Jump to content


Photo
- - - - -

Yet another Yoog victim


  • This topic is locked This topic is locked
53 replies to this topic

#21 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 10:59 AM

VirusTotal

#22 JohnOwen

JohnOwen

    Newbie

  • Newbie
  • Pip
  • 1 posts

Posted 08 December 2008 - 12:15 PM

Hi all.

Thought i would register to post this. I got the dreaded yoog search on friday on a company laptop. I have not been able to find any reference to it at all. I have been in touch with our anti virus people (AVG enterprise) and Kaspersky which i use on the laptop. Neither of which has been able to offer a solution. However i have managed to get rid of it reliably today.

I use a Windows Vista Ultimate Laptop. I found 3 references to Yoog search in my add/remove programs. These involved Addcertion programs which i removed. After, i uninstalled Firefox (My default browser) I then tore apart the registry for all traces of Mozilla (easiest way i found is to just the registry for Mozilla) After i removed these entries i removed the Yoog Search from IE7 and restarted the computer. I downloaded and reinstall firefox and all is OK.

I dont know what Yoog is all about. The main problems i had was onoly being able to browse cached pages and the odd random popup.

I also connected to our test environment i made a couple of searches using Yoog search and our network monitor did not pick up any information being sent that shouldn't be.

Hope this helps....

Sorry just to add, if you are using firefox. Dont worry about exporting your bookmarks, download foxmarks. Sync them online and you can simply sync again once firefox is reinstalled :D

Edited by JohnOwen, 08 December 2008 - 12:22 PM.


#23 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 12:51 PM

Thanks for the input John, Andy had much more problems than just Yoog
I'm just trying to get more info about it
Had another user that reinstall Firefox also, we may go that route, but for now
Andy
Can I bug you to do the following please
Find and delete that file
c:\windows\system32\nso39A.dll < -this file

Can you next please do the following
Download and save to desktop
RegQuery.exe by Novicate
Double click to run it
In the "Enter Key Name" field
Copy and Paste the following

[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]

Then click on "Query"
A text file should open, can you copy and paste back here the contents please

Do the same with the next one
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

Are you having problems in both Firefox and IE?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#24 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 01:02 PM

Yes both IE and Firefox, though FireFox is the default browser

First one


Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{4AE28838-F260-452E-AC17-B117A4330749}"
"Version"=dword:00000001

[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{4AE28838-F260-452E-AC17-B117A4330749}]
"URL"="http://www9.yoog.com...={searchTerms}"
"DisplayName"="Yoog Search"

[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.co...ge={startPage}"

Second


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{4AE28838-F260-452E-AC17-B117A4330749}"
"Version"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4AE28838-F260-452E-AC17-B117A4330749}]
"URL"="http://www9.yoog.com...={searchTerms}"
"DisplayName"="Yoog Search"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.co...ge={startPage}"

#25 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 01:06 PM

Andy
Can I bug you to do the following please



LOL

I'm actually enjoying this. I wish I knew exactly how to manipulate the information you are requesting of me. I'm a very curious individual. I'm resisting the urge to ask "WHY?" on every instruction.


Just a heads up, I am leaving for work in about 30 mins and I wont back with this computer until about 8pm Eastern so you can take a breather from this.

#26 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 01:12 PM

Thanks Andy
Can you try a step for me please

In IE7, beside the Address bar, is a Search bar
To the right of the search bar is a magnifying glass and a drop down arrow
Left click the drop down arrow
and select>>"Change Search Defaults"
If you see "Yoog Search" in the list
Highlight it and Remove it
Then highlight Google and set to Default

Close IE7
Access your Add and Remove Programs and if the following are still present
Contextual Platform Adsoftinc
RON Tool Adsoftinc

Try and remove both of them

Afterwards, restart IE7
Can you then use RegQuery.exe and query those 2 strings you just did
and post the findings please

Just a heads up, I am leaving for work in about 30 mins and I wont back with this computer until about 8pm Eastern so you can take a breather from this.

