Malware problem?

Welcome to Major Geeks!

Based on your logs, it does not appear that your problem is due to malware. Let's do a couple things and run once more scan and go from there.

First please disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

Then you can uninstall SUPERAntispyware since we are finished with it and it did not find anything.

Is the below proxy server something you configured?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uminho.pt:3128


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) -
After clicking Fix, exit HJT.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now delete the below files:
C:\WINDOWS\system32\SET28.tmp
C:\WINDOWS\system32\SET21.tmp
C:\WINDOWS\system32\SET1F.tmp

Now run Ccleaner!

Now click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. If this finds any problems that it can not easily fix from files on your hard disk, it will ask for your Windows CD so have it ready.

Now run this: Running GMER to detect rootkits

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below logs:

• the GMER log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Purchase one or borrow one from someone so that you can complete the scan. Those are the only options.

Where is it detecting this? What file name and what path? It is possible that it is just psexec.exe from SysInternals which is now part of Microsoft. See: http://vil.nai.com/vil/content/v_129978.htm

 

You need a Windows XP SP2 CD for your type of Windows XP (like Media, Home, or PRO)

No! Those are floppy disks to reinstall Windows when you do not have a CD drive


Yes ComboFix uses psexec!

 

That is the installation for SP2. It is not a CD that sfc can access to repair or replace bad or corrupted files.

You did not get a bootable CD with your PC and that is where you problems began. Blame the people you purchase your PC from.

You could try going to Microsoft Update and installing the current Service Pack for Windows XP which is SP3. This may take care of any missing or corrupted files as long as they are part of the update. You can also download SP3 and install it yourself if you wish. You can get it at Major Geeks: Microsoft Windows XP Service Pack 3

At anyrate, as I said earlier, your problems are not due to malware. This would be a topic better suited for the Software Forum.

 

No! A I said in my last message. This is not a Windows CD. It is the installation file for SP2 and it will not give you what you need which is a Windows XP SP2 bootable CD.

Well doing this could revert certain file back to SP2 revision levels. Did it indicate which files it is looking to repair.

The whole version of what? SP3? If that is what you meant, this is again only an installation program for SP3 it will not give you a Windows XP SP3 (or SP2) bootable CD.

You should read this: http://support.microsoft.com/kb/310747

As I said earlier your problems were not due to malwar. You have problems within the Windows Operating System. And that is what we are trying to fix. If you are not having any noticeable problems anymore, then don't worry about it, but I'm sure something is not correct if you are being asked for a CD when sfc is run. And I would expect it to now ask for an SP3 CD not an SP2 CD. Had you rebooted your PC after upgrading to SP3?

 

I suggest that you continue this discussion in the Software Forum. These problems are not topics for the Malware Forum.

 

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
9. Go to add/remove programs and uninstall HijackThis.
10. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
11. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
12. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!