[Laura Robbins]

I tried uploading each one individually but I couldn't find any of these. I am not positive that I searched correctly, but I went to my C drive, then Windows, then System 32, then Drivers. None of these files were listed within "drivers". I then copied/pasted the file name into the search feature at the bottom and clicked "open" but it said "File not fond"

[Advertisements]

That's ok. They were in the previous log, but not the last one. They may have already been removed by your antivirus.


Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.



Can you let me know if you are still experiencing the problem after these steps.

[patndoris]

That's ok. They were in the previous log, but not the last one. They may have already been removed by your antivirus.


Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.



Can you let me know if you are still experiencing the problem after these steps.

[Laura Robbins]

It shows no malicious malware was found. We are clearly still having problems.


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7698

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/12/2011 10:20:08 AM
mbam-log-2011-09-12 (10-20-08).txt

Scan type: Quick scan
Objects scanned: 180824
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[patndoris]

Were you able to complete the ESET scan?

[Laura Robbins]

These are the threats found:

C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000302 JS/Kryptik.BJ.Gen trojan
Operating memory Win32/Adware.Yontoo.A application

[patndoris]

The first thing I would recommend you do is to go to your Control Panel > Add/Remove Programs and uninstall Yontoo. It is what we consider a PUA (potentially unwanted application).

Yontoo Layers or Drop Down Deals browser add-on - creates virtual layers that can be edited to create the appearance of having made changes to the underlying website. Has ads in the layers with no obvious warning on install.

The choice is yours, but if it were my machine, I would not want this program on there.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000302

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe. ComboFix may request an update; please allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Download TFC to your desktop

• This tool cleans files from temp locations, and empties the Recycle Bin. If you have an objection to these locations being cleaned please stop now and let me know.
• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

Can you please tell me how the machine is running now?

[Laura Robbins]

I tried removing yontoo. I got a message that said an error ocurred while trying to remove and that it may already have been uninstalled. I never uninstalled this. It then asked if I wanted to remove it from programs and features. Should I clieck yes? If I do, I thought that may just remove it from the LIST of programs but not actually uninstall it. What to do?

[patndoris]

When there is a botched uninstall (which I've had before and it can be very frustrating) RevoUninstaller will work to clean up any remaining files. This is a program I personally use for all my uninstalls to help keep my system clean. I think it will work nicely for this problem.

Download Revo Uninstaller

• Double click the installation file on the desktop to run the installer.
• Let it install to the default location.
• Double click the new Revo Uninstaller Icon on the desktop to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

• Locate the program you are uninstalling Yontoo
• Right Click the Icon then choose Uninstall.
• Click yes to the warning and choose the Uninstall Mode
• Choose the Advanced option and then click Next.
• This will launch the programs built in uninstaller. Be patient it can take several seconds.
• Once the uninstaller is done click Next.
• Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
• Once this scan is done click Next.
• You will then be presented of the leftover entries found by Revo Uninstaller
• Look at ALL of the entries to ensure they relate to the uninstall.
• Next click Select All > Delete to remove the entries.
• Click Next.
• If there are any program file folders left over you will be presented with a list to be removed.
• Again look at ALL of the entries to ensure they are related to the uninstall.
• Click Select All > Delete to remove the entries.
• Click Finish to go back to the uninstall list.
• Close the program

Can you tell me if you are still experiencing the typing issues?

[Laura Robbins]

I am running combofix. It says that it will take 10 mins. or double for serious infections. It's been running almost 45 mins. and says that it's completed stage 4. The curser underneath that is still blinking. Any ideas for me? I know that this is not your fault. I'm just getting so frustrated b/c we need this computer for business and it's taking so long to repair. Thanks for your help.

[patndoris]

I hope you are not posting from the same computer you are running Combofix on at this time. You should not do anything on that machine when Combofix is running or it will cause it to stall and not perform properly.

Removing malware can be very frustrating. Tools that work for one thing may not work for another. It may take several different tools to try and remove infections. There are new infections released every day, and in some cases our tools can't even see them.

In my experience, the lower number of the Combofix scan are the slowest, and once it gets to higher stages it speeds up. However, that said, 45 minutes is a long time. If it does not move soon, you can cancel the scan and see if you can delete that file manually by browsing to it and choosing right-click and delete. You should also be sure to remove Yontoo with RevoUninstaller.

Please let me know if Combofix finishes or if you delete the file manually, as well as if you were able to successfully remove Yontoo with RevoUninstaller.

[Laura Robbins]

Thanks. I have removed Yontoo. Yes, I was posting from this machine. I will try to remove the file the other way, or close this and try to rerun combo fix. Thanks.

[patndoris]

You are welcome. Let me know if you are able to get rid of that file and we'll finish up.

[Laura Robbins]

I'm working on it. I think I was able to find the file but when I try to delete it, it says it will send it to the recycle.

[patndoris]

That's fine as long as you empty your recycle bin afterwards.

[Laura Robbins]

OK I tried to run the scan again - took forever and just was stuck after the 4th stage. I then manually removed the file. There was only one there but when I typed it into the search bar, it found it listed twice. (Two icons for the same exact file). I removed one, then removed from recycle. However, when I went to remove the other, it allowed me to click delete, but then I got a message saying that it could not find the file, that it's not in the C drive and to verify its location. I assume that it was removed but if so, why is there still an icon for it? Should I go ahead and run that next scan you had suggested?