Not a problem, I'm actually trying to find an installer for this so I can play with it on my own computer :)

Edited by guestolo, 08 December 2008 - 01:13 PM.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#27 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 01:13 PM

oops just missed ya, I just edited one of my other posts to say Yes this problem exists in IE7 too

#28 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 01:15 PM

Can you deal with IE7 first, then see if we can clear Firefox after

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#29 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 01:17 PM

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}"
"Version"=dword:00000001

[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.co...ge={startPage}"




Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}"
"Version"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.co...ge={startPage}"


I did the same removal on FireFox, hope that wasn't a mistake

#30 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 01:19 PM

Did you remove both from Add and Remove Programs?
I'm curious if they were still there

Is IE7 acting back to Normal now?
What about Firefox?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#31 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 01:22 PM

They were on the list, but both said they were no longer there.

IE7 seems fine, and I thought FireFox was good, but I just got a pop-up add titled "Contextual Adds by Addsoft"

#32 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 01:27 PM

Ok, thanks
I'll let you get to work, I want to check my settings in Firefox
We can always reinstall Firefox
But there may be an easy solution, not sure
Let me get back to you

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#33 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 01:29 PM

I did a couple searches in the right google search bar and it was fine, so I typed "YouTube " into the main Address bar. Instead of going straight to Youtube, it went a ....... YOOG search page.

lol

#34 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 01:33 PM

Darn, if your not gone yet
Can you do the following
Set Windows to Show Hidden files/folder
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it

Navigate to the following folder
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\*********.default
In that folder right click on prefs.js and select EDIT
Copy/paste back here the contents of that file please

EDIT>>Since your gone to work, I may as well edit this post
Before you post back the contents of prefs.js
Can we run Malwarebytes Anti-Malware please

Here's instructions:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Edited by guestolo, 08 December 2008 - 02:16 PM.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#35 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 06:46 PM

I'm back, and about to run Mbam

#36 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 06:58 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1475
Windows 5.1.2600 Service Pack 3

12/8/2008 7:57:01 PM
mbam-log-2008-12-08 (19-57-01).txt

Scan type: Quick Scan
Objects scanned: 61250
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc90cj0ea2v (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\GoToAssist_chat2way__317_en.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Prefs Script

