[plywoodhall]

Wow, thank you so much. My computer runs like normal again i've been watching videos on vimeo all night and using google without any hassle. Thanks again!

[Advertisements]

Hi,

That's good to hear. Let's run some final scans to check for any remnants.

-- Step 1 --

Run Malwarebytes' Anti-Malware.

• Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
• Select the Scanner tab, select "Perform Quick Scan", then click Scan
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 2 --

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[hammerman]

Hi,

That's good to hear. Let's run some final scans to check for any remnants.

-- Step 1 --

Run Malwarebytes' Anti-Malware.

• Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
• Select the Scanner tab, select "Perform Quick Scan", then click Scan
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 2 --

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[plywoodhall]

MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

09/08/2010 13:38:41
mbam-log-2010-08-09 (13-38-41).txt

Scan type: Quick scan
Objects scanned: 108103
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[plywoodhall]

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=33b212f3cf1a444c86336dc7df97e2e4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-09 09:14:36
# local_time=2010-08-09 02:14:36 (-0800, Pacific Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=49088
# found=2
# cleaned=2
# scan_time=858
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\clldr.dll probably a variant of Win32/Agent.EDPTKK trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
${Memory} probably a variant of Win32/Agent.EDPTKK trojan (contained infected files) 00000000000000000000000000000000 C

[plywoodhall]

there were 2 viruses found on the last scan, the 1st was deleted but the 2nd wasn't, what should we do with that?

[hammerman]

HI,

Are you using a cracked copy of Kaspersky?

Run the ESET on line scan again. This time however, select Advanced Settings and under Current Scan Targets, select Operating Memory only. Once the scan completes, post the log file.

[plywoodhall]

No it is not a cracked version, and here is the ESET log:

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=33b212f3cf1a444c86336dc7df97e2e4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-10 07:08:54
# local_time=2010-08-10 12:08:54 (-0800, Pacific Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=1
# found=1
# cleaned=1
# scan_time=24
${Memory} probably a variant of Win32/Agent.EDPTKK trojan (contained infected files) 00000000000000000000000000000000 C

[hammerman]

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  

  :file
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\clldr.dll
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[plywoodhall]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:04 on 10/08/2010 by Kyle (Administrator - Elevation successful)

========== file ==========

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\clldr.dll - Unable to find/read file.

-=End Of File=-

[hammerman]

Hi,

This looks like a false positive but I'll check it out. Back soon....

[plywoodhall]

Alright, thanks again though man, my computer is running amazing, i did another scan with ESET and it didnt show up:

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=33b212f3cf1a444c86336dc7df97e2e4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-11 05:56:53
# local_time=2010-08-10 10:56:53 (-0800, Pacific Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1027 16777173 100 49 0 0 0 0
# compatibility_mode=8192 67108863 100 0 32358 32358 0 0
# scanned=1
# found=0
# cleaned=0
# scan_time=15

[hammerman]

Hi,

Congratulations, your computer appears clean

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

-- Step 2 --

Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.

• Right-click on My Computer and select Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
• Now uncheck the Turn off System Restore, click Apply then OK.

A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions.

I recommend you update to Internet Explorer 8.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

• Click Start
• Select Control Panel
• Click on Automatic (recommended)
• Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
• Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

• Click Start
• Select Control Panel
• Select Add or Remove Programs
• Remove all Java updates except the latest one you have just installed.

Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

Avast
Avira Free

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.

[hammerman]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.