Jump to content


Photo

Yontoo


  • This topic is locked This topic is locked
7 replies to this topic

#1 aspirit

aspirit

    Member

  • Members
  • PipPip
  • 18 posts

Posted 06 March 2013 - 01:44 AM

I have yontoo showing up and can not remove it.

I believe yontoo is causing numerous problems. There could be something else but I believe yontoo is the main culprit

I have Ad Aware total security and Lavasoft registry tuner.
I ran a virus scan that came back clean. Then I tried to run DDS but it would not run so I removed total security from my startup and tried to run DDS with out Ad Aware running and DDS still just freezes. I even tried in safe mode with the same result.

So I cannot post DDS log fife but I was able to run OTL and here are those files.



Any help is appreciated

Attached Files

  • Attached File  Extras.Txt   59.12KB   212 downloads
  • Attached File  OTL.Txt   157.06KB   137 downloads


#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7534 posts

Posted 07 March 2013 - 12:40 AM

Hi aspirit,

Please, uninstall:
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 26
since they are old versions with many known vulnerabilities that can be exploited by a web page to infect the computer.

Please, save AdwCleaner by Xplode on the desktop: http://general-chang...de/2-adwcleaner

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Search button.
Wait until the search has finished.
A report will be displayed, copy its content and paste into your answer.
If the report isn't displayed, it exist as C:\AdwCleaner[R1].txt.


#3 aspirit

aspirit

    Member

  • Members
  • PipPip
  • 18 posts

Posted 07 March 2013 - 12:56 AM

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 17:54:54
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium (32 bits)
# User : Bill - BILL-PC
# Boot Mode : Normal
# Running from : C:\Users\Bill\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Folder Found : C:\Users\Bill\AppData\LocalLow\boost_interprocess
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\Software\Tarma Installer
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18882
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.152
File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v [Unable to get version]
File : C:\Users\Bill\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2489 octets] - [06/03/2013 17:54:54]
########## EOF - C:\AdwCleaner[R1].txt - [2549 octets] ##########

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7534 posts

Posted 07 March 2013 - 01:14 AM

Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Delete button.

Click on OK.
The computer will be restarted.

A report will be displayed, copy its content and paste into your answer.
If the report isn't displayed, it exist as C:\AdwCleaner[S1].txt

How is the computer working now?

#5 aspirit

aspirit

    Member

  • Members
  • PipPip
  • 18 posts

Posted 07 March 2013 - 01:47 AM

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 18:26:42
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium (32 bits)
# User : Bill - BILL-PC
# Boot Mode : Normal
# Running from : C:\Users\Bill\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Folder Deleted : C:\Users\Bill\AppData\LocalLow\boost_interprocess
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18882
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.152
File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v [Unable to get version]
File : C:\Users\Bill\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2618 octets] - [06/03/2013 17:54:54]
AdwCleaner[S1].txt - [2595 octets] - [06/03/2013 18:26:42]
########## EOF - C:\AdwCleaner[S1].txt - [2655 octets] ##########

#6 aspirit

aspirit

    Member

  • Members
  • PipPip
  • 18 posts

Posted 07 March 2013 - 01:47 AM

Yontoo is gone and things seem to be working much smother.

Thank you very much for the help.

#7 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7534 posts

Posted 07 March 2013 - 02:28 AM

Good!

You are welcome :)

Time for final clean-up.

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

2. Start OTL program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.
If any logs remain on the computer you can remove them.

3. Improve the security in the computer
It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingc...th-secunia-psi/ describes how to install and use the program.

#8 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7534 posts

Posted 02 June 2013 - 12:02 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users