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("4chan.ch_frames", true);
user_pref("4chan.chan_frames", false);
user_pref("4chan.disable_all_page_features", false);
user_pref("4chan.enable_inline_post_expand", true);
user_pref("4chan.enable_post_expander", true);
user_pref("4chan.enable_quick_reply", true);
user_pref("4chan.enable_thread_watch", true);
user_pref("4chan.force_menu_background_colour", false);
user_pref("4chan.hidden_posts", "");
user_pref("4chan.hiddenboards", "");
user_pref("4chan.hide_closed_boards", false);
user_pref("4chan.hp_enable", true);
user_pref("4chan.ii_enable", true);
user_pref("4chan.ii_enable_spoiler", true);
user_pref("4chan.ii_last_shown_ad", 1218058436);
user_pref("4chan.ii_limit_size", false);
user_pref("4chan.ii_max_height", 1000);
user_pref("4chan.ii_max_width", 1000);
user_pref("4chan.ii_width_newline_threshold", 500);
user_pref("4chan.last_run_version", "0.4.5.12");
user_pref("4chan.menu_background_colour", "white");
user_pref("4chan.nav_bottom_space", false);
user_pref("4chan.nav_enable", true);
user_pref("4chan.parser_max_replies", 100);
user_pref("4chan.parser_runtime_parsing", true);
user_pref("4chan.qr_close", true);
user_pref("4chan.qr_default_email", "");
user_pref("4chan.qr_default_username", "");
user_pref("4chan.qr_focus_after_quote", true);
user_pref("4chan.qr_inline", true);
user_pref("4chan.qr_quote_new_line", false);
user_pref("4chan.qr_show_quote", true);
user_pref("4chan.qr_show_quote_reply", false);
user_pref("4chan.reports_show_button", true);
user_pref("4chan.show_menu_bar", true);
user_pref("4chan.show_right_click", true);
user_pref("4chan.show_to_first_post_button", true);
user_pref("4chan.switch_menu_click_behaviour", false);
user_pref("4chan.tw_inline_pos_x", 10);
user_pref("4chan.tw_inline_pos_y", 40);
user_pref("4chan.tw_show_inline", true);
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.disable_button.showUpdateHistory", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1228680445);
user_pref("app.update.lastUpdateTime.background-update-timer", 1228680445);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1228681045);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1228680445);
user_pref("app.update.lastUpdateTime.restart-nag-timer", 1196474986);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1228753786);
user_pref("bettergmail2.enabled.addrowhighlights", true);
user_pref("bettergmail2.enabled.airskin", false);
user_pref("bettergmail2.enabled.attachmenticons", true);
user_pref("bettergmail2.enabled.bluegreyskin", false);
user_pref("bettergmail2.enabled.blueskin", false);
user_pref("bettergmail2.enabled.bottomposting", false);
user_pref("bettergmail2.enabled.bottompostinreply", false);
user_pref("bettergmail2.enabled.composeto", false);
user_pref("bettergmail2.enabled.filterassistant", false);
user_pref("bettergmail2.enabled.filterasst", false);
user_pref("bettergmail2.enabled.folders4gmail", false);
user_pref("bettergmail2.enabled.folders4gmailredesigned", false);
user_pref("bettergmail2.enabled.forceencrypted", false);
user_pref("bettergmail2.enabled.gmailblue", false);
user_pref("bettergmail2.enabled.graysandblues", false);
user_pref("bettergmail2.enabled.hidechat", false);
user_pref("bettergmail2.enabled.hidegmailchat", false);
user_pref("bettergmail2.enabled.hideinvites", true);
user_pref("bettergmail2.enabled.hideinvitesbox", true);
user_pref("bettergmail2.enabled.hidespamcount", false);
user_pref("bettergmail2.enabled.htmlsigs", false);
user_pref("bettergmail2.enabled.inboxcount", true);
user_pref("bettergmail2.enabled.inboxcountfirst", true);
user_pref("bettergmail2.enabled.labellinks4gmail", false);
user_pref("bettergmail2.enabled.macros", false);
user_pref("bettergmail2.enabled.macros-sewpafly", false);
user_pref("bettergmail2.enabled.macrosmodified", false);
user_pref("bettergmail2.enabled.none", true);
user_pref("bettergmail2.enabled.redesigned", false);
user_pref("bettergmail2.enabled.rowhighlights", true);
user_pref("bettergmail2.enabled.secure", true);
user_pref("bettergmail2.enabled.showagenda", false);
user_pref("bettergmail2.enabled.showbcc", false);
user_pref("bettergmail2.enabled.showbccalways", false);
user_pref("bettergmail2.enabled.showbccautomatically", false);
user_pref("bettergmail2.enabled.showbccctrlshiftb", false);
user_pref("bettergmail2.enabled.showbccctrlshiftv", false);
user_pref("bettergmail2.enabled.showcc", false);
user_pref("bettergmail2.enabled.showccalways", false);
user_pref("bettergmail2.enabled.showccautomatically", false);
user_pref("bettergmail2.enabled.showccctrlshiftc", false);
user_pref("bettergmail2.enabled.showcollapsiblecalendarandreader", false);
user_pref("bettergmail2.enabled.showeditablesubject", false);
user_pref("bettergmail2.enabled.showmessagedetails", false);
user_pref("bettergmail2.enabled.showmsgdetails", false);
user_pref("bettergmail2.enabled.spamcounthide", false);
user_pref("bettergmail2.loaded", true);
user_pref("browser.anchor_color", "#0000FF");
user_pref("browser.cache.disk.capacity", 65536);
user_pref("browser.display.background_color", "#C0C0C0");
user_pref("browser.display.use_system_colors", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\HP_Administrator\\Desktop");
user_pref("browser.download.downloadDir", "C:\\Documents and Settings\\HP_Administrator\\My Documents\\My Downloads");
user_pref("browser.download.lastDir", "C:\\Documents and Settings\\HP_Administrator\\Desktop");
