CLCKM.COM or Click2Find removal

My sister managed to get a malware infection on my computer.  Now when I run any flash content with RealPlayer or Firefox, Internet Explorer 7 (which I don't use for anything unless I absolutely have to!) opens up to this link http://clckm.com/searchinfo?fp=%2F6aThAjcGiWQ2B1S%2BwFvKJtNupP6o2QUcZpyo46OY6d0VwjJ1OCfXWyCefua&pt=2&sp=2&vid=1201313561_3X01X1478346977&rpt=1&rm=1#

I have tried SpyBot, AdAware, avast!, an Kapersky online scan and walking through the registry all to no avail.  I'm not the brightest bulb in the box, but I've been doing IT support for 17 years and I can't manage to rid of this crap.  I see where someone else posted on EE trying to get help removing this and ended up loading a new image on the PC.  I hope someone here has better advice by now... anyway your help will be truly appreciated!

Thanks!
WTFDonAsked:
Who is Participating?
 
IndiGenusConnect With a Mentor Commented:
Not seeing anything evident from HJT? I recommend you run a Spyware scan with AVG and post the log that comes from it. Instructions on set up and run here:

http://www.anti-malwareoutlook.com/forum/viewtopic.php?f=14&t=9&sid=eb63f101d6ce3a7151f84359db630179
0
 
IndiGenusCommented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
 
WTFDonAuthor Commented:
As requested, here's a freshly created HiJackThis log file.  Thanks for the quick response!
hijackthis.log
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
WTFDonAuthor Commented:
Hi IndiGenus, it appears to be fixed.  I followed the instructions from your link above and the problem still persisted.  Even though it's not still causing me any problem, I uploaded the AVG report and HJT log file for prosperity.

The malware had gotten itself attached to a flash player I had downloaded named flvplayer but was using RealPlayer to lauch IE 7 to the clckm.com webpage.  Here's how I got to my happy state:  I removed and re-installed Adobe Flash, no help.  I removed RealPlayer, no help.  I removed the flash player and associated .flv files back to Windows Media Player and instantly I was able to view flash videos without IE lauching the Click2Find crapware.  The file may still be on my computer somewhere but it seems that it is not actively working any more.  

Since your suggestion got me moving in the right direction and I'm not having any problem at this point, I'm accepting your solution.  Thanks for your help!
Report-Scan-20080126-124629.txt
hijackthis.log
0
 
WTFDonAuthor Commented:
IndiGenus, if you're able to find anything else that might lead to the name and location of the file, I'd love to hear from you.  Thanks again for your help.
0
 
IndiGenusCommented:
Hmm that is interesting, nice work on your part finding the problem.

Question, where did you get the flvplayer from? Was it from a "trusted source" or....?
0
 
IndiGenusCommented:
Not sure what the file is but you identified where it came from so I would make sure to avoid it in the future...

Good luck,
Dave
0
 
WTFDonAuthor Commented:
The player had been working on my PC for about a month before the malware "infected" it.  I wouldn't call it a trusted source since I downloaded it from download.com but I don't think it had any nasties in the beginning.  My sister who is not blessed with much common sense went to some get-rich-quick site and told my NoScript Firefox add-in to allow everything so she could watch a video and that's when my troubles started.  I'll forgive her one day :-)

Thanks,
Don
0
All Courses

From novice to tech pro — start learning today.