[solved]yuhmee adware

Tannia · Jun 19, 2004

I have an adware called yuhmee in my computer and I can't get rid of it. It slows down my IE browser tremendously and directs me to their url when I click on some links. Please, please help me get rid of it. I followed your instructions and ran ad-ware 6 with the latest update available before running HijackThis. Here is my HijackThis log:
--------------------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 6:55:40 PM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\downloads\hijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tannia the Goddess
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
R3 - URLSearchHook: (no name) - _{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
O1 - Hosts: 172.21.91.16 miasrvvss01 #PRE
O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
O1 - Hosts: 66.98.178.19 2001-007.com
O1 - Hosts: 66.98.178.19 ad-logics.com
O1 - Hosts: 66.98.178.19 ad.trafficmp.com
O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
O1 - Hosts: 66.98.178.19 adlog.com.com
O1 - Hosts: 66.98.178.19 admanmail.com
O1 - Hosts: 66.98.178.19 ads.specificpop.com
O1 - Hosts: 66.98.178.19 adtech.de
O1 - Hosts: 66.98.178.19 askmen.thruport.com
O1 - Hosts: 66.98.178.19 banner.0catch.com
O1 - Hosts: 66.98.178.19 bilbo.counted.com
O1 - Hosts: 66.98.178.19 c1.statcounter.com
O1 - Hosts: 66.98.178.19 c1.thecounter.com
O1 - Hosts: 66.98.178.19 c2.gostats.com
O1 - Hosts: 66.98.178.19 c2.thecounter.com
O1 - Hosts: 66.98.178.19 c3.thecounter.com
O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
O1 - Hosts: 66.98.178.19 cashcounter.com
O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
O1 - Hosts: 66.98.178.19 clit6.sextracker.com
O1 - Hosts: 66.98.178.19 clit8.sextracker.com
O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
O1 - Hosts: 66.98.178.19 counter.aaddzz.com
O1 - Hosts: 66.98.178.19 counter.bloke.com
O1 - Hosts: 66.98.178.19 counter.hitslink.com
O1 - Hosts: 66.98.178.19 counter.yadro.ru
O1 - Hosts: 66.98.178.19 counter14.sextracker.com
O1 - Hosts: 66.98.178.19 counter16.bravenet.com
O1 - Hosts: 66.98.178.19 counter17.bravenet.com
O1 - Hosts: 66.98.178.19 counter2.hitslink.com
O1 - Hosts: 66.98.178.19 counter26.bravenet.com
O1 - Hosts: 66.98.178.19 counter32.bravenet.com
O1 - Hosts: 66.98.178.19 counter34.breavenet.com
O1 - Hosts: 66.98.178.19 counter41.bravenet.com
O1 - Hosts: 66.98.178.19 counter47.bravenet.com
O1 - Hosts: 66.98.178.19 counter6.sextracker.com
O1 - Hosts: 66.98.178.19 counter8.bravenet.com
O1 - Hosts: 66.98.178.19 data.coremetrics.com
O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
O1 - Hosts: 66.98.178.19 dwclick.com
O1 - Hosts: 66.98.178.19 ebay.doubleclick.net
O1 - Hosts: 66.98.178.19 ehg-amerix.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-bestbuy.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-crain.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-dig.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-eckounlimited.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-espn.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-idg.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-liveperson.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-oreilley.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-space.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-sportsline.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-techtarget.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-tigerdirect.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-uniontrib.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-viacom.hitbox.com
O1 - Hosts: 66.98.178.19 ehg.commjun.hitbox.com
O1 - Hosts: 66.98.178.19 ehg.hitbox.com
