Remove Claro search from ie?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by poppet, Sep 30, 2012.

  1. poppet

    poppet Private E-2

    Hi,
    Please could you help me remove claro search from ie9?
    OTL included.
    Regards,
    David.
     

    Attached Files:

    • OTL.Txt
      File size:
      92.1 KB
      Views:
      4
    poppet, Sep 30, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I see that you have both AVG 2012 and Norton Internet Security installed. You need to decide which one you want to keep and uninstall the other immediately. Do that while I look thru the rest of your log but I may need you to run thru our posted cleaning procedure >> READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Sep 30, 2012
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall Yontoo Layers.

    Did you knowingly install Savings Sidekick ? Many of these kinds of programs come with other very much unwanted baggage.
    If you did not knowing install it then uninstall it now.

    Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.
    • Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
    • Copy the text in the code box below and paste it into the [​IMG] text-field.
    Code:
    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = [URL]http://www.claro-search.com/?affID=114506&tt=3912_6&babsrc=HP_clro&mntrId=f0bc5da200000000000000ff9fdc87f5[/URL]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.claro-search.com/?affID=114506&tt=3912_5&babsrc=HP_clro&mntrId=f0bc5da200000000000000ff9fdc87f5[/URL]
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
[2012/09/17 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]

[REBOOT]
    • Now click the [​IMG] button.
    • If the fix needed a reboot please do it.
    • Click the OK button (upon reboot).
    • When OTL is finished, Notepad will open. Close Notepad.
    • A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    • Attach this log to your next message. (See: How to attach)
    If you still have problems now, you will have to run the READ & RUN ME FIRST cleaning procedure that I gave you the link to. Also tell me which browser or browsers you have the problem with? Test every browser you have installed and make sure that only one browser is open at any instance.
     
    chaslang, Sep 30, 2012
    #3
  4. poppet

    poppet Private E-2

    Thank you for that. I will follow your instructions and get back to you.
    In terms of uninstalling Yontoo when I try to uninstall it (Yontoo 1.10.02) via Windows Programs and Features I get the following error: Setup Initialization error.

    In terms of your question: Did I knowingly install Savings Sidekick? My 9 year old installed it. I have now created a guest account for him and I have used the group policy editor to restrict Windows installations and require admin rights for installations.

    I do not know how to uninstall Savings Sidekick. It does not appear in Windows Programs and Features.
     
    poppet, Sep 30, 2012
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See if you can remove them with the below program.

    Revo Uninstaller

    If not, just continue with my previous instructions and I will create a manual fix after you give me the new log.
     
    chaslang, Sep 30, 2012
    #5
  6. poppet

    poppet Private E-2

    Hi, please find log file attached.
    claro search has gone from ie.
    The yontoo entry was removed by Revo.
    I am not sure about super saver. It might still be present but it does not appear in Windows Programs and Features.

    What is the best way to stop browser toolbars and/or browser search page hijacking? If that is not a straight forward answer I will just have to read all of your material.

    Thank you very much for your help.
    Regards,
    David.
     

    Attached Files:

    poppet, Oct 1, 2012
    #6
  7. poppet

    poppet Private E-2

    Savings Sidekick appears under IE9/Manage Add-ons/Toolbars and Extensions as a 'Friendly App'.
     
    poppet, Oct 1, 2012
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds