: 95   +0
Nero BackItUp has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.
Click to expand...

Windows doesn't close the program. I had to click on "Close program" then automatically close the remaining tabs. Even after doing this, my computer is slowed down for up to 2 minutes while Nero BackItUp resurfaces itself. It is only at this point that Nero BackItUp finally closes, but the same situation recurs whenever my printer/scanner turns off manually or automatically. I have Nero installed on my computer, but have never used Nero BackItUp, which opened by itself.

The first time around, there were almost 55 tabs, which, on that occasion, wouldn't close automatically. I noticed that, besides the appearance of Nero BackItUp, my Printer settings had reverted to Single sided, "Front to Back" from the automatic Double sided, "Back to Front" mode.

On this occasion (unlike the first, of 53 times), I've had to close 28 tabs of "Nero BackItUp". Hovering my mouse over the tabs, they each say "Microsoft.NET Error Reporting Shim".

Apart from the first time, my Printer settings have been retained automatically in Double sided, "Back to Front" mode ever since, but every time I turn off my machine manually, or it turns off automatically after 2 hours to save energy, Nero BackItUp appears.
The most recent appearance of Nero BackItUp opened the program in 78 tabs.

Due to the above, although I can't be 100% sure, it seems like some trojan or other unwanted malware has crept into my computer.

Also, in Secunia, only one program wasn't updated automatically.

Should I update Microsoft XML Core Services (MSXML) 4.x which I've downloaded or should I remove the download, which I've not installed? and

Is Nero BackItUp appearing because my printer/scanner machine is faulty or do I have malware on my computer?

I regularly check for malware and viruses to keep my computer in good check, but I've never come across the above before with previous printer/scanners, whether or not the machine is the cause of the problem.

If my situation relates to this topic, I have a trojan on my computer:

http://www.landzdown.com/analysis-a...mework-error-shim-errors-after-trojan-aleron/
 
Since you've been to this forum before and you suspect your computer may be infected you should know what to do...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Some of the information is much more technical than others but the first isn't, of the results of Malwarebytes' Anti-Malware. This gives the all clear, but according to my printer/scanner manufacturer who I've checked with to determine if it's their machine causing the multiple Nero BackItUp tabs (well over a hundred yesterday, which I had to close Manually on this occasion) and my computer to turn on again the moment I'd turned off the printer/scanner, it's a virus. Whatever it is/wherever it is, it's currently hiding, due to no detections so far.

I uninstalled then reinstalled Nero, and the problem only stops when Nero BackItUp is uninstalled, which is also invaluable for watching recordings. I can certainly rule out the Nero disk as the culprit, as I've had this since 2011 and it's only since I've started using my new printer/scanner that this has happened, but purely coincidentally, due to the machine not being the cause of the problem.

My computer has become slower at navigating lately, very likely due to the virus, as my printer/scanner uses around the same amount of space as my previous one.

OK, here goes with the Malwarebytes scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.05.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