user_pref("browser.download.manager.alertOnEXEOpen", false);
user_pref("browser.download.manager.showAlertOnComplete", false);
user_pref("browser.download.manager.showWhenStarting", false);
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.download.useDownloadDir", false);
user_pref("browser.feeds.handler.default", "bookmarks");
user_pref("browser.feeds.showFirstRunUI", false);
user_pref("browser.formfill.enable", false);
user_pref("browser.history_expire_days", 0);
user_pref("browser.history_expire_days.mirror", 180);
user_pref("browser.link.open_external", 2);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.preferences.advanced.selectedTabIndex", 1);
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.startup.homepage", "http://www.thetechgu...hp?showforum=4");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.4");
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.visited_color", "#800080");
user_pref("content.interrupt.parsing", true);
user_pref("content.notify.backoffcount", 5);
user_pref("downbar.function.donateTextInterval", "1228759394996");
user_pref("downbar.function.firstRun", false);
user_pref("downbar.function.useTooltipOpacity", true);
user_pref("downbar.function.version", "0.9.6");
user_pref("extensions.adblockplus.checkedadblockinstalled", true);
user_pref("extensions.adblockplus.checkedtoolbar", true);
user_pref("extensions.adblockplus.currentVersion", "1.0");
user_pref("extensions.adblockplus.showinstatusbar", true);
user_pref("extensions.adblockplus.showsubscriptions", false);
user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0,[email protected]:0.7.1,[email protected]:1.9,{D
4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3,[email protected]:2.11,{EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.16,[email protected]:1.1,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,[email protected]:1.0,[email protected]:1.3.0.13,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4");
user_pref("extensions.fastdial.version", "2.11");
user_pref("extensions.googlepreview.insertranks", true);
user_pref("extensions.googlepreview.maxPerPage", 10);
user_pref("extensions.googlepreview.showGP", true);
user_pref("extensions.googlepreview.version", 314);
user_pref("extensions.lastAppVersion", "3.0.4");
user_pref("extensions.piclens.EffectsMode", "auto");
user_pref("extensions.piclens.InstanceId", "gzmv8EM2CU6tUzGr5qbKnA==");
user_pref("extensions.piclens.ShowWelcomeOnUpdate", "true");
user_pref("extensions.piclens.UpdateInfo", "H4sIAAAAAAAAC+1Wz0/CMBT+b3oiZIMpXnZAoidIiFvwQHYo7ZM1dK1p35j897aDEBHlopG4dL297/3+9iXPojbAM6RoF2Cs0CqNB8Q2T6A4GDAeqW06IKquprRWrASbRsQ68xyM0D7UYC4qcHGDOB7Go9ukn9
wlw9ENQY1UzgWbgrKtS9SP2s9nm2kOuaHKCnRVfVJnHPO8rKvVRAq2OZiykhp4BOAryjYfgQdFVxLOXA/1jnYL1Piu73f57hXSZdQ7ewWBN4HOYwZYan7mUxCmFYLCSUnVGi45bgU0HnfDHdCCoBv9s62hUo5ZO/m32U4zV6f7+iKqILJlaA/YI1IQKwWHxb61/RaWl4pdaKP3T+JcYNcnLAjdrjPPrNfWD4nt/Wnzodrv/bBhl9dmrhXiVFMedBh0GHZ5RR2+UCGBeymGQ6dLh44FCQyBP7urOZyxXWO3Cax2j9V3");
user_pref("extensions.piclens.Version", "1.7.0.3459");
user_pref("extensions.speeddial.currentVersion", "0.7.2.6");
user_pref("extensions.speeddial.maximumWidth", 2400);
user_pref("extensions.speeddial.thumbnailImageHeight", 800);
user_pref("extensions.speeddial.thumbnailImageWidth", 800);
user_pref("extensions.speeddial.widthModifier", 80);
user_pref("extensions.update.notifyUser", false);
user_pref("extensions.yapta.currentversion", "1.3.0.13");
user_pref("extensions.yapta.firstrun", false);
user_pref("extensions.yapta.sidebar.autoopen", false);
user_pref("font.size.variable.x-western", 20);
user_pref("googlepreview.insertimages", true);
user_pref("intl.accept_languages", "en-us");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1, windows-1252, windows-1250, us-ascii");
user_pref("keyword.URL", "http://www9.yoog.com.../search.php?q=");
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.dns.disableIPv6", true);
user_pref("network.http.pipelining", true);
user_pref("network.http.pipelining.maxrequests", 8);
user_pref("network.http.pipelining.ssl", true);
user_pref("network.http.proxy.pipelining", true);
user_pref("network.proxy.no_proxies_on", "*.local");
user_pref("nglayout.initialpaint.delay", 0);
user_pref("plugin.expose_full_path", true);
user_pref("pref.browser.homepage.disable_button.current_page", false);
user_pref("pref.general.disable_button.default_browser", false);
user_pref("pref.privacy.disable_button.cookie_exceptions", false);
user_pref("pref.privacy.disable_button.view_cookies", false);
user_pref("print.print_bgcolor", false);
user_pref("print.print_bgimages", false);
user_pref("print.print_command", "");
user_pref("print.print_downloadfonts", true);
user_pref("print.print_evenpages", true);
user_pref("print.print_in_color", true);
user_pref("print.print_margin_bottom", "0.5");
user_pref("print.print_margin_left", "0.5");
user_pref("print.print_margin_right", "0.5");
user_pref("print.print_margin_top", "0.5");
user_pref("print.print_oddpages", true);
user_pref("print.print_orientation", 0);
user_pref("print.print_pagedelay", 500);
user_pref("print.print_paper_data", 0);
user_pref("print.print_paper_height", " 11.00");
user_pref("print.print_paper_size", 1667591790);
user_pref("print.print_paper_size_type", 1);
user_pref("print.print_paper_size_unit", 0);
user_pref("print.print_paper_width", " 8.50");
user_pref("print.print_printer", "HP Photosmart C4380 series");
user_pref("print.print_reversed", false);