O1 - Hosts: 66.98.178.19 fastclick.net
O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
O1 - Hosts: 66.98.178.19 flycast.com
O1 - Hosts: 66.98.178.19 g-wizzads.net
O1 - Hosts: 66.98.178.19 gostats.com
O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
O1 - Hosts: 66.98.178.19 hc2.humanclick.com
O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
O1 - Hosts: 66.98.178.19 hit37.chark.dk
O1 - Hosts: 66.98.178.19 hitbox.com
O1 - Hosts: 66.98.178.19 hits.webstat.com
O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
O1 - Hosts: 66.98.178.19 imp.clickability.com
O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
O1 - Hosts: 66.98.178.19 insightfirst.com
O1 - Hosts: 66.98.178.19 int.sitestat.com
O1 - Hosts: 66.98.178.19 jkearns.freestats.com
O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
O1 - Hosts: 66.98.178.19 logs.comics.com
O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
O1 - Hosts: 66.98.178.19 media101.sitebrand.com
O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
O1 - Hosts: 66.98.178.19 mt122.mtree.com
O1 - Hosts: 66.98.178.19 nedstat.s0.nl
O1 - Hosts: 66.98.178.19 nl.sitestat.com
O1 - Hosts: 66.98.178.19 partner.alerts.aol.com
O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
O1 - Hosts: 66.98.178.19 perso.estat.com
O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
O1 - Hosts: 66.98.178.19 prof.estat.com
O1 - Hosts: 66.98.178.19 s10.sitemeter.com
O1 - Hosts: 66.98.178.19 s11.sitemeter.com
O1 - Hosts: 66.98.178.19 s12.sitemeter.com
O1 - Hosts: 66.98.178.19 s13.sitemeter.com
O1 - Hosts: 66.98.178.19 s14.sitemeter.com
O1 - Hosts: 66.98.178.19 s15.sitemeter.com
O1 - Hosts: 66.98.178.19 s16.sitemeter.com
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno6\qsacc\X1IEBHO.dll__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C6DC2BCC-6813-478E-98A6-9B2C96B21CAC} - C:\WINDOWS\rkvp.dll__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {DDE0F563-E133-4B33-B042-CDF5D4B57535} - C:\WINDOWS\piyrtdy.dll__SpybotSDDisabled (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Rrtl] C:\Documents and Settings\Tannia\Application Data\rawe.exe
O4 - HKCU\..\Run: [TransTask] "C:\Program Files\Tweak-XP Pro 3\transtask.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Gogol INFO - Toolbar search - res://C:\Program Files\GIToolBar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: FlashKeeper (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: SWF Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://us.amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://us.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://jazz.amadeuslink.com/mcsimenu.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {9C067552-A98D-11D3-BE8E-0000832BD4E5} (CCCertInfo4 Class) - http://us.amadeusvista.com/common/cabs/Certificateinfo.CAB
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://www.aeuniversitylive.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {AA7AB619-0AEB-404C-B12F-D34D4EF32787} (Amadeus CCCert02 Wrapper) - http://us.amadeusproweb.com/ComCoreDownload/CCCert02Wrapper.CAB
O16 - DPF: {AC502E9E-5AFF-11D3-8F90-00008321C804} (CCLibV024.ComCore) - http://us.amadeusproweb.com/ComCoreDownload/CCLibV024.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase4E/OrgPubX.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://us.amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {FD48A80F-95C2-456A-AF3A-FC3B774C21CF} (Certificates_Info Class) - http://certificates.amadeusvista.com/certificateinfo/Certificatetool.CAB
---------------------------------------------------------------------
Thank you in advance.
---------------------------------------------------------------------
Part 2 of the yuhmee saga:

