I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Adware Yontoo
SHA256: e50c36647c0210664490fb3a77d093dc6addc44aa27e40234eb43a5e6fee0bbe
SHA1: 56148645996e4d3c930351a84cf1c1d7131766d6
MD5: 3d81f8e46196174be71478be416c761e
File size: 1199344 bytes
Created files:
%Program Files%\Yontoo\YontooIEClient.dll – Adware Yontoo
%Common AppData%\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe – Adware Yontoo
%Common AppData%\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll – Adware Yontoo
%Common AppData%\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe – Adware Yontoo
%Common AppData%\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll – Adware Yontoo
%Common AppData%\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll – Adware Yontoo
%Temp%\1DB7DD5B\x64\regsvr32.exe – Adware Yontoo
%Temp%\1DB7DD5B\x86\regsvr32.exe – Adware Yontoo
%Temp%\1DB7DD5B\_Setup.dll – Adware Yontoo
%Temp%\311D6D73\x64\regsvr32.exe – Adware Yontoo
%Temp%\311D6D73\x86\regsvr32.exe – Adware Yontoo
%Temp%\311D6D73\_Setup.dll – Adware Yontoo
%Temp%\311D6D73\_Setupx.dll – Adware Yontoo
%Temp%\3D81F8E46196174BE71478BE416C761E.exe-0704.exe – Adware Yontoo
%Temp%\7za.exe – Adware Yontoo
%Temp%\OptChrome.exe – Adware Yontoo
%Temp%\sqlite3.exe – Adware Yontoo
%Temp%\YontooIEClient.dll – Adware Yontoo
%Temp%\YontooSetup-S-0768.exe – Adware Yontoo
%Temp%\YontooSetup-S.exe – Adware Yontoo
Adware Yontoo created autostart registry keys:
HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32 : %Program Files%\Yontoo\YontooIEClient.dll
HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32 : %Program Files%\Yontoo\YontooIEClient.dll
HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32 : %Program Files%\Yontoo\YontooIEClient.dll
HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32\ThreadingModel: Apartment