Suspected malware

Welcome to Majorgeeks!
With the registy editing issue, your logs are somewhat incomplete. Thus I'm not sure how well this fix will work. We will see!
Start by downloading a tools we will need - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatsfind.com/route.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

Did you add the below two proxy settings? If not then fix them too, otherwise skip these two lines.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.2:10
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [rmalt] C:\Program Files\Systems\keygen.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06e2b5cc8148cf727118/netzip/RdxIE601.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After clicking Fix, exit HJT.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Systems\keygen.exe

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

After reboot locate the below folder and delete if found:
C:\Program Files\Systems

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Documents and Settings\Graham\Local Settings\Temp

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Does the below file exist?

C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

If not, use Windows Search to search your PC for msconfig (without the .exe) and tell me what you find.

We will enable it later and then you will have to double check to make sure it actually enabled.

You must be having a problem with your wireless hardware. Either a physical problem or a software/driver problem. You would be better off discussing this in the Software or Networking Forum. Right now I would recommend reinstalling the software and reconfiguring/re-setup all the parameters.

We have a little more to do here in this forum.


Uninstall the below software:
Java 2 Runtime Environment, SE v1.4.2
Mozilla Firefox (1.5.0.8)
Viewpoint Media Player (Remove Only)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

You can also have HJT fix the below left over from Spy Sweeper:
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


You logs are clean otherwise! After doing the above, I suggest you do the below.

It is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
4. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
7. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Do you have more than one hard disk?

What Window XP version do you have (Pro, Home, Media ???)

If you have Win XP Pro you can do the below:

 

Try the below!

First click Start, Run and copy and paste the below into the run box and click OK.

regedit /E C:\sysrest.txt "HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\SystemRestore"

Now upload the c:\sysrest.txt file here as an attachment.

Now continue with the below. If you do not see anything in the right pane or do not see this registry key just tell me.

 

That is what I was expecting.

Click Start, Run, and enter services.msc and click OK!

In the Services window, scroll down to System Restore Service and double click on it.

What do you see in the Startup type box and in the Service status box?

 

Change the Service status to Started by clicking Start. Make sure it changes to Started.

 

This sounds like a non-malware issue which is more suited for the Software Forum but let's try one more thing.

• Right Click Start, Run, and select Explore
• Now Navigate to C:\windows\Inf folder
• Scroll down to the file named SR.INF and right click on it and select Install

Did this help? If not, try the below:

• Locate the hidden System Volume Information folder in the root of drive C
• Right-click the System Volume Information folder, and then click Rename
• Type a new similar name for the folder, and then press Enter.
• For example, type System Volume Information2, and then press Enter
• Restart your computer, and then test to determine if the issue is resolved.
• Re-install the SR.INF file or restart the service from the Services.msc window again if necessary.

Did this help?

 

I'm happy to hear you got it working!

No! It was correct. When you right click on Start you then select Explore