05/12/2013 11:56:15
mbam-log-2013-12-05 (11-56-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211175
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520
Run by David at 12:35:54 on 2013-12-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.810 [GMT 0:00]
.
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
c:\program files\acesoft\tracks eraser pro\te.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Radio Downloader\Radio Downloader.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PrintCtrl.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Comodo\IceDragon\icedragon.exe
C:\Program Files\Comodo\IceDragon\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com?fr=fp-comodo
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Radio Downloader] "c:\program files\radio downloader\Radio Downloader.exe" /hidemainwindow
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [diagnostics] "c:\program files\thomson\st330\diagnostics\diagnostics.exe" /icon -l:en
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 584496]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 43728]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\comodo\icedragon\icedragon_updater.exe [2013-11-13 1821384]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-5-24 77824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 131288]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-8-4 30464]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-7-29 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-7-29 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2008-7-29 35328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-04 19:04:56 -------- d-----w- c:\users\david\appdata\local\Nero_AG
2013-12-03 19:35:38 -------- d-----w- c:\program files\Nero
2013-11-29 10:52:40 580712 ------w- c:\windows\system32\HPDiscoPMB111.dll
2013-11-28 18:31:15 -------- d-----w- c:\programdata\Visan
2013-11-28 18:31:15 -------- d-----w- c:\programdata\HP Photo Creations
2013-11-28 18:31:15 -------- d-----w- c:\program files\HP Photo Creations
2013-11-28 18:24:49 -------- d-----w- c:\users\david\appdata\local\HP
2013-11-13 11:54:00 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-13 11:54:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-13 11:54:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-13 11:54:00 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-11-13 09:10:09 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 09:10:07 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 09:09:46 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 09:09:46 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-07 15:53:27 -------- d-----w- c:\program files\iPod
2013-11-07 15:53:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-07 15:53:11 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2013-12-02 08:41:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-02 08:41:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 11:38:10 584496 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-11-14 11:38:01 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-24 10:54:03 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54:01 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53:51 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53:35 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53:34 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
.
============= FINISH: 12:36:12.99 ===============
 
Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/09/2007 00:21:32
System Uptime: 05/12/2013 10:08:16 (2 hours ago)
.
Motherboard: FOXCONN | | G33M03
Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | SOCKET775 M/B | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 84.99 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&11AE2885&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&11AE2885&0
Service: i8042prt
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&11AE2885&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&11AE2885&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP2104: 03/12/2013 21:07:22 - Installed Nero BackItUp and Burn.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
"Nero SoundTrax Help
32 Bit HP CIO Components Installer
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Advanced Uninstaller PRO - Version 11
Advertising Center
Apple Application Support
Apple Software Update
Audacity 1.2.6
BBC iPlayer Downloads
Bonjour
CCleaner
Comodo IceDragon
COMODO Internet Security Premium
Defraggler
DolbyFiles
Glary Utilities 2.53.0.1726
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP IDF Software
HP Photo Creations
HP Photosmart 5520 series Basic Device Software
HP Photosmart 5520 series Help
HP Photosmart 5520 series Product Improvement Study
HP Update
ImagXpress
Intel(R) Graphics Media Accelerator Driver
iTunes
Malwarebytes Anti-Malware version 1.75.0.1300
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BackItUp
Nero BackItUp and Burn
Nero Burning ROM Help
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
OGA Notifier 2.0.0048.0
PowerAdapter
QuickTime
Radio Downloader
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Sophos Virus Removal Tool
SoundTrax
Speccy
SpeedTouch 330
SpywareBlaster 5.0
SUPERAntiSpyware
Tracks Eraser Pro v8.0 build 1000
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows 7 Upgrade Advisor
.
==== Event Viewer Messages From Past Week ========
.
05/12/2013 10:13:52, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
05/12/2013 10:13:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/12/2013 10:09:57, Error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: The specified module could not be found.
05/12/2013 10:08:58, Error: EventLog [6008] - The previous system shutdown at 00:15:29 on 05/12/2013 was unexpected.
04/12/2013 23:44:59, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
04/12/2013 23:41:58, Error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
04/12/2013 12:34:05, Error: EventLog [6008] - The previous system shutdown at 00:12:03 on 04/12/2013 was unexpected.
03/12/2013 15:36:00, Error: EventLog [6008] - The previous system shutdown at 12:27:32 on 03/12/2013 was unexpected.
03/12/2013 11:57:39, Error: EventLog [6008] - The previous system shutdown at 09:52:15 on 03/12/2013 was unexpected.
03/12/2013 09:10:15, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
03/12/2013 09:10:15, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
03/12/2013 09:09:22, Error: EventLog [6008] - The previous system shutdown at 00:16:09 on 03/12/2013 was unexpected.
.
==== End Of File ===========================
 
