Yuhmee problem

Discussion in 'adware, spyware & hijack cleaning' started by amma_nae, Feb 22, 2004.

Thread Status:
Not open for further replies.
  1. amma_nae

    amma_nae Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    1
    Hello, can somebody help me with this YUHMEE, this thing is so agitating. It makes my surfing so hard. i got my hijackthis log, please i dont know what to erase to these thing.

    Logfile of HijackThis v1.97.7
    Scan saved at 7:03:13 PM, on 2/22/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Hcontrol.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Program Files\Generic\Generic ChkMail\ChkMail.exe
    C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\WINDOWS\ATKOSD.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    c:\apache\APACHE.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    c:\apache\APACHE.EXE
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\mdm.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I
    O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
    O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
    O1 - Hosts: 66.98.178.19 2001-007.com
    O1 - Hosts: 66.98.178.19 ad-logics.com
    O1 - Hosts: 66.98.178.19 ad.trafficmp.com
    O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
    O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
    O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
    O1 - Hosts: 66.98.178.19 adlog.com.com
    O1 - Hosts: 66.98.178.19 admanmail.com
    O1 - Hosts: 66.98.178.19 ads.specificpop.com
    O1 - Hosts: 66.98.178.19 adtech.de
    O1 - Hosts: 66.98.178.19 askmen.thruport.com
    O1 - Hosts: 66.98.178.19 banner.0catch.com
    O1 - Hosts: 66.98.178.19 bilbo.counted.com
    O1 - Hosts: 66.98.178.19 c1.statcounter.com
    O1 - Hosts: 66.98.178.19 c1.thecounter.com
    O1 - Hosts: 66.98.178.19 c2.gostats.com
    O1 - Hosts: 66.98.178.19 c2.thecounter.com
    O1 - Hosts: 66.98.178.19 c3.thecounter.com
    O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
    O1 - Hosts: 66.98.178.19 cashcounter.com
    O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
    O1 - Hosts: 66.98.178.19 clit6.sextracker.com
    O1 - Hosts: 66.98.178.19 clit8.sextracker.com
    O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
    O1 - Hosts: 66.98.178.19 counter.aaddzz.com
    O1 - Hosts: 66.98.178.19 counter.bloke.com
    O1 - Hosts: 66.98.178.19 counter.hitslink.com
    O1 - Hosts: 66.98.178.19 counter.yadro.ru
    O1 - Hosts: 66.98.178.19 counter14.sextracker.com
    O1 - Hosts: 66.98.178.19 counter16.bravenet.com
    O1 - Hosts: 66.98.178.19 counter17.bravenet.com
    O1 - Hosts: 66.98.178.19 counter2.hitslink.com
    O1 - Hosts: 66.98.178.19 counter26.bravenet.com
    O1 - Hosts: 66.98.178.19 counter32.bravenet.com
    O1 - Hosts: 66.98.178.19 counter34.breavenet.com
    O1 - Hosts: 66.98.178.19 counter41.bravenet.com
    O1 - Hosts: 66.98.178.19 counter47.bravenet.com
    O1 - Hosts: 66.98.178.19 counter6.sextracker.com
    O1 - Hosts: 66.98.178.19 counter8.bravenet.com
    O1 - Hosts: 66.98.178.19 data.coremetrics.com
    O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
    O1 - Hosts: 66.98.178.19 dwclick.com
    O1 - Hosts: 66.98.178.19 ebay.doubleclick.net
    O1 - Hosts: 66.98.178.19 ehg-amerix.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-bestbuy.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-crain.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-dig.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-eckounlimited.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-espn.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-idg.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-liveperson.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-oreilley.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-space.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-sportsline.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-techtarget.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-tigerdirect.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-uniontrib.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-viacom.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg.commjun.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg.hitbox.com
    O1 - Hosts: 66.98.178.19 fastclick.net
    O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
    O1 - Hosts: 66.98.178.19 flycast.com
    O1 - Hosts: 66.98.178.19 g-wizzads.net
    O1 - Hosts: 66.98.178.19 gostats.com
    O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
    O1 - Hosts: 66.98.178.19 hc2.humanclick.com
    O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
    O1 - Hosts: 66.98.178.19 hit37.chark.dk
    O1 - Hosts: 66.98.178.19 hitbox.com
    O1 - Hosts: 66.98.178.19 hits.webstat.com
    O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
    O1 - Hosts: 66.98.178.19 imp.clickability.com
    O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
    O1 - Hosts: 66.98.178.19 insightfirst.com
    O1 - Hosts: 66.98.178.19 int.sitestat.com
    O1 - Hosts: 66.98.178.19 jkearns.freestats.com
    O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
    O1 - Hosts: 66.98.178.19 logs.comics.com
    O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
    O1 - Hosts: 66.98.178.19 media101.sitebrand.com
    O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
    O1 - Hosts: 66.98.178.19 mt122.mtree.com
    O1 - Hosts: 66.98.178.19 nedstat.s0.nl
    O1 - Hosts: 66.98.178.19 nl.sitestat.com
    O1 - Hosts: 66.98.178.19 partner.alerts.aol.com
    O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
    O1 - Hosts: 66.98.178.19 perso.estat.com
    O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
    O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
    O1 - Hosts: 66.98.178.19 prof.estat.com
    O1 - Hosts: 66.98.178.19 s10.sitemeter.com
    O1 - Hosts: 66.98.178.19 s11.sitemeter.com
    O1 - Hosts: 66.98.178.19 s12.sitemeter.com
    O1 - Hosts: 66.98.178.19 s13.sitemeter.com
    O1 - Hosts: 66.98.178.19 s14.sitemeter.com
    O1 - Hosts: 66.98.178.19 s15.sitemeter.com
    O1 - Hosts: 66.98.178.19 s16.sitemeter.com
    O1 - Hosts: 66.98.178.19 s2.statcounter.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [42652529.exe] C:\WINDOWS\System32\42652529.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [ljmtswwo] C:\WINDOWS\cmijeo.exe
    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Generic ChkMail.lnk = C:\Program Files\Generic\Generic ChkMail\ChkMail.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Hotkey.lnk = C:\Program Files\KEYBOARD\KEYBOARD Hotkey\Hotkey.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{076EED4A-2B1F-4CAD-B7A6-7DDB04DC457F}: NameServer = 202.81.160.6 202.81.160.7


    Thanks,
    amma_nae
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi amma_nae,

    Before you start please move hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. This will mess up your desktop.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

    All O1 entries

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

    O4 - HKLM\..\Run: [42652529.exe] C:\WINDOWS\System32\42652529.exe

    O4 - HKLM\..\Run: [ljmtswwo] C:\WINDOWS\cmijeo.exe
    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"

    Then reboot and delete:
    C:\WINDOWS\System32\42652529.exe
    C:\WINDOWS\cmijeo.exe
    C:\program files\ddm <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.