 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
 ·Comcast
| reply to vzDE
Re: Twice in 2 years Thanks.
First:
For the left over Yontoo problem, you can try Spybot S&D and see if the removes the remains. Once done, you can leave Spybot installed (with no active parts), or remove, at your discretion.
Here is a link to the Spyobt S&D Yontoo removal instructions:
»forums.spybot.info/showthread.php?t=62640
Second:
Time to remove the leftovers the uninstallers missed..
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:
:OTL
IE - HKCU\..\SearchScopes\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}: "URL" = »www.mysearchresults.com/search?&···chTerms}
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = »search.startnow.com/s/?q={search···:source}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T3061355
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = »mystart.smilebox.com/?search={se···8bmjazid
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WindowShopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No CLSID value found.
O9 - Extra Button: WindowShopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Third:
Once we have the computer cleaned and the programs we asked you to install and run, you need to run Windows Update and install Vista SP 2. DON'T INSTALL SP2 until we have cleaned up!
If this computer had been infected beyond the annoying toolbars, the only instructions I would have given would be to reformat and reinstall.
Not keeping a compute current with the Service Packs and Updates released by Microsoft leaves no choice but to consider a deficient computer as compromised.
Please impress the owner with the importance of keeping the computer current.
See here for info on compromised computers:
»Security Cleanup FAQ »Noteworthy Comments About Compromised Computers
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum |
vzDE
join:2006-11-23
Newark, DE | 1. Ran Spybot S & D, didn't totally remove Yontoo, but will follow the directions to the page you linked to attempt to remove the rest.
2. Ran OTL with the pasted commands, here's the log...
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABD93EAF-D775-BC54-E63B-2804F22FD156}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ not found.
File C:\Program Files\SuperFish\Superfish.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\ not found.
File C:\Program Files\SuperFish\Superfish.dll not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Margaret
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6461390 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1338 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11855224 bytes
Total Files Cleaned = 18.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Margaret
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.70.1 log created on 10032012_145536
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
3. It's a loooonnnggg story about Vista Service Pack 2 for this Dell laptop. Jan. 2011 when I was last dealing with issues with this laptop I did try to install Svc Pack 2 but after googling for three days and visiting countless forums and reading about other users having the same problem...I threw up my hands and gave up. As far as I can gather it's an OEM issue and Dell refuses to do anything about. After every install of SP2 the computer reboots and says SP2 install was unsuccessful and reverts back to SP1 (which I believe was pre-installed on purchase).
If you have a suggestion or a link I'd be happy to check it out.
Thanks for all your help. |
