Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Message "Search Setting v1.2.3"


  • Please log in to reply
11 replies to this topic

#1 aktony

aktony

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:18 PM

Posted 24 January 2011 - 05:12 PM

My computer was/is infected by the Search Setting v1.2.3. My computer runs on a Windows 7 64-bit system. I followed your directions on the BleepingComputer.com> Security> Am I infected? What do I do? forum by downloading the SUPERAntiSpyware Free and Dr.Web CureIt. Now I have the report for the SUPERAntiSpyware Free scan. However the report for the Dr.Web CureIt scan did not save (I followed the directions and it never asked where I wanted to save the file). I tried locate the saved DrWeb.csv file and could not find it.

SUPERAntiSpyware Free Scan Report

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/22/2011 at 05:45 AM

Application Version : 4.48.1000

Core Rules Database Version : 6255
Trace Rules Database Version: 4067

Scan type : Complete Scan
Total Scan Time : 01:40:53

Memory items scanned : 358
Memory threats detected : 0
Registry items scanned : 14300
Registry threats detected : 0
File items scanned : 179080
File threats detected : 87

Adware.Tracking Cookie
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\antoine@atdmt[2].txt
a.ads2.msads.net [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
ads2.msads.net [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
b.ads2.msads.net [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
core.insightexpressai.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
ia.media-imdb.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
media.kyte.tv [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
media.mtvnservices.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
media.scanscout.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
media1.break.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
media10.washingtonpost.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
msnbcmedia.msn.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
objects.tremormedia.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
richmedia247.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
s0.2mdn.net [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
secure-us.imrworldwide.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
sexier.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
tracker.dominos.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
video.redorbit.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
videos.mediaite.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
www.naiadsystems.com [ C:\Users\Antoine\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JR49KSKN ]
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@2o7[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@a1.interclick[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ad.wsod[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ad.yieldmanager[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@adbrite[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@adecn[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@adlegend[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ads.bleepingcomputer[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ads.bridgetrack[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ads.infinisource[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ads.pointroll[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@adserver.adtechus[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@adserver.twitpic[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@advertising[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@adxpose[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@apmebf[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@atdmt[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@bs.serving-sys[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@burstbeacon[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@burstnet[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@casalemedia[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@cbs.112.2o7[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@cdn.mediatakeout[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@chitika[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@citi.bridgetrack[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@clickbank[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@collective-media[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@content.yieldmanager[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@content.yieldmanager[3].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@dmtracker[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@doubleclick[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@edge.ru4[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ehg-eset.hitbox[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@eset.122.2o7[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@fastclick[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@hitbox[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@imrworldwide[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@insightexpressai[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@interclick[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@invitemedia[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@lucidmedia[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@media6degrees[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@mediabrandsww[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@mediaplex[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@mediatakeout[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@msnportal.112.2o7[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@msnservices.112.2o7[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@pointroll[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@qnsr[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@questionmarket[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@r1-ads.ace.advertising[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@revsci[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@ru4[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@serving-sys[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@specificclick[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@statcounter[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@trafficmp[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@tribalfusion[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@wpni.112.2o7[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@www.burstbeacon[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@www.burstnet[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@www.googleadservices[2].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@www.qsstats[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@www.qsstats[3].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@yieldmanager[1].txt
C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Cookies\Low\antoine@zedo[2].txt


Dr.Web CureIt *Description*

The program found 4 hotbar and search trojan viruses. I moved the viruses and when I rebooted I restarted the IE the Search Settings still shows up but states that it could not find the path. If I click ok it will not close the IE like before but will ask again until I click cancel.

Please show me how to get this thing off my computer and not just move it to a folder.


Thanks,

Aktony

Edited by Budapest, 24 January 2011 - 05:29 PM.
Moved from Win7 ~BP


BC AdBot (Login to Remove)

 


#2 aktony

aktony
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:18 PM

Posted 24 January 2011 - 05:15 PM

Here is what keeps poping up when I restart Internet Explorer.

Attached Files



#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 25 January 2011 - 10:40 PM

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 aktony

aktony
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:18 PM

Posted 29 January 2011 - 09:10 PM

First let me apologize for the late response. I have followed your instructions on getting the annoying virus off of my computer and it worked.Below is the post of the scan log.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5636
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5636

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/29/2011 8:29:31 PM
mbam-log-2011-01-29 (20-29-31).txt

Scan type: Quick scan
Objects scanned: 159822
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 33

Memory Processes Infected:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> 1320 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Antoine\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.622.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.622.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.622.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.622.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\IE (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\IE\4.0.2 (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.622.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\IE\4.0.2\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files (x86)\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.


P.S. Could you please show me how to put pictures on my profile and in replies or new threads?

Thanks a lot BP!

Aktony!

Edited by aktony, 29 January 2011 - 09:12 PM.


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 30 January 2011 - 04:16 PM

Please run another Malwarebytes scan and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:18 AM

Posted 31 January 2011 - 04:09 AM

Could you please show me how to put pictures on my profile and in replies or new threads?

This should tell you what you wish to know:
Inserting An Image Within A Post
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 aktony

aktony
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:18 PM

Posted 01 February 2011 - 09:09 AM

Hello BP here is my lastest post. Thanks for the help. My computer is running slow. However it may be because I have a lot of things running on my computer. However, my computer has 540gb of space and is practically new.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5636

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/1/2011 8:55:27 AM
mbam-log-2011-02-01 (08-55-27).txt

Scan type: Quick scan
Objects scanned: 159759
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 01 February 2011 - 03:54 PM

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 aktony

aktony
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:18 PM

Posted 01 February 2011 - 05:40 PM

Let me restate my computer is not running slow but the internet is. So should I still run the antivirus software?

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 01 February 2011 - 05:46 PM

Yes give it a try.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 aktony

aktony
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:18 PM

Posted 01 February 2011 - 06:40 PM

I ran TDSS killer and nothing was found.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 01 February 2011 - 06:53 PM

Let's try one more scan:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users