Help with HJT Log(Resolved)

[jholland1964]

Had you installed anything PRIOR to this problem happening? Where is the Kaspersky? Now I am seeing Nod32.

[gln]

I had a problem getting the Kaspersky e-mail protection to work. It would just fail every time I tried to activate it. It did discover worms and trojans as I mentioned in my original post. I deleted Kaspersky. I then tried to install NOD32 but the installation did not completely go through, so it was not working properly. I had trouble deleting it using Add-Remove (Control Panel), but I was finally able to delete all the NOD32 (or at least, I think so). I have now installed AntiVir and was able to update the files. I ran SpyBot and am posting a pdf. I also ran Ad-aware and am found some tracking cookies. Also ran AVG and am attaching a log file.

I ran RegistriFix and found 53 items which I "fixed". I can not follow the link from your "tools and tips" post for Microsoft Windows Defender or Spyware Blaster.

[jholland1964]

You know this adding and removing anti-virus programs is not helping anything. I haven't a clue as to what was found, what was done, nothing. Your spybot s & d log shows nothing but cookies but you didn't apply a fix with it.

RegistriFix? What the heck is this program? Where in the world did you get it?
Who told you to do a registry fix? What registry fixes were done?
You shouldn't be doing registry fixes until we can say absolutely, for certain that they SHOULD be done. That is a last step, not something which should be done in the middle of working on a problem like this.
Messing with the registry is not going to correct the problem you are having. You are assuming this is caused by malware, your logs really show nothing....the ones I have seen. I have NOT seen that Kaspersky log that you say removed and fixed various trojans.

Your Windows Security Center is disabled. Why?
Your AVG log file is blank.
Each and every virus, trojan you say that Kaspersky removed came from opening an infected email. Some of these files should NOT have been deleted but should have been disinfected, quarantined. The computer rebooted and the program run again. After that then the quarantine should have been emptied. All of this should have been done while the computer was totally disconnected from the internet, this means the plug should have been pulled...is this what you did?
We needed to know EXACTLY where these files were located, what files they may have created and the location of those...did you get those names?
If you are not going to follow the instructions EXACTLY as given then we cannot help you and you have not done this. Restore points should not have been deleted until ALL problems were solved. That is very plain in Step 1 given here

You will need to flush your restore points AFTER the fixing process has been completed to ensure that no malware is preserved.

This thread also states if you cannot use Windows Defender then Spybot is just fine.

What you are doing is trying one step, if it doesn't work then you leap to another rather than posting that you cannot complete a step. This won't work, this won't solve your problem. You are not even giving anyone here a chance to offer a solution or offer another option, you are leaping ahead to something else and it will not solve your problem.

Have you tried flushing the browser caches?
Firefox 2.x:

1. From the "Tools menu, select "Options...".
2. Click on the "Privacy" Category and then click on "Clear now" at the bottom right.
3. Click on both "Cache" and "Browsing History". If prompted, confirm by clicking "OK" on the pop-up.
4. Click on "OK" to close the "Options" window.
Close the browser.

Internet Explorer 5-7+
1. From the "Tools" menu, select "(Internet) Options".
2. On the "General" tab in the "Temporary Internet Files" section, click on "Delete Files" and then click "Okay" on the confirmation pop-up.
3. Click "Okay" to close the "Internet Options" window.
close the browser.

Now try each again.

[gln]

I apologize for not following your instructions. It's a sign of desperation which I will control. Hensforth I will follow your instructions.

I deleted the temp internet files in IE 7 and the cache and browsing history in Firefox as you indicated. Twice.

I ran AVG and hve posted the log file. I also included the log file from RegistryFix. I now I jumped the gun. It won't happen again.

I will run Kaspersky on-line version overnight and post the log tomorrow evening.

ZoneAlarm firewall in picking up myftp.exe trying to access the internet, which I blocked. I read that this may be worm_sdbot.ayp. I did not delete it but I found it in two places. In C;\program files\disc and c:\windows\prefetch. I have a wireless network with one other computer. the one with the problem is the main computer.

I await your reply and will post Kaspersky log tomorrow.

thanks a million

gln

[jholland1964]

Ok gln,
Take a deep breath, and we can begin again. You are correct in your findings about the file that Zone Alarm blocked. BUT it also could be a legitmate legal file. Since it was found in the C:\Program Files\DISC\ it could very well be a part of that program, which as you well know is a "Drop and Play" gaming program. Not being a gamer myself I am not certain exactly what that is, but I do know this file could be part of that and NOT a worm or trojan.

But to be safe BEFORE you run the Kaspersky online scan I would like you to do the following;

1. Download SDFix and save it to your Desktop.
2. Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

3. Reboot into Safe Mode`:-
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

4. Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back here as soon as you complete it.

Now rest assured, if no trojans are found then the program will NOT change anything. The report will read no trojans found.
IF this file IS found to be worm_sdbot.ayp then it will remove it and any repair registry entries it may have made also.

I also have gone through your list of Registry fixes and it appears to me the fixes made were to those registry entries associated with all those anti-virus programs and Spyware Doctor. Don't get rid of the backups just yet, keep them until we can be sure the computer will run without problems.
Do that SDFix and post the log for me OK?
Judy

[gln]

unable to load the web site for sdfix with IE 7 or Firefox. is there an alternate site?