http://forum.avast.com/Smileys/default/sad.gif
files all over the place on my computer…sent locked ones to recycle bin and programme files all over the place…cant get rid of claro
hi cleantheworld,
AdwCleaner got rid of a lot of the web add-on c**p.
You did not include the log for aswMBR.exe, could you please attach that? Need to see if you possibly have a rootkit installed as well.
see attachment…computer hard drive seems to have been divided with recycle bin in different section and wondering what is in the removable disk section?
thanks
Thank you for that.
A malware expert has been notified. As he likely lives in a different time zone than you, please be patient.
You have now provided the logs he needs to begin his analysis; when he enters your thread, he will prepare a cleansing routine just for you and your system, and no other.
It will be a bit before he arrives, but less than 24 hours.
Hi you also have McAfee running on your system, I would recommend that you uninstall it
Also for Chrome you will need to manually change the search engine from Claro there
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE - HKU\S-1-5-21-2810083453-1765977715-965898646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=110824&tt=4412_8&babsrc=HP_ss&mntrId=e65d041300000000000074de2b76794f
IE - HKU\S-1-5-21-2810083453-1765977715-965898646-1001\..\SearchScopes\{C0137735-94BA-425E-90CF-DC6B43DC6A70}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=110824&tt=4412_8&babsrc=SP_ss&mntrId=e65d041300000000000074de2b76794f
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
[2012/11/04 23:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2012/11/02 21:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
black screen at the moment
trying to reboot but went to welcome before turning to a black screen?
the mouse works
What is the current status of the system ?
not sure whether a reboot will work as it went black at welcome?
can open in safe mode but can’t access internet
Are you able to select “Safe Mode with networking”? Try that.
rebooted from disk…was running in safe mode as well but I hadn’t allowed networking. Still looks like a lot of interesting things happening on my computer
more reports…
OK this is weird as all I removed were BHO’s
First you will need to uninstall McAfee
From the control panel uninstall McAfee
Then download and run this tool http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
Then reboot to normal windows and let me know the result
wellll i have icons on my desktop labelled computer and roses now which seems quite new. Not sure how much control I have as a lot of the locked files I put in the recycle bin but not sure what the recycle bin does as my harddrive has been divided with something like a recycle bin on the other side. Great little psychological game. cant do things like defrag or system scan…not sure what the workgroup under workgroup is?
got these reports also from the rootkick and there are items in quarantine from that rootkick.
Otherwise the computer is booting normally now and seems to be functioning normally.
Thanks for help
If you could attach a screenshot of your current desktop, that may help us help you.
well …the desktop has a file named rose which looks like it has all my stuff in and there is an shortcut to computer which looks like what you’d normally get if you went to computer in the menu…that’s new. The reboot has been normal since yesterday after I ran rootkit thing…the harddrive is partitioned with the recycle bin on the other side of the partition. God know where the other recycle bin goes as there was computer code all over the place which I stupidly put in the recycle bin…been like that since I went HELP…
everything seems to acquire little shields on them like the microsoft security shield including all the melware and logs exe that i downloaded over the last couple of days. I can’t run any of the disk maintenance stuff.
When i try to open attachments i get C:/users/roses/desktop or something called control panel/system and security which appears to have nothing in it? Ive included the other rk logs?
thanks for helping
can i reply
?? ???