There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot browser bsod computer crash css dell desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware help please hijackthis hjt install internet internet explorer itunes javascript keyboard laptop log malware monitor network networking openoffice outlook outlook 2003 outlook express password php popups problem router seo slow sound sp3 spyware startup trojan usb video virtumonde virus vista vundo windows windows xp winxp wireless youtube
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Removal of YOK in IE


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
hubba092's Avatar
Junior Member with 1 posts.
  
Join Date: May 2008
15-May-2008, 08:50 AM #1
Removal of YOK in IE
Hi All,
Have a windows 2003 server with YOK on it, used Adaware and Symantec but no luck so far.
Found some articles on the web about this but not sure on which solution is best. As this is the works server do not want to kill it if you know what I mean.
Below is a log file from Hijack this

Have changed the domain name to acme

Thanks
Karl

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:45 PM, on 15/05/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator.acme\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\Program Files\Dell\OpenManage\Drac\client\RacAddrs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\Program Files\Dell\OpenManage\Drac\client\MStation.exe
C:\Program Files\Digital Design Ltd\Installers\TZPCINST.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\yok\yok.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
D:\Public\Data\PROGRAMS\ISYS\ISYSSC.EXE
D:\Public\Data\PROGRAMS\ISYS\ISYSSC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
C:\PROGRA~1\yok\yok.exe
c:\NetcareTemp\KRlyCLis.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.200/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\yok\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: YOK - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar8.dll
O3 - Toolbar: ISYS Search - {E038C6C6-666B-43AA-AE82-A296AF7A80D2} - D:\Public\Data\PROGRAMS\ISYS8\ISYSBAND.DLL
O3 - Toolbar: YOK - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\yok\toolbar.dll
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
O4 - HKLM\..\Run: [CYBERRAC] D:\Program Files\Dell\OpenManage\Drac\client\CmdSrvr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKCU\..\Run: [ISYS Start Center] D:\Public\Data\PROGRAMS\ISYS\ISYSSC.EXE
O4 - HKCU\..\Run: [ISYSSC] D:\Public\Data\PROGRAMS\ISYS\ISYSSC.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4168226017-631610445-1878099067-1611\..\Run: [] (User 'person')
O4 - HKUS\S-1-5-21-4168226017-631610445-1878099067-1611\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 (User 'person')
O4 - HKUS\S-1-5-21-4168226017-631610445-1878099067-1617\..\Run: [] (User 'Lee')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - S-1-5-21-4168226017-631610445-1878099067-1611 Startup: AdobeWeb.log (User 'person')
O4 - S-1-5-21-4168226017-631610445-1878099067-1611 User Startup: AdobeWeb.log (User 'person')
O4 - S-1-5-21-4168226017-631610445-1878099067-1617 Startup: AdobeWeb.log (User 'Lee')
O4 - S-1-5-18 Startup: AdobeWeb.log (User 'SYSTEM')
O4 - .DEFAULT Startup: AdobeWeb.log (User 'Default user')
O4 - .DEFAULT User Startup: AdobeWeb.log (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOM.lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: AutoAdmin II.lnk = F:\Program Files\ASDS\AA2\AA2.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.acme\windows\system32\mswsock.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://support.dell.com (HKLM)
O15 - ESC Trusted Zone: http://support.ap.dell.com (HKLM)
O15 - ESC Trusted Zone: http://support.euro.dell.com (HKLM)
O15 - ESC Trusted Zone: http://www.dell.com (HKLM)
O15 - ESC Trusted Zone: http://www.ap.dell.com (HKLM)
O15 - ESC Trusted Zone: http://www.euro.dell.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1179990951797
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://odgp.com.au/Remote/msrdp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.2.1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acme.local
O17 - HKLM\Software\..\Telephony: DomainName = acme.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD1B538-D6CB-453D-B364-D8836B5A7D2A}: NameServer = 192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = acme.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = acme.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: MGE Network Shutdown Module - Unknown owner - C:\Program Files\MGE\NetworkShutdownModule\xmlclient.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: DRAC AddressBook Server (RacAddrBook) - American Megatrends Inc. - D:\Program Files\Dell\OpenManage\Drac\client\RacAddrs.exe
O23 - Service: DRAC CardObject Server (RacObject) - American Megatrends Inc. - D:\Program Files\Dell\OpenManage\Drac\client\MStation.exe
O23 - Service: Time Zones for PCs Installer - Digital Design Ltd. (DigitalDesignLtd.com) - C:\Program Files\Digital Design Ltd\Time Zones for PCs\TZPCINST.EXE
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11070 bytes
Reply

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 06:16 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.