Help - Protection Bar / Malware

I'm a complete novice at this but with a couple of days searching and following advice I've ended up here I have followed the READ and RUN ME FIRST sticky up to but not including HijackThis - worried I'll do something wrong with this.

PROBLEM: I have a toolbar on internet explorer called Protection Bar which I can't get rid of. Have had some pop-ups and also some of those dodgy balloon messages (from bottom right of screen) telling me to download various spyware removal programs (possibly SpyAxe) which I have ignored and seem to have got rid of so far.

I'm running Tesco internet Security - an F-secure derived internet security program. WIN XP SP2.

Ran C-Cleaner, MS Windows Malicious Software Remover, Spybot S&D, MS Windows Defender in Safe Mode and then did the online checks with Bit Defender and PandaActive Scan (Did My Computer by accident instead of Local Disks - sorry if that causes any problems, it took ages)

MS Malicious software remover found some stuff I wrote down but I don't know how to get the results back now to post - any suggestions? I'm sure it said it had fixed these though. They were:

Backdoor:Win32/SdBot!36B4
Trojandownloader:Win32/Zlob.DA
Trojandownloader:Win32/Zlob.EG
Trojandownloader:Win32/Zlob.EL
Trojandownloader:Win32/Zlob.EZ

Attached are the first newfiles, runkeys and bdscan results (hopefully!), see next message for PandaActive result.

Please Help!!!

Thanks in advance

 

Hope this is the correct way to do next message with PandaActive result.

Thanks

 

Just a few additional questions:
Are my passwords safe? Can I safely use internet banking? and can I use paypal without risk of my money being nicked?
To be safe I haven't done any of these since I realised the computer was infected and it's getting annoying now!

 

Post your HijackThis log. As long as you don't try to fix anything with HijackThis, without expert guidance you'll be OK.

 

OK, the HJT log is now attached.

Also report.txt is a system summary from Everest, hope that helps solve any problems.

Thanks in advance

 

Just been checking some more threads - one I've found has the same problem with protection bar on IE. The thread is titled Spyware etc. and was started by bwood00, chaslang has been sorting it out.

I'm presuming the solution for me will be slightly different depending on what you find in the logs I attached but just thought it might help you to help me if I pointed out a similar problem.

 

PLEASE HELP - I'm getting worried this thread is being ignored, sorry if anyone is working on a solution - I don't know how long it takes!

Anyone???

 

More info: My internet security program keeps finding the same thing, it is trojandownloader.win32/zlob.afi it tells me that it has renamed it and then sometime later it finds the exact same thing again with the same result.

What should I do about this? Is this part of the same problem i have with Protection Bar or is it something different?

Please help me!

 

Sorry if I'm being annoying now but here is a new hijackthis log, just incase you need it, Just thought you might - with reference to my last update about trojandownloader.win32/zlob.afi

Please tell me to shut up and wait if you like!

 

I'll have to do everything you said tomorrow - as I don't have time right now. Here's a few answers to questions you asked and some more questions from me:

The file
C:\Documents and Settings\eric\Desktop\malware removal\f-spyaxe.zip
is something I used to get rid of spyware, I linked to it from F-secure website when I first started to fight my problems with dodgy balloon messages advertising anti-spyware - it is a .reg file which I ran (is that the right term) and seems to have worked - I stopped geting the messages anyway. now I just have the protection bar in IE.

Tried to uninstall sunJava but get unspecified error message - Should I try to remove it with CCleaner uninstall feature?

I don't use puresight internet content filter - should I?

Should I get rid of Tesco Internet security and use something else in future?
My folks and grandparents have it too so no doubt they're infected aswell - something I'll sort out when I'm clean.

 

rapport.txt as requested, going to get other logs you want now and attach them to next message

Should I have booted in safe mode to be doing all this?

 

OK I've run SmitFraudFix - took literally seconds so not sure if it worked properly???

new logs for getrunkey, shownew and HJT attached as requested.

By the way, I managed to uninstall old Sun Java with CCleaner.

thanks

 

I just ran through all the steps in the SpywareQuake and SpyFalcon Removal Procedure you suggested.

I found none of the files that it says to look for in Windows\System32 folder although there were some very close matches eg. it says to look for

cfgmngr32.dll - I have cfgmgr.dll
appmagr.dll - I have appmgr.dll
autodisc32.dll - I have autodisc.dll
dcomcfg.exe - I have dcomcnfg.exe

There are other close matches too but I figured that malware writers did this intentionally so I didn't do anything with any of them - Is this correct??? do you want me to tell you the other close matches?

The only other thing i did was to delete jusched.log from c:\documents and settings\eric\local settings\temp as this was the only file in there.

The Protection Bar I had has now gone - what was this by the way?

Here is the smitfiles.txt log as per above procedure.
Oh, and another new HJT log for you - (sorry if i wasn't meant to do this!)

 

Attached is rapport.txt as requested

LSP-Fix ran OK, no hitches

Deleted C:\23100247.0XE although when I right clicked on the file, Tesco Internet Security window popped up with virus message - something like

"trojandownloader.win32.small."

I finished deleting the C:\23100247.0XE file then I told Tesco Internet Security to delete "trojan....small" and nothing has happened since so I'm guessing it's fixed?

Everything working just fine now - actually seems better than it was before I noticed anything wrong. Thanks

 

Ok then, all steps followed.

I didn't find the file you said to delete but as you said I might/might not find it I didn't consider this to be a problem

I already had CCleaner before I did READ ME FIRST sticky, I used to clean up every so often with it but I'd changed the settings - anyway I couldn't remember what the defaults were (and couldn't see a default tab anywhere) so I ran it on everything except advanced. Hope that was OK???

Attached is the new HJT log you wanted.

Everything is working fine still, (except for a slowish boot up but that's been happening ever since I installed tesco internet security package - the one you called a resource hog and a big pig!!! I'll uninstall it and use something else in future - any recommendations?)

I am aware of and will disable System Restore but only when you tell me it's safe to do so!!!

Thanks again - your help is much appreciated

 

Thanks so much for your help, will recommend you to anyone I know who has problems in the future, I've done the disable/enable system restore and just off to follow "How to Protect yourself from malware!"
Thanks Again!!!