Removing Claro Search malware.

Hi, first time here and my searches on how to remove the abovementioned malware led me here. I've downloaded and ran the OTL.exe program and attached is the log. Sorry to drag up an old question as it seems many other users have already posted on this but any help is much appreciated.

Thank you in advance!

 

Welcome to MajorGeeks, Revan20

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:processes[/COLOR]
killallprocesses
[COLOR="DarkRed"]:otl[/COLOR]
IE - HKU\S-1-5-21-2874086640-406355130-2749147588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.claro-search.com/?affID=115131&tt=3512_4&babsrc=HP_iclro&mntrId=e6b521aa000000000000e0ca9416df78
IE - HKU\S-1-5-21-2874086640-406355130-2749147588-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=3512_4&babsrc=SP_iclro&mntrId=e6b521aa000000000000e0ca9416df78
IE - HKU\S-1-5-21-2874086640-406355130-2749147588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2874086640-406355130-2749147588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..keyword.URL: "http://isearch.claro-search.com/?affID=115131&tt=3512_4&babsrc=KW_iclro&mntrId=e6b521aa000000000000e0ca9416df78&q="
[2012/08/30 23:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\xeac8yzy.default\extensions\trash
[2012/06/03 21:40:29 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XEAC8YZY.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/08/30 23:50:21 | 000,527,328 | ---- | M] () (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XEAC8YZY.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/03/17 11:57:30 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XEAC8YZY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/03/17 11:57:30 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XEAC8YZY.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/06/17 12:40:01 | 000,139,765 | ---- | M] () (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XEAC8YZY.DEFAULT\EXTENSIONS\SAVEFILETO@MOZDEV.ORG.XPI
0,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - homepage: http://isearch.claro-search.com/?affID=115131&tt=3512_4&babsrc=HP_iclro&mntrId=e6b521aa000000000000e0ca9416df78
CHR - homepage: http://isearch.claro-search.com/?affID=115131&tt=3512_4&babsrc=HP_iclro&mntrId=e6b521aa000000000000e0ca9416df78
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKU\S-1-5-21-2874086640-406355130-2749147588-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
[2012/08/30 00:10:49 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\IClaro
[2012/08/30 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Babylon
[2012/08/30 00:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[COLOR="DarkRed"]:commands[/COLOR]
[clearallrestorepoints]
[emptyjava]
[emptyflash]
[resethosts]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

http://img205.imageshack.us/img205/1894/otl.gif - Rescan with OTL
Attach latest log.

 

Hi, thisisu,

Thank you so much for the reply. I've done the steps that you recommended and attached is the log.

 

Claro Search was most likely removed from FireFix and Internet Explorer, however, with Google Chrome, we got this message:

Code:

Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.

I assume OTL isn't capable of modifying Google Chrome's home page. You may need to manually reset or uninstall Google Chrome if iClaro is still appearing.