vista sp1 or virus/malware?

Hi,
Over the last two days I have had the same problem occur on my PC, and I am not sure what is causing it. Basically, yesterday evening, it suddenly stopped me from opening any programs, saying that I did not have sufficient rights, despite me being the only user of the computer. Even when I tried to open a program by right clicking and stating open as administrator, it would not allow me, further when I tried to restart the normal way, it would not let me, again saying I did not have sufficient rights. Eventually, I managed to restart through clicking change user first, and then restarting from the log on screen, and when it restarted it appeared that lots of my startup software had not started up, but I was able to open system restore as administrator and it successfully restored. I then followed the full malware removal directions as set out by Chaslang here, and no malware was found. So I assumed I was clean.
I have been using my PC all day with no problems and then again, this evening when I awoke it from Hibernation, it was exactly the same as yesterday evening.
My ideas are that either it is a really nasty virus or piece of malware, or it is some problem with vista sp1, as I had started installing that yesterday when it first happened, and today, thinking I had resolved the problem, I fully installed it. I had comodo firewall, with defense+ running, and both times, I noticed that it had suddenly accumulated 1000s (I think about 17000) files in its file pending verification folder, all of which appeared to be Windows files.
I have now uninstalled the comodo firewall, and have had to system restore to pre-vista sp1. I have AVG 8 anti-virus, but that doesn't seem to find anything, except some warnings which I think are false positives (I put the full root and file name of one of them into google).
Also I have the full outputs from the Malware removal guide of chaslang, if that is useful.
I would be grateful for either confirmation that this is just a vista/comodo issue, or whether I have a nasty virus, that I need to be more worried about.
Many thanks

 

Oh here is the log from Hijack this.
Let me know if there is anything that I can provide that would be helpful.
Thanks

 

Hi atomic echo,
Welcome to Major Geeks!

If you referred to chaslang's READ & RUN ME FIRST procedures then please attach the logs that you got from running those. That will give us the most information to determine if you're having malware problems. If the computer is functioning all right without SP1, then you may need to take some time to find out if other people have encountered problems with it that are similar to yours. The symptoms you've described are caused by certain forms of malware, but if you also just did the update, it could be something there. The easiest thing would be to let us look at the logs from the READ & RUN ME FIRST

Thanks.
abri

 

Ok, many thanks. Here are the logs from Chaslangs procedures.

 

And here is the MGtools one.
Many thanks for your help.

 

Hi atomic.echo,

Please see if you can get Combofix to run all the way through. The last part of the log is missing. I'll look at your MGlogs in the meantime.

6) Please upload the following file to either
jotti or VirusTotal and have it scanned. Attach the results of the scan. If nothing's found just report that with reference to the file name.

C:\Windows\system32\user32.dll


Thanks.
abri

 

Ok, so I have run combo fix again, and here is the log file.

 

Hi atomic.echo,

Your computer doesn't show any signs of an infection. I think your first thought was correct. Something happened during the installation of SP1 and it's possible that Comodo hindered the process and thereby got things mixed up. I don't know all the security features of Vista, but I can imagine that as soon as the operating system detects something not working correctly at a certain level, the first thing it will do is to remove all the adminstrative rights as a protection mechanism. Our most knowledgeable authority on Vista is Halo and I advise you to post in the Software Forum and ask him what he thinks. You might give your thread the title "Vista SP1 problems - @ Halo et al"

Tell them you've been through the READ & RUN ME and that no malware was found. You can refer them to this thread. Your original Combofix either didn't run to completion or it got broken off for some reason and that gave the appearance that one of your system files was damaged. It would appear this way if Combofix got interrupted and was in the middle of scanning that file but also if the file really was damaged. Since it didn't protest about that file when you reran Combofix, I think there's no problem with it.

Let us know how things turn out.
abri

 

Thanks very much for that Abri. It is quite a relief to know my machine is clean. There is a thread on the comodo forum about having UAC on at the same time as their D+ defence, and I did have both of these on together, so it may be that there was some conflict there.
Many thanks for your help.

 

Thanks Halo,
That is exactly what I am doing. Have you got any suggestions as to an alternative firewall?

 

Great, thanks to both of you for your help.
Major Geeks is a fantastic website.

 

You're welcome from both of us!
Good luck to you!