As I have been advised that I have a virus on my computer, I've started to proceed with the instructions you gave me before, initially with Rogue Killer which has deleted 2 undesirable files:

RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 12/05/2013 18:53:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)
[Inline] EAT @explorer.exe (@System@AllocMemSize) : rtl70.bpl -> HOOKED (Unknown @ 0x3F076858)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250410AS ATA Device +++++
--- User ---
[MBR] 6d4017b63e8881db5b1cb75e8d7d7cd0
[BSP] 6624d789313a09ea88f34d53a019a1c4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Photosmart 5520 USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_12052013_185345.txt >>
RKreport[0]_S_12052013_185204.txt
 
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Scan -- Date : 12/05/2013 18:52:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3610C866)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)
[Inline] EAT @explorer.exe (@System@AllocMemSize) : rtl70.bpl -> HOOKED (Unknown @ 0x3F076858)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250410AS ATA Device +++++
--- User ---
[MBR] 6d4017b63e8881db5b1cb75e8d7d7cd0
[BSP] 6624d789313a09ea88f34d53a019a1c4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Photosmart 5520 USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_12052013_185204.txt >>
 
On occasions, including now, the Comodo Internet Security window (which has "Secure" displayed when everything is activated, but is active upon typing in "Comodo Internet Security" in "Start" - "Search") and the bottom right ">" (preventing access to other icons) are nowhere in sight since I used Combofix. I'm not sure how to reactive them for display and access, but here is a quick note prior to the results of Combofix:

While monitoring Combofix, a window came up stating "PEV.exe has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available".

Underneath this was "Close program". Windows did not automatically close the program. I initially waited while Combofix was running, but as nothing was happening, I had to manually close the program. NB: This did not disrupt Combofix in any way, it allowed Combofix to continue its scan and later log.

As well as this, Comodo's alert came up stating "PV.3XE" is an unrecognized file", which was then Sandboxed as "Partially Limited".

Here is the Combofix log:

ComboFix 13-12-04.04 - David 05/12/2013 20:31:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.844 [GMT 0:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1375804039.1544.bin
c:\programdata\1375804039.1568.bin
c:\programdata\1375804039.1956.bin
c:\programdata\1375804039.2160.bin
c:\programdata\1375804039.3004.bin
c:\programdata\1375804039.3296.bin
c:\programdata\1375804039.3336.bin
c:\programdata\1375804039.3920.bin
c:\programdata\1375804039.456.bin
c:\programdata\1375804039.528.bin
c:\programdata\1375804322.bdinstall.bin
c:\programdata\1376056372.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2013-11-05 to 2013-12-05 )))))))))))))))))))))))))))))))
.
.
2013-12-05 19:36 . 2013-12-05 19:53 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-04 19:04 . 2013-12-04 19:04 -------- d-----w- c:\users\David\AppData\Local\Nero_AG
2013-12-03 19:35 . 2013-12-03 21:07 -------- d-----w- c:\program files\Nero
2013-11-29 10:52 . 2012-10-17 04:04 580712 ------w- c:\windows\system32\HPDiscoPMB111.dll
2013-11-28 18:31 . 2013-11-28 18:31 -------- d-----w- c:\program files\HP Photo Creations
2013-11-28 18:31 . 2013-11-28 18:31 -------- d-----w- c:\programdata\Visan
2013-11-28 18:31 . 2013-11-28 18:31 -------- d-----w- c:\programdata\HP Photo Creations
2013-11-28 18:24 . 2013-11-29 10:54 -------- d-----w- c:\users\David\AppData\Local\HP
2013-11-26 07:58 . 2013-11-26 07:58 -------- d-----w- c:\programdata\McAfee
2013-11-13 11:54 . 2013-10-13 10:49 149744 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-11-13 11:54 . 2013-10-13 09:33 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-11-13 11:54 . 2013-10-13 09:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-13 11:54 . 2013-10-13 09:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-13 09:10 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 09:10 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 09:09 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 09:09 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-07 15:53 . 2013-11-07 15:53 -------- d-----w- c:\program files\iPod
2013-11-07 15:53 . 2013-11-07 15:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-07 15:53 . 2013-11-07 15:54 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-02 08:41 . 2012-04-09 06:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-02 08:41 . 2011-05-17 06:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-14 11:38 . 2013-06-18 15:15 584496 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-11-14 11:38 . 2013-06-18 15:15 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 10:54 . 2013-06-18 15:16 85464 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-09-24 10:54 . 2013-06-18 15:15 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54 . 2013-06-18 15:15 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53 . 2013-06-18 15:15 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53 . 2013-06-18 15:15 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53 . 2013-06-18 15:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" [2012-11-16 529888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-29 6144000]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2008-07-29 557149]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 154136]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-08-27 295512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backupExtension=.Startup
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 12:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 00:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 08:41]
.
2013-12-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-02-01 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com?fr=fp-comodo
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41}: NameServer = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-05 20:40
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:30,35,8b,dc,2d,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-12-05 20:43:51
ComboFix-quarantined-files.txt 2013-12-05 20:43
.
Pre-Run: 87,634,886,656 bytes free
Post-Run: 87,588,446,208 bytes free
.
- - End Of File - - DF761D780DAD53113C9D5A17FC7508CA
5C616939100B85E558DA92B899A0FC36
 
