system
November 16, 2012, 8:33pm
1
Before finding this site, I tried:
AVG free
downloaded and ran “Speedy PC Pro”; its advert said that it could remove this exact string
downloaded and ran malwarebytes; it foound and I deleted two(2) files “claro” (I think)
downloaded and ran ANVI smart Defender
After these steps, I still have the same pop-up problem
After finding Avast; I have downloaded the following programs to a USB stick on an older un-infected XP machine:
AdwCleaner
re-ran MalwareBytes after getting updates
OTL
I have attached the logfiles, including all of the malwarebytes logs I have ran from before “Avast”
Could you attach the OTL log please and I will look for the remnants
Pondus
November 16, 2012, 8:43pm
3
I have attached the logfiles, including all of the malwarebytes logs I have ran from before "Avast"
where are the malwarebytes logs?
system
November 16, 2012, 8:46pm
4
sorry, I’m having trouble reading the security words …
system
November 16, 2012, 8:49pm
5
re-trying to send the OTL, extras & two other mbam files
system
November 16, 2012, 8:52pm
6
just tried to run aswMBR.exe; got a blue screen system crash before it could complete, computer re-started and cam up OK
You will need to change Chrome Homepage and Search manually
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE - HKU\S-1-5-21-4049240691-880591063-545121342-1005\..\SearchScopes,bProtectorDefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll (215 Apps)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
[2012/11/12 18:19:00 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Coupon Companion
[2012/11/12 18:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/12 18:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion
:Files
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
system
November 16, 2012, 9:18pm
8
Here is the update otl file after the “Run Fix” & Quick Scan were run
system
November 16, 2012, 9:46pm
9
thanks very much.
I have been using the browser on the affected computer and I have not seen the offending popup
I’ll look back for a wrap-up comment, but it looks like you have fixed a very annoying problem, thanks again.
system
November 19, 2012, 3:14pm
11
I still have a problem … no popups but the default homepage on Chrome is www.claro …
I tried to follow your last instructions but I was unable to access chrome so, I re-installed chrome and then followed the guidelines. I did this on Friday. Today(monday) I tried to use Chrome and default page is www.clarosearch.com , tried changing the home page, it still shows the claro page.
Do I need to redo the process?
Do you have google synch enabled on chrome ? If so then delete the synch data, reset the home page and then set a fresh synch
system
November 19, 2012, 3:34pm
13
I resynced everything looks good.
many thanks.
I must admit I keep forgetting that Google synchs… So any bad toolbars/search engines will get reinstalled