[ungoy02x]

The computer is running better and I am now able to defrag. Which I couldn't do before. It seems as if there are only a few things left according to the Kaspersky log. I really appreciate all of your help.


_____________________________________________________________
_______________________________________________________________
Malwarebytes' Anti-Malware 1.37
Database version: 2204
Windows 5.1.2600 Service Pack 3
5/31/2009 5:16:46 PM
mbam-log-2009-05-31 (17-16-46).txt
Scan type: Quick Scan
Objects scanned: 110426
Time elapsed: 2 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


__________________________________________________________
____________________________________________________________

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 31, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 01, 2009 02:33:05
Records in database: 2288230
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 137892
Threat name: 6
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 02:04:38

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06D00000.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vyuu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C500000.VBN Infected: Trojan-Mailfinder.Win32.Agent.wd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00000.VBN Infected: Worm.VBS.Autorun.bi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00002.VBN Infected: Worm.VBS.Autorun.bi 1
C:\hp\bin\wbug\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\kungsfwlawcgyu.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP881\A0072863.scr Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP903\A0073135.dll Infected: Trojan.Win32.Monder.gen 1
D:\I386\APPS\APP19117\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP19117\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
The selected area was scanned.

[emeraldnzl]

Hello again ungoy02x,

Quote:

It seems as if there are only a few things left according to the Kaspersky log.

Those are Symantec quarantined ones, some in System Restore, one in the quarantine of Combofix and some false postives.

We will remove them in this post.

After that I think your machine will be clean.

Now

I am not sure exactly which version your Symantec Corporate edition is but I think the actions below will probably apply.

How to delete a quarantined file if it is not needed:

• Open the Symantec AntiVirus console.
• To view the Quarantine list, open the View menu, and select Quarantine.
• If there are any items present in the Quarantine list, select them and press the red "X" button above the list. This will delete the infected file(s) from your computer.
• When you are finished, close Symantec AntiVirus and reboot your computer.

Next

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and some tools used in the removal of malware. This will also clean out and reset your Restore Points

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

After that please go here to download OTC.

Run this program to remove the remaining tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. The JavaRa folder can be deleted. If for some reason the Cleanup process hasn't removed it HijackThis can be uninstalled via the Add or Remove Programs utility in the Control Panel.

-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

• ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

• If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
  
• Microsoft Windows Update
  
  monthly. And to keep your system clean run these free malware scanners
  
• AdAware SE Personal
  
• Spybot Search & Destroy
  
  weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!

[ungoy02x]

Thnak you very much for your help!

[emeraldnzl]

You are very welcome.