this virues even shoes up in safe mode and i really would love some help trying to get rid of this virus my avast will not pick it up when i run a full scan.
thank you very much
Here you go once we find it we can kill it ;D
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
THEN
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
The virus will not let me open the file up
We have ways and means to cure that - run this programme first and then continue with the other two
Download RogueKiller to your desktop
[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 2 and validate
[]The RKreport.txt shall be generated next to the executable.
[]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
OTS logfile created on: 5/2/2011 3:56:14 PM - Run 1
OTS by OldTimer - Version 3.1.42.0 Folder = C:\Users\Alex\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.04 Gb Total Space | 188.83 Gb Free Space | 66.72% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.12 Gb Free Space | 47.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ALEX-PC
Current User Name: Alex
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.com -> C:\Users\Alex\Desktop\OTS.com -> [2011/05/02 15:40:30 | 000,645,632 | ---- | M] (OldTimer Tools)
aswmbr.exe -> C:\Users\Alex\Desktop\aswMBR.exe -> [2011/05/02 11:34:24 | 000,576,512 | ---- | M] (AVAST Software)
xoy.exe -> C:\Users\Alex\AppData\Local\xoy.exe -> [2011/05/01 20:10:49 | 000,507,904 | -HS- | M] (Microsoft Corporation)
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software)
datasafeonline.exe -> C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe -> [2009/07/07 11:23:00 | 001,779,952 | ---- | M] ()
sprtsvc.exe -> C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -> [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
sprtcmd.exe -> C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe -> [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
pdvddxsrv.exe -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.)
webcamdell2.exe -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe -> [2009/01/09 14:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd)
docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation)
dldtmsdmon.exe -> C:\Program Files (x86)\Dell V305\dldtmsdmon.exe -> [2008/06/24 02:27:40 | 000,025,840 | ---- | M] ()
dldtmon.exe -> C:\Program Files (x86)\Dell V305\dldtmon.exe -> [2008/06/24 02:26:16 | 000,668,912 | ---- | M] ()
[Modules - Safe List]
ots.com -> C:\Users\Alex\Desktop\OTS.com -> [2011/05/02 15:40:30 | 000,645,632 | ---- | M] (OldTimer Tools)
snxhk.dll -> C:\Program Files\Alwil Software\Avast5\snxhk.dll -> [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
64bit-(avast! Antivirus) [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software)
64bit-(STacSV) [Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -> [2009/04/07 06:03:00 | 000,268,288 | ---- | M] (IDT, Inc.)
64bit-(AESTFilters) [Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -> [2009/04/07 06:02:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation)
64bit-(wltrysvc) [Auto | Running] -> C:\Windows\SysNative\WLTRYSVC.EXE -> [2008/12/22 06:35:16 | 000,032,768 | ---- | M] ()
64bit-(DockLoginService) [Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation)
64bit-(dldtCATSCustConnectService) [Auto | Running] -> C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldtserv.exe -> [2008/02/25 12:38:28 | 000,034,032 | ---- | M] ()
64bit-(dldt_device) [Auto | Running] -> C:\Windows\SysNative\dldtcoms.exe -> [2008/02/25 12:38:24 | 001,045,232 | ---- | M] ( )
64bit-(WinDefend) [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -> [2009/09/10 13:26:04 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) [Auto | Running] -> C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -> [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation)
(dldt_device) dldt_device [Auto | Running] -> C:\Windows\SysWow64\dldtcoms.exe -> [2008/02/25 12:38:12 | 000,595,184 | ---- | M] ( )
[Driver Services - Safe List]
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/04/18 13:13:13 | 000,064,344 | ---- | M] (AVAST Software)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\igdkmd64.sys -> [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation)
64bit-(RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -> [2010/06/16 15:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.)
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -> [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iastor.sys -> [2009/04/07 06:47:28 | 000,407,576 | ---- | M] (Intel Corporation)
64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2009/04/07 06:33:48 | 000,197,120 | ---- | M] (Realtek Corporation )
64bit-(RTSTOR) Realtek USB 2.0 Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RTSTOR64.SYS -> [2009/04/07 06:25:22 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(ApfiltrService) Alps Touch Pad Filter Driver for Windows XP/Vista x64 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Apfiltr.sys -> [2009/04/07 06:18:52 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.)
64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\stwrt64.sys -> [2009/04/07 06:03:18 | 000,477,696 | ---- | M] (IDT, Inc.)
64bit-(OA013Vid) Creative Camera OA013 Function Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\OA013Vid.sys -> [2009/03/09 18:00:00 |
this is only some of the file it wont let me fit it all in because its way more than the allowed word total
thank you
lower left corner > additional options > attach
here is the attachment
Again a very full set of temporary files so this may take longer than normal to run. On completion of this could you run ASWMbr please
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > ->
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:8893
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > ->
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:8893
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\: "ProxyServer" -> http=127.0.0.1:18810
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\] > -> HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\] > -> HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "rhqqapqm" -> [C:\Users\Alex\AppData\Local\Temp\sjgnkbtyt\bmrhjpnsika.exe]
YN -> "ryayjrio" -> [C:\Users\Alex\AppData\Local\Temp\dmxerhqrf\ygnrhqcuerb.exe]
< Registry Shell Spawning - Select to Repair > -> HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000_Classes\<key>\shell\[command]\command
YN -> exefile [open] -> "C:\Users\Alex\AppData\Local\xoy.exe" -a "%1" %*
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\SOFTWARE\Classes\<extension>\
YY -> .exe [@ = exefile] -> C:\Users\Alex\AppData\Local\xoy.exe
[Files/Folders - Created Within 30 Days]
NY -> xoy.exe -> C:\Users\Alex\AppData\Local\xoy.exe
[Files/Folders - Modified Within 30 Days]
NY -> jd0304a8d3q3q1q3u -> C:\Users\Alex\AppData\Local\jd0304a8d3q3q1q3u
NY -> jd0304a8d3q3q1q3u -> C:\ProgramData\jd0304a8d3q3q1q3u
NY -> xoy.exe -> C:\Users\Alex\AppData\Local\xoy.exe
[Files - No Company Name]
NY -> jd0304a8d3q3q1q3u -> C:\Users\Alex\AppData\Local\jd0304a8d3q3q1q3u
NY -> jd0304a8d3q3q1q3u -> C:\ProgramData\jd0304a8d3q3q1q3u
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
attachment below
All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer not found.
Unable to delete registry value HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable .
Registry value HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer not found.
Registry value HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rhqqapqm not found.
Registry value HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ryayjrio not found.
Registry value HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000_Classes\exefile\shell\open\command\‘’ updated successfully.
Registry key HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000_classes.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3954707293-2762990058-3438637650-1000_classes\Reg Error: Key error.\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes.exe\shell\open\exefile\‘’ updated successfully.
File C:\Users\Alex\AppData\Local\xoy.exe not found.
[Files/Folders - Created Within 30 Days]
File C:\Users\Alex\AppData\Local\xoy.exe not found!
[Files/Folders - Modified Within 30 Days]
File C:\Users\Alex\AppData\Local\jd0304a8d3q3q1q3u not found!
File C:\ProgramData\jd0304a8d3q3q1q3u not found!
File C:\Users\Alex\AppData\Local\xoy.exe not found!
[Files - No Company Name]
File C:\Users\Alex\AppData\Local\jd0304a8d3q3q1q3u not found!
File C:\ProgramData\jd0304a8d3q3q1q3u not found!
[Custom Items]
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alex\Desktop\cmd.bat deleted successfully.
C:\Users\Alex\Desktop\cmd.txt deleted successfully.
[Empty Temp Folders]
Could you now run Malwarebytes please
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 5214
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975
11/29/2010 7:35:58 PM
mbam-log-2010-11-29 (19-35-58).txt
Scan type: Full scan (C:|D:|)
Objects scanned: 303119
Time elapsed: 1 hour(s), 7 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 61
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 27
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{618aad04-921f-44c2-be38-c0818af69861} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.hbax (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{f244a744-534d-4a46-855f-c0c7e9f27daa} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{030c9927-10fc-4169-97a2-55becd5d88d8} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{3e2dfd6a-4e20-4d4c-aa8b-e1f9dbef3c80} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{714e0876-fcee-49ce-a429-b9ad8aefcb56} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{dd15bcc0-5fe9-4690-a957-99fa60ed9d26} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.hbax.1 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband.1 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.iebutton (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.iebutton.1 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.iebuttona (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.iebuttona.1 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl.1 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{0eb3f101-224a-4b2b-9e5b-df720857529c} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{a1f1ecd3-4806-44c6-a869-f0dadf11c57c} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib{b035ba6b-57cd-4f72-b545-65be465fcaf6} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib{d44fd6f0-9746-484e-b5c4-c66688393872} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport2 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqddwtgf (Trojan.FakeAlert.Gen) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\clickpotatolite@clickpotatolite.com (Adware.ClickPotato) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) → Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) → Delete on reboot.
C:\ProgramData\ResultBar (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0 (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\firefox (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\firefox\extensions (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\firefox\extensions\plugins (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0} (Adware.ResultBar) → Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0}\chrome (Adware.ResultBar) → Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults\preferences (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Program Files (x86)\ResultBar (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) → Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21 (Adware.ShoppingReport2) → Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) → Quarantined and deleted successfully.
Files Infected:
C:\Users\Alex\AppData\Local\Temp\uupfuubkj\wemjqdctsbl.exe (Trojan.FakeAlert.Gen) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll (Adware.ShoppingReport2) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\LaunchHelp.dll (Adware.Seekmo) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ResultBar\resultbar.exe (Adware.ResultBar) → Quarantined and deleted successfully.
C:\ProgramData\ResultBar\resultbar113.exe (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\00075070.exe (Trojan.FakeAlert.Gen) → Quarantined and deleted successfully.
C:\Windows\Temp\RES3207.tmp\upgrade.exe (Adware.Dropper.Gen) → Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.621.0\firefox\extensions\install.rdf (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0}\chrome.manifest (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0}\install.rdf (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0}\chrome\resultbar.jar (Adware.ResultBar) → Delete on reboot.
C:\Program Files (x86)\Mozilla Firefox\extensions{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults\preferences\prefs.js (Adware.ResultBar) → Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) → Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) → Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) → Quarantined and deleted successfully.
Lots of click potato gone - what are your current problems ?
i am all clean no more problems.
thank you very much for your help
Run OTS and hit the cleanup button to remove it ;D