I cannot uninstall Yontoo

[YuYu]

Hi,

I've got a problem with yontoo, i see that it's in my list of application but i cannot remove it, when i try to uninstall it i get an error.

I've already scanned my laptop with malwarebytes and it detected quite some stuff that i have removed, but i'm not sure that only yontoo is still there.

I'm now running microsoft security scanner again and waiting for the results but i can see already that there's something malicious.

I've scanned my laptop with dds and that's what i get:

I'm really thinking that i should make a back up and format

Thanks!

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_39

Run by Giulia at 19:50:40 on 2013-06-08

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1304 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Acer\ALaunch\ALaunchSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yontoo\Y2Desktop.Updater.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\wbem\unsecapp.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Program Files\MarkAny\ContentSafer\MaAgent.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Users\Giulia\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Acer\Acer VCM\acp2HID.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Giulia\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\mcbuilder.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k WindowsMobile

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.nl/

uSearch Bar = Preserve

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://it.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://it.intl.acer.yahoo.com

uProxyOverride = local;*.local

BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - <orphaned>

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll

TB: Yahoo! Toolbar con blocco Pop-Up: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe

uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart

uRun: [Google Update] "c:\users\giulia\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

mRun: [Acer Tour] <no file>

StartupFolder: c:\users\giulia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {0D876D18-13BD-4D80-B946-F4714200F528} - hxxp://chiamagratis.abbeyphone.com/gui/usr/cab/ChiamagratisXVOW.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{94855534-3589-4CF9-B477-24660C1520A9} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{EB8FB831-B860-458F-B493-F20FFD3F74F4} : DHCPNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\program files\markany\contentsafer\MACSMANAGER.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-3-24 41456]

R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-12-21 50688]

R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-27 21504]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-3-24 233472]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]

R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-3-29 23552]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-21 179712]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-12-21 43008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2007-12-21 26368]

S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-12-21 42240]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-26 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2013-06-08 13:34:53 724464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af0b6630-36af-490e-8779-3226696f24e2}\gapaengine.dll

2013-06-08 13:34:36 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{316e11ab-b2f4-4916-aa33-215256c88f8c}\mpengine.dll

2013-06-08 13:31:54 -------- d-----w- c:\program files\Microsoft Security Client

2013-06-08 06:30:45 -------- d-----w- c:\users\giulia\appdata\roaming\Malwarebytes

2013-06-08 06:30:14 -------- d-----w- c:\programdata\Malwarebytes

2013-06-08 06:26:58 -------- d-----w- c:\users\giulia\appdata\local\ElevatedDiagnostics

2013-05-30 20:09:19 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2013-05-28 15:54:09 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5a3a39bb-4751-45af-8a0f-e7df7b90b3a3}\mpengine.dll

2013-05-18 15:49:41 -------- d-----w- c:\users\giulia\appdata\local\Nokia

2013-05-18 15:49:18 -------- d-----w- c:\programdata\NokiaMusic

2013-05-18 15:35:38 -------- d-----w- c:\program files\common files\PCSuite

2013-05-18 15:35:27 -------- d-----w- c:\program files\common files\Nokia

2013-05-18 15:34:01 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2013-05-18 15:32:03 -------- d-----w- c:\program files\PC Connectivity Solution

2013-05-18 15:23:11 -------- d-----w- c:\programdata\NokiaInstallerCache

2013-05-18 15:23:11 -------- d-----w- c:\program files\Nokia

2013-05-15 16:57:51 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 16:57:51 37376 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 16:57:29 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-05-14 11:31:10 6128760 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

2013-05-14 11:31:10 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2013-05-15 17:38:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 17:38:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 19.52.47,83 ===============

[MrCharlie]

Welcome to the forum.

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[YuYu]

Hi MrCharlie,

This is what i get, now i go to sleep...

