[peppers]

Here are the results:

********
10:18 PM: | Start of Session, Monday, March 06, 2006 |
10:18 PM: Spy Sweeper started
10:18 PM: Sweep initiated using definitions version 625
10:18 PM: Found Trojan Horse: trojan-downloader-zlob
10:18 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 1052561)
10:18 PM: dfrgsrv.exe (ID = 1052561)
10:18 PM: Starting Memory Sweep
10:21 PM: Memory Sweep Complete, Elapsed Time: 00:03:34
10:21 PM: Starting Registry Sweep
10:21 PM: Found Adware: clearsearch
10:21 PM: HKLM\software\prositefinder\ (5 subtraces) (ID = 773839)
10:21 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 797671)
10:21 PM: Found Adware: psguard components
10:21 PM: HKCR\clsid\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}\ (6 subtraces) (ID = 1034913)
10:21 PM: Found Adware: security toolbar
10:21 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {736b5468-bdad-41be-92d0-22ae2ddf7bcb} (ID = 1034996)
10:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ (2 subtraces) (ID = 1035010)
10:21 PM: HKLM\software\classes\clsid\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}\ (6 subtraces) (ID = 1035080)
10:21 PM: Found Adware: megasearch
10:21 PM: HKU\S-1-5-21-1801674531-1078081533-725345543-1004\software\megahost\ (2 subtraces) (ID = 134936)
10:22 PM: Found Adware: 180search assistant/zango
10:22 PM: HKU\S-1-5-21-1801674531-1078081533-725345543-1004\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\180search assistant\ (ID = 972193)
10:22 PM: HKU\S-1-5-21-1801674531-1078081533-725345543-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {736b5468-bdad-41be-92d0-22ae2ddf7bcb} (ID = 1070479)
10:22 PM: Registry Sweep Complete, Elapsed Time:00:00:21
10:22 PM: Starting Cookie Sweep
10:22 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:22 PM: Starting File Sweep
10:22 PM: c:\program files\security toolbar (2 subtraces) (ID = -2147462697)
10:32 PM: salmau.dat (ID = 93788)
10:34 PM: Found Adware: shopathomeselect
10:34 PM: 0rkru12g.dat (ID = 75801)
10:39 PM: salm_gdf.dat (ID = 93789)
10:51 PM: a0011457.inf (ID = 70515)
10:51 PM: a0011460.bat (ID = 202688)
10:51 PM: a0010438.inf (ID = 70515)
10:51 PM: uninstall.bat (ID = 202688)
10:51 PM: a0005537.bat (ID = 202688)
10:51 PM: a0005781.bat (ID = 202688)
10:52 PM: File Sweep Complete, Elapsed Time: 00:29:55
10:52 PM: Full Sweep has completed. Elapsed time 00:33:55
10:52 PM: Traces Found: 44
********
10:14 PM: | Start of Session, Monday, March 06, 2006 |
10:14 PM: Spy Sweeper started
10:15 PM: Messenger service has been disabled.
10:15 PM: Your spyware definitions have been updated.
10:18 PM: | End of Session, Monday, March 06, 2006 |

[Advertisements]

Did that fix any of your problems?

Run panda again and see if it picks up those entries anymore. If it does, post the log.

MasterJ

[MasterJ]

Did that fix any of your problems?

Run panda again and see if it picks up those entries anymore. If it does, post the log.

MasterJ

[peppers]

Here's the last Panda Scan:

The toolbar is gone but my McAfee scanner is very active. I'm still receiving the DOS prompt, too.


Incident Status Location

Adware:adware/securityerror Not disinfected C:\WINDOWS\SYSTEM32\ncompat.tlb
Adware:adware/spywarestrike Not disinfected C:\WINDOWS\SYSTEM32\1024
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
Dialer:Dialer.FGG Not disinfected C:\Documents and Settings\user\Local Settings\Temp\gkkdommd.exe
Dialer:Dialer.NO Not disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\S56V89MB\gdnUS2218[2].exe
Dialer:Dialer.FGG Not disinfected C:\WINDOWS\temp\kpichomd.exe

[MasterJ]

Please boot into safe mode and delete the following files/folders:

C:\WINDOWS\SYSTEM32\ncompat.tlb
C:\WINDOWS\SYSTEM32\1024
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\user\Local Settings\Temp\gkkdommd.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\S56V89MB\gdnUS2218[2].exe
C:\WINDOWS\temp\kpichomd.exe

Reboot.

Is your only problem now the DOS prompt? What exactly does it say?

MasterJ

Edited by MasterJ, 08 March 2006 - 07:56 PM.

[peppers]

I deleted those files you listed while in safe mode. I rebooted and logged on. We're looking pretty good here!!!! No response from McAfee. No DOS prompt. The only thing I see that's still there is that cookie. user @doubleclick.

Do you need me to run anything else?

[MasterJ]

I'll leave this open for a day or two to make sure your computer is doing well.

Congratulations peppers, your log looks clean!

Now that your computer is clean, we need to make sure it stays clean. To do this, I have a few recommendations to make.

Rehide hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK

Reset System Restore and Create a New Restore Point

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

4. Create a New Restore Point
Click on start,
Click on All Programs>accesories>system tools>system restore
click on Create a restore point

AntiVirus
The first and most important step is to always have an up-to-date AntiVirus Program. If you want a good free antivirus, then I recommend AVG Antivirus. Never install two Antivirus programs. Multiple AntiVirus programs conflict with each other and actually make your computer easier to infect. Make sure your antivirus has Auto-Protect on and run system scans once a week. This will ensure the best protection for your computer.

Removing Spyware
Use Spybot S&D and Ad Adare SE. These are good free programs that will detect and remove most spyware from your computer.

Blocking Spyware
It is important to have a constant guard to protect your computer from spyware threats. Two programs I recommend are Microsoft's AntiSpyware (Beta) and Trojan Hunter/Guard.

Browser
If you are using Internet Explorer you might consider changing to another browser. The majority of viruses and spyware are written to infect through internet explorer. Browsers such as Firefox are good examples of safer browsers.

Firewall
Although not necessary for a home user, a free firewall will provide protection from hackers. I recommend using Zone Alarm.

Windows Update
Microsoft puts out updates often that remove security threats from your computer. Check Windows Update to make sure your computer is fully equipped with protection.

Still having trouble?
We are always here for your needs. If you still have malware problems, let us know. We're here to help you.

Regards,
MasterJ

[MasterJ]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.