user_pref("print.print_scaling", " 1.00");
user_pref("print.print_shrink_to_fit", true);
user_pref("print.print_to_file", false);
user_pref("print.print_to_filename", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_bgcolor", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_bgimages", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_command", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_downloadfonts", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_bottom", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_left", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_right", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_top", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_evenpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_footercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_footerleft", "&PT");
user_pref("print.printer_HP_Photosmart_C4380_series.print_footerright", "&D");
user_pref("print.printer_HP_Photosmart_C4380_series.print_headercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_headerleft", "&T");
user_pref("print.printer_HP_Photosmart_C4380_series.print_headerright", "&U");
user_pref("print.printer_HP_Photosmart_C4380_series.print_in_color", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_bottom", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_left", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_right", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_top", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_oddpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_orientation", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_pagedelay", 500);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_data", 1);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_height", " 11.00");
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_size", 1667591790);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_size_type", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_size_unit", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_width", " 8.50");
user_pref("print.printer_HP_Photosmart_C4380_series.print_reversed", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_scaling", " 1.00");
user_pref("print.printer_HP_Photosmart_C4380_series.print_shrink_to_fit", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_to_file", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_to_filename", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_left", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_right", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_top", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_bgcolor", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_bgimages", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_command", "");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_downloadfonts", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_evenpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_footercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_footerleft", "&PT");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_footerright", "&D");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_headercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_headerleft", "&T");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_headerright", "&U");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_in_color", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_bottom", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_left", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_right", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_top", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_oddpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_orientation", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_pagedelay", 500);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_data", 1);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_height", " 11.00");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_size", 1667591790);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_size_type", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_size_unit", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_width", " 8.50");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_reversed", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_scaling", " 1.00");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_shrink_to_fit", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_to_file", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_to_filename", "");
user_pref("print.printer_Send_To_OneNote_2007.print_bgcolor", false);
user_pref("print.printer_Send_To_OneNote_2007.print_bgimages", false);
user_pref("print.printer_Send_To_OneNote_2007.print_command", "");
user_pref("print.printer_Send_To_OneNote_2007.print_downloadfonts", true);
user_pref("print.printer_Send_To_OneNote_2007.print_evenpages", true);
user_pref("print.printer_Send_To_OneNote_2007.print_footercenter", "");
user_pref("print.printer_Send_To_OneNote_2007.print_footerleft", "&PT");
user_pref("print.printer_Send_To_OneNote_2007.print_footerright", "&D");
user_pref("print.printer_Send_To_OneNote_2007.print_headercenter", "");
user_pref("print.printer_Send_To_OneNote_2007.print_headerleft", "&T");
user_pref("print.printer_Send_To_OneNote_2007.print_headerright", "&U");
user_pref("print.printer_Send_To_OneNote_2007.print_in_color", true);