# AdwCleaner v2.303 - Logfile creato il 09/06/2013 alle 00:18:30

# Aggiornamento 08/06/2013 by Xplode

# Sistema Operativo : Windows Vista Home Premium Service Pack 2 (32 bits)

# Utente : Giulia - PC-GIULIA

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Users\Giulia\Downloads\adwcleaner (3).exe

# Opzioni [Cerca]

***** [servizi] *****

Trovato : Yontoo Desktop Updater

***** [File / Cartelle] *****

Cartella Trovato : C:\Program Files\Conduit

Cartella Trovato : C:\Program Files\GamesBar

Cartella Trovato : C:\Program Files\Yontoo

Cartella Trovato : C:\ProgramData\GamesBar

Cartella Trovato : C:\ProgramData\Tarma Installer

Cartella Trovato : C:\Users\Giulia\AppData\Local\Conduit

Cartella Trovato : C:\Users\Giulia\AppData\Local\Ilivid

Cartella Trovato : C:\Users\Giulia\AppData\Local\PackageAware

Cartella Trovato : C:\Users\Giulia\AppData\Local\SwvUpdater

Cartella Trovato : C:\Users\Giulia\AppData\LocalLow\Conduit

Cartella Trovato : C:\Users\Giulia\AppData\Roaming\iWin

Cartella Trovato : C:\Users\Giulia\AppData\Roaming\Yontoo

Cartella Trovato : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

File Trovato : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url

File Trovato : C:\Windows\system32\roboot.exe

***** [Registro] *****

Chiave Trovata : HKCU\Software\Alexa Internet

Chiave Trovata : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Chiave Trovata : HKCU\Software\AppDataLow\Software\Conduit

Chiave Trovata : HKCU\Software\Conduit

Chiave Trovata : HKCU\Software\Imesh

Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Chiave Trovata : HKCU\Software\YahooPartnerToolbar

Chiave Trovata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB

Chiave Trovata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1

Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}

Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2306678

Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2440453

Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2576279

Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}

Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Chiave Trovata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Chiave Trovata : HKLM\Software\Conduit

Chiave Trovata : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Chiave Trovata : HKLM\Software\Tarma Installer

Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [browser Internet] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registro Pulito.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Giulia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

-\\ Opera v [impossibile rilevare la versione]

File : C:\Users\Giulia\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [5584 octets] - [09/06/2013 00:18:30]

########## EOF - C:\AdwCleaner[R1].txt - [5644 octets] ##########

[MrCharlie]

Lots of adware found....lets clear it out.....

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Reboot and let me know how it is.....MrC

[YuYu]

ok, i coudn't wait that's the log i've got after cleaning and rebooting:

# AdwCleaner v2.303 - Logfile creato il 09/06/2013 alle 00:32:05

# Aggiornamento 08/06/2013 by Xplode

# Sistema Operativo : Windows Vista Home Premium Service Pack 2 (32 bits)

# Utente : Giulia - PC-GIULIA

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Users\Giulia\Downloads\adwcleaner (3).exe

# Opzioni [Elimina]

***** [servizi] *****

Fermato & Eliminato : Yontoo Desktop Updater

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\Conduit

Cartella Eliminato : C:\Program Files\GamesBar

Cartella Eliminato : C:\Program Files\Yontoo

Cartella Eliminato : C:\ProgramData\GamesBar

Cartella Eliminato : C:\ProgramData\Tarma Installer

Cartella Eliminato : C:\Users\Giulia\AppData\Local\Conduit

Cartella Eliminato : C:\Users\Giulia\AppData\Local\Ilivid

Cartella Eliminato : C:\Users\Giulia\AppData\Local\PackageAware

Cartella Eliminato : C:\Users\Giulia\AppData\Local\SwvUpdater

Cartella Eliminato : C:\Users\Giulia\AppData\LocalLow\Conduit

Cartella Eliminato : C:\Users\Giulia\AppData\Roaming\iWin

Cartella Eliminato : C:\Users\Giulia\AppData\Roaming\Yontoo

Cartella Eliminato : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

File Eliminato : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url

File Eliminato : C:\Windows\system32\roboot.exe

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Alexa Internet

Chiave Eliminata : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit

Chiave Eliminata : HKCU\Software\Conduit

Chiave Eliminata : HKCU\Software\Imesh

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Chiave Eliminata : HKCU\Software\YahooPartnerToolbar

Chiave Eliminata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB

Chiave Eliminata : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2306678

Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2440453

Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2576279

Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}

Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Chiave Eliminata : HKLM\Software\Conduit

Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Chiave Eliminata : HKLM\Software\Tarma Installer

Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [browser Internet] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registro Pulito.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Giulia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

-\\ Opera v [impossibile rilevare la versione]

File : C:\Users\Giulia\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [5713 octets] - [09/06/2013 00:18:30]

AdwCleaner[s1].txt - [5782 octets] - [09/06/2013 00:32:05]

########## EOF - C:\AdwCleaner[s1].txt - [5842 octets] ##########

[YuYu]

it's not there anymore!!! yontoo !!! in my list of applications

you removed it!!!!

[MrCharlie]

Great......

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!