My "Comodo" Secure window and bottom right taskbars with the "<" have resurfaced since AdwCleaner restarted my computer.

Here are the results of AdwCleaner's log:

# AdwCleaner v3.014 - Report created 05/12/2013 at 20:59:52
# Updated 01/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


*************************

AdwCleaner[R5].txt - [644 octets] - [05/12/2013 20:58:32]
AdwCleaner[S2].txt - [566 octets] - [05/12/2013 20:59:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [625 octets] ##########
 
AdwCleaner other report:

# AdwCleaner v3.014 - Report created 05/12/2013 at 20:58:32
# Updated 01/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


*************************

AdwCleaner[R5].txt - [506 octets] - [05/12/2013 20:58:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [565 octets] ##########
 
You didn't read my rules I posted in my first reply.
One of them says:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Click to expand...

In any case there is nothing malicious on your computer.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.2 (08.03.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by David on 05/12/2013 at 21:12:14.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/12/2013 at 21:17:36.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
You didn't read my rules I posted in my first reply.
One of them says:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Click to expand...

No, I did read your rules, but your information is ambiguous, as you also said

Since you've been to this forum before and you suspect your computer may be infected you should know what to do..
Click to expand...

From this, I did what you said I should know what to do. I proceeded through your previous instructions of a few months ago.

In any case there is nothing malicious on your computer.
Click to expand...

I am very puzzled by this, as Rogue Killer removed 2 items that shouldn't have been on my computer and the printer/scanner manufacturer I contacted told me that the appearance of Nero BackItUp automatically opening up multiple tabs the moment my machine is turned off automatically or manually is caused by a virus.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Click to expand...

That's fine, except for the fact that the virus situation remains unresolved.

After my JRT scan completed, the Nero error (not caused by Nero) returned.

You're still not reading my replies.
Click to expand...

No. I have read all your replies. It just happened to be that I didn't see your reply before this until after I posted my JRT scan results.
 
1. My rules are far from being ambiguous. On a contrary one of the rules clearly says:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
It doesn't say anything about following my instructions from few months ago, does it?

2. There is nothing malicious on your computer thus there is nothing for us to do in this forum. Period.
 
You must log in or register to reply here.

Similar threads

Z
Microsoft Edge under fire for stealing Chrome browser tabs
Replies
18
Views
384
Bamda
Bamda
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
481
eriksnyman1
E
M
Virus warning popup
Replies
1
Views
543
Mark Fuller
M

Latest posts

Back