In my frustration I have cleaned my Hosts file from all the unnecessary entries and ran Spybot also. Here is my HJT log after doing this. Needless to say it did not help! Help!!!!!
Log follows:

Logfile of HijackThis v1.97.7
Scan saved at 8:18:09 AM, on 6/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tannia the Goddess
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
R3 - URLSearchHook: (no name) - _{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Rrtl] C:\Documents and Settings\Tannia\Application Data\rawe.exe
O4 - HKCU\..\Run: [TransTask] "C:\Program Files\Tweak-XP Pro 3\transtask.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Gogol INFO - Toolbar search - res://C:\Program Files\GIToolBar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: FlashKeeper (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: SWF Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://us.amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://us.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://jazz.amadeuslink.com/mcsimenu.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {9C067552-A98D-11D3-BE8E-0000832BD4E5} (CCCertInfo4 Class) - http://us.amadeusvista.com/common/cabs/Certificateinfo.CAB
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://www.aeuniversitylive.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {AA7AB619-0AEB-404C-B12F-D34D4EF32787} (Amadeus CCCert02 Wrapper) - http://us.amadeusproweb.com/ComCoreDownload/CCCert02Wrapper.CAB
O16 - DPF: {AC502E9E-5AFF-11D3-8F90-00008321C804} (CCLibV024.ComCore) - http://us.amadeusproweb.com/ComCoreDownload/CCLibV024.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase4E/OrgPubX.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://us.amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {FD48A80F-95C2-456A-AF3A-FC3B774C21CF} (Certificates_Info Class) - http://certificates.amadeusvista.com/certificateinfo/Certificatetool.CAB

Thanks again!!!!

Taz71498 · Jun 19, 2004

Re: yuhmee adware

Hello Tannia,

Go to Add/Remove programs and look to see if MYWebSearch is there, if so, uninstall. You need to be online to uninstall it.

Run Hijackthis again with all browsers closed and check these items and then on Fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
R3 - URLSearchHook: (no name) - _{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)

O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL__SpybotSDDisabled (file missing)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)

O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Rrtl] C:\Documents and Settings\Tannia\Application Data\rawe.exe

Reboot the computer into safe mode

Make sure you can view all hidden files and folders

Find and delete these files/folders:

C:\Program Files\Automatic Update
C:\PROGRA~1\MYWEBS~1
C:\Documents and Settings\Tannia\Application Data\rawe.exe

Reboot and post a new log here.

Tannia · Jun 19, 2004

Re: yuhmee adware

Thank you so much for your response.
I went into the Control Panel and checked for MyWebSearch as you recommended. It is there in the following 2 entries:
MyWebSearch (Outlook, Outlook Express and Incredimail)
MyWebSearch (Smiley Central)
I tried to remove them while online (I have a cable connection that is always on) and when removing the 1st (Outlook, blah, blah) I get a browser window trying to open: res//C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll\106
But the window has no content. It's totally empty.
When I try to open the other one, I get the same empty window prompting to open: res//C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll\101
I looked in Program Fiiles in Windows Explorer and can't find any such folder or "dll" file.
I guess I'll have to look into the registry, but I am not that good. Any suggestions? I decided to wait until I hear back before proceeding.
Again a big thanl you for your help. I cannot tell you how frustrated I am with this Yuhmme thing.

Newkid · Jun 19, 2004

Re: yuhmee adware

Hello Tannia,

Welcome to Wilders

Please show us your fresh log.

With Thanks !
Newkid !

Tannia · Jun 20, 2004

Re: yuhmee adware

Hi again.
Here is my latest log:

Logfile of HijackThis v1.97.7
Scan saved at 4:06:04 AM, on 6/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\byon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\downloads\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tannia the Goddess
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [eqej] C:\WINDOWS\byon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [TransTask] "C:\Program Files\Tweak-XP Pro 3\transtask.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Gogol INFO - Toolbar search - res://C:\Program Files\GIToolBar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: FlashKeeper (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: SWF Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://us.amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://us.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://jazz.amadeuslink.com/mcsimenu.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {9C067552-A98D-11D3-BE8E-0000832BD4E5} (CCCertInfo4 Class) - http://us.amadeusvista.com/common/cabs/Certificateinfo.CAB
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://www.aeuniversitylive.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {AA7AB619-0AEB-404C-B12F-D34D4EF32787} (Amadeus CCCert02 Wrapper) - http://us.amadeusproweb.com/ComCoreDownload/CCCert02Wrapper.CAB
O16 - DPF: {AC502E9E-5AFF-11D3-8F90-00008321C804} (CCLibV024.ComCore) - http://us.amadeusproweb.com/ComCoreDownload/CCLibV024.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase4E/OrgPubX.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://us.amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {FD48A80F-95C2-456A-AF3A-FC3B774C21CF} (Certificates_Info Class) - http://certificates.amadeusvista.com/certificateinfo/Certificatetool.CAB