user_pref("print.printer_Send_To_OneNote_2007.print_margin_bottom", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_margin_left", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_margin_right", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_margin_top", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_oddpages", true);
user_pref("print.printer_Send_To_OneNote_2007.print_orientation", 0);
user_pref("print.printer_Send_To_OneNote_2007.print_pagedelay", 500);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_data", 1);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_height", " 11.00");
user_pref("print.printer_Send_To_OneNote_2007.print_paper_size", 1667591790);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_size_type", 0);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_size_unit", 0);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_width", " 8.50");
user_pref("print.printer_Send_To_OneNote_2007.print_reversed", false);
user_pref("print.printer_Send_To_OneNote_2007.print_scaling", " 1.00");
user_pref("print.printer_Send_To_OneNote_2007.print_shrink_to_fit", true);
user_pref("print.printer_Send_To_OneNote_2007.print_to_file", false);
user_pref("print.printer_Send_To_OneNote_2007.print_to_filename", "");
user_pref("print.printer_hp_psc_1200_series.print_bgcolor", false);
user_pref("print.printer_hp_psc_1200_series.print_bgimages", false);
user_pref("print.printer_hp_psc_1200_series.print_command", "");
user_pref("print.printer_hp_psc_1200_series.print_downloadfonts", true);
user_pref("print.printer_hp_psc_1200_series.print_evenpages", true);
user_pref("print.printer_hp_psc_1200_series.print_footercenter", "");
user_pref("print.printer_hp_psc_1200_series.print_footerleft", "&PT");
user_pref("print.printer_hp_psc_1200_series.print_footerright", "&D");
user_pref("print.printer_hp_psc_1200_series.print_headercenter", "");
user_pref("print.printer_hp_psc_1200_series.print_headerleft", "&T");
user_pref("print.printer_hp_psc_1200_series.print_headerright", "&U");
user_pref("print.printer_hp_psc_1200_series.print_in_color", true);
user_pref("print.printer_hp_psc_1200_series.print_margin_bottom", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_margin_left", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_margin_right", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_margin_top", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_oddpages", true);
user_pref("print.printer_hp_psc_1200_series.print_orientation", 0);
user_pref("print.printer_hp_psc_1200_series.print_pagedelay", 500);
user_pref("print.printer_hp_psc_1200_series.print_paper_data", 1);
user_pref("print.printer_hp_psc_1200_series.print_paper_height", " 11.00");
user_pref("print.printer_hp_psc_1200_series.print_paper_size", 7536737);
user_pref("print.printer_hp_psc_1200_series.print_paper_size_type", 0);
user_pref("print.printer_hp_psc_1200_series.print_paper_size_unit", 0);
user_pref("print.printer_hp_psc_1200_series.print_paper_width", " 8.50");
user_pref("print.printer_hp_psc_1200_series.print_reversed", false);
user_pref("print.printer_hp_psc_1200_series.print_scaling", " 1.00");
user_pref("print.printer_hp_psc_1200_series.print_shrink_to_fit", false);
user_pref("print.printer_hp_psc_1200_series.print_to_file", false);
user_pref("print.printer_hp_psc_1200_series.print_to_filename", "");
user_pref("security.warn_viewing_mixed", false);
user_pref("spellchecker.dictionary", "en-US");
user_pref("ui.submenuDelay", 0);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1229716335);
user_pref("urlclassifier.tableversion.goog-black-enchash", "1.53409");
user_pref("urlclassifier.tableversion.goog-black-url", "1.22409");
user_pref("urlclassifier.tableversion.goog-white-domain", "1.480");
user_pref("urlclassifier.tableversion.goog-white-url", "1.371");
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.103", "");

#37 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 07:44 PM

Going out for a pint and to watch the Football game, I'll catch ya later

#38 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 10:16 PM

Thanks for the info Andy
Can you again open Pref.js, ensure Firefox is closed
Delete any line referring to Yoog>>Delete the whole line
Ensure to save the changes

Manually navigate to the following folder
C:\Program Files\Mozilla Firefox\searchplugins
Delete any reference to YOOG

Let me know if that helps

I take it that IE7 is still OK?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#39 Andy k

Andy k

    Member

  • Members
  • PipPipPip
  • 95 posts

Posted 08 December 2008 - 11:18 PM

NoDice,

I edited the prefs script and used Cntrl + F to find everything with "Yoog" in it.

I looked at all the scripts for the searchplugins and none of them had anything to do with Yoog.

Yoog still persists on both FireFox and IE7

#40 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 December 2008 - 11:29 PM

Can you run RegQuery again on those 2 lines
and post the results
Here they are again
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]

and

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]


In addition, if you still have RSIT.exe
can you run it and post both logs
If you have to, upload them please


Just realized you may not have rsit.exe
Here's the instructions
Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.


Post both those logs please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here