can't get rid of claro-search

Please follow these instructions READ & RUN ME FIRST. Malware Removal Guide

 

You can attach the MGlogs.zip please from running MGTools.exe. Thanks.

 

You need to take a look at this:
Warning about Porn, Keygens, Cracks, and other Illegal Software


Re run Hitmanpro and have it delete all it finds.

Delete this file:
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

Delete these folders:
C:\ProgramData\Babylon
C:\ProgramData\GboxUpdater
C:\ProgramData\OptimizerPro
C:\ProgramData\SpeedyPC Software

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

 

Driver Pro v3.0 <--- Uninstall this unless you paid for it.

We need to run an OTL Fix

• Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
• Copy and Paste the following code into the textbox. Do not include the word Code

Code:

:otl
CHR - homepage: http://www.claro-search.com/?affID=111304&tt=090812_clr_3212_4&babsrc=HP_ss&mntrId=74a861ca0000000000000625567e6496
CHR - homepage: http://www.claro-search.com/?affID=111304&tt=090812_clr_3212_4&babsrc=HP_ss&mntrId=74a861ca0000000000000625567e6496
[2012/08/11 13:07:47 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Babylon
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:430C6D84

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click Image.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

How is everything running now?

 

Run OTL again and attach the log please.

 

Is it only Chrome this is affecting?

 

Hi Philip.

We are going to be uninstalling your old version of FireFox and installing the new version. (Except please use REVO instead of the standard uninstall method!) So do the below to save bookmarks:

• Run FireFox and click Bookmarks.
• Then select Organize Bootmarks.
• Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

Start by uninstalling FireFox (with Revo) and then reboot. Do not skip the reboot.
After reboot, delete the below folders:

• C:\Program Files (x86)\Mozilla Firefox
• C:\users\UserAccount\AppData\Roaming\Mozilla\Firefox

where UserAccount is the actual user account name being used.

Now reinstall FireFox from the file previously downloaded.
Import your bookmarks file. (similar process to exporting).

--------------

Better?

 

You mean the address bar? Or search box? (Top right)

 

Run OTL and attach the log please.

 

We need to run an OTL Fix

• Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
• Copy and Paste the following code into the textbox. Do not include the word Code

Code:

:otl
CHR - homepage: http://www.claro-search.com/?affID=111304&tt=090812_clr_3212_4&babsrc=HP_ss&mntrId=74a861ca0000000000000625567e6496
CHR - homepage: http://www.claro-search.com/?affID=111304&tt=090812_clr_3212_4&babsrc=HP_ss&mntrId=74a861ca0000000000000625567e6496
CHR - Extension: ADDICT-THING = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckaomfkdabdhbhdnoleeclneakpepdik\1.0_0\

:files
C:\Users\Philip\AppData\Roaming\CleanMyPC Software
C:\Users\Philip\AppData\Roaming\SpeedyPC Software
C:\ProgramData\ADDICT-THING
C:\ProgramData\Babylon

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click Image.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

• Now run OTL again normally, no fix, just a scan and attach log.
• Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

What is your homepage set to in Chrome? Chrome may have to be uninstalled and reinstalled to get rid of Claro.

 

So what's this I am seeing installed?

 

Yes, uninstall it and then rerun OTL again and attach the new log please.

 

You did not reinstall Chrome yet did you?

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

We need to run an OTL Fix

• Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
• Copy and Paste the following code into the textbox. Do not include the word Code

Code:

:otl
CHR - homepage: http://www.claro-search.com/?affID=111304&tt=090812_clr_3212_4&babsrc=HP_ss&mntrId=74a861ca0000000000000625567e6496
CHR - homepage: http://www.claro-search.com/?affID=111304&tt=090812_clr_3212_4&babsrc=HP_ss&mntrId=74a861ca0000000000000625567e6496
  
:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click Image.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

Rerun OTL again (no fix just scan) and attach the new log.

 

Reinstall Chrome and let me know how it is. If your homepage is still set at Claro then simply change it and see if it sticks. Let me know!

 

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :regfind
  *claro*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

I should have had you use the 64bit version of systemlook for better results.

I have to go out soon, and also, think its time I asked colleagues about this for you.

In the mean time please oprn up your registry and run a search for Claro. Let me know the results!