MBAM Log file:
Malwarebytes’ Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8367
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/13/2011 8:07:07 PM
mbam-log-2011-12-13 (20-07-07).txt
Scan type: Quick scan
Objects scanned: 264918
Time elapsed: 20 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 19
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{89E96460-93F7-40B6-A4D7-1E8079283BD7} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{60977D31-766E-45AB-8CAD-93EDECE7C2E9} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\facerange.StockBar.1 (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\facerange.StockBar (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebEnhancements_is1 (PUP.WebEnhancements) → Not selected for removal.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) → Value: {B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) → Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) → Value: ClickPotatoLite@ClickPotatoLite.com → Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command(default) (Broken.OpenCommand) → Bad: (NOTEPAD.EXE %1) Good: (“%1” /S) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command(default) (Broken.OpenCommand) → Bad: (NOTEPAD.EXE %1) Good: (regedit.exe “%1”) → Quarantined and deleted successfully.
Folders Infected:
c:\program files\webenhancements (PUP.WebEnhancements) → Not selected for removal.
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\scott vallery\application data\clickpotatolite (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato (Adware.ClickPotato) → Quarantined and deleted successfully.
Files Infected:
c:\program files\clickpotatolite\bin\10.0.659.0\clickpotatolitesaax.dll (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_hblitesa.dll (Adware.Hotbar) → Quarantined and deleted successfully.
c:\windows\temp\nnnv0.5760079682454802.exe (Rogue.PrivacyProtection) → Quarantined and deleted successfully.
c:\program files\webenhancements\webenhancements.xpi (PUP.WebEnhancements) → Not selected for removal.
c:\program files\webenhancements\uninst000.dat (PUP.WebEnhancements) → Not selected for removal.
c:\program files\webenhancements\webenhancements.crx (PUP.WebEnhancements) → Not selected for removal.
c:\program files\webenhancements\we_uninstall.exe (PUP.WebEnhancements) → Not selected for removal.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\clickpotatolitesa.exe (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) → Quarantined and deleted successfully.