Taz71498 · Jun 21, 2004

Re: yuhmee adware

Hello,

Run HJT again and check these items and fix:

O4 - HKLM\..\Run: [eqej] C:\WINDOWS\byon.exe

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab

Reboot into safe mode. Find and delete this file:

C:\WINDOWS\byon.exe

Reboot.

Also, just a couple of clean up things you can do:

Open Internet Explorer. Then click on TOOLS in the top toolbar. Click on "Internet Options..." from the drop-down menu.
A new smaller window will display. Under the "General" tab, in the middle, are 3 buttons.
Click the Delete Cookies button - then a small warning box pops up. Click OK.
Click the Delete Files button - a small warning box pops us. Check the box for "Delete all offline content" and click OK.
Then on the same General tab, click Clear History, then click OK.

And:

1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove. Here are some safe examples:

Temporary Internet Files
Recycle Bin
Temporary Files

7. Click OK and windows will comply.

Reboot, run HJT again and post a new log here.

Tannia · Jun 21, 2004

Re: yuhmee adware

Thanks again Taz! Did all you recommended. Here is the HJT log after reboot:

Logfile of HijackThis v1.97.7
Scan saved at 1:51:10 PM, on 6/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\downloads\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tannia the Goddess
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [TransTask] "C:\Program Files\Tweak-XP Pro 3\transtask.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Gogol INFO - Toolbar search - res://C:\Program Files\GIToolBar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno6\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: FlashKeeper (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: SWF Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://us.amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://us.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://jazz.amadeuslink.com/mcsimenu.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {9C067552-A98D-11D3-BE8E-0000832BD4E5} (CCCertInfo4 Class) - http://us.amadeusvista.com/common/cabs/Certificateinfo.CAB
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://www.aeuniversitylive.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {AA7AB619-0AEB-404C-B12F-D34D4EF32787} (Amadeus CCCert02 Wrapper) - http://us.amadeusproweb.com/ComCoreDownload/CCCert02Wrapper.CAB
O16 - DPF: {AC502E9E-5AFF-11D3-8F90-00008321C804} (CCLibV024.ComCore) - http://us.amadeusproweb.com/ComCoreDownload/CCLibV024.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase4E/OrgPubX.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://us.amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {FD48A80F-95C2-456A-AF3A-FC3B774C21CF} (Certificates_Info Class) - http://certificates.amadeusvista.com/certificateinfo/Certificatetool.CAB

Sure hope it's clean! Thanks!

Taz71498 · Jun 21, 2004

Re: yuhmee adware

Hello Tannia,

Things look good to me. If by chance I missed something, someone will pop a note here to you telling you so.

Here is a link for you to go to that will give you suggestions on how to keep your computer safe:
https://www.wilderssecurity.com/showthread.php?t=27971

Happy Surfing!

Tannia · Jun 21, 2004

Re: yuhmee adware

Hey Taz, thank you so much for the valuable help you gave me. You guys are the greatest!
Thanks again!

Log in or Sign up

[solved]yuhmee adware

Tannia Registered Member

Taz71498 Registered Member

Tannia Registered Member

Newkid Spyware Fighter

Tannia Registered Member

Taz71498 Registered Member

Tannia Registered Member

Taz71498 Registered Member

Tannia Registered Member

Log in or Sign up

[solved]yuhmee adware

Tannia Registered Member

Taz71498 Registered Member

Tannia Registered Member

Newkid Spyware Fighter

Tannia Registered Member

Taz71498 Registered Member

Tannia Registered Member

Taz71498 Registered Member

Tannia Registered Member

Useful Searches