yuhmee

-The original problem was spyware called "yuhmee", it redirects most of my Internet Explorer URLs to a search site full of advertisments.
I've run the lastest updates of both 'spybot'-which didn't help and 'adaware'. At the moment I'm not sure if I still have the same problem, but I would like to get my registry checked just in case. There also seems to be a problem with my host file.


Logfile of HijackThis v1.97.7
Scan saved at 6:29:08 PM, on 15/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\realupd.exe
C:\Program Files\BlackICE\blackice.exe
C:\Program Files\BlackICE\blackd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\Rob Hamilton\My Documents\Setup, cracks and zips\Setups\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
O1 - Hosts: 66.98.178.19 2001-007.com
O1 - Hosts: 66.98.178.19 ad-logics.com
O1 - Hosts: 66.98.178.19 ad.trafficmp.com
O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
O1 - Hosts: 66.98.178.19 adlog.com.com
O1 - Hosts: 66.98.178.19 admanmail.com
O1 - Hosts: 66.98.178.19 ads.specificpop.com
O1 - Hosts: 66.98.178.19 adtech.de
O1 - Hosts: 66.98.178.19 askmen.thruport.com
O1 - Hosts: 66.98.178.19 banner.0catch.com
O1 - Hosts: 66.98.178.19 bilbo.counted.com
O1 - Hosts: 66.98.178.19 c1.statcounter.com
O1 - Hosts: 66.98.178.19 c1.thecounter.com
O1 - Hosts: 66.98.178.19 c2.gostats.com
O1 - Hosts: 66.98.178.19 c2.thecounter.com
O1 - Hosts: 66.98.178.19 c3.thecounter.com
O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
O1 - Hosts: 66.98.178.19 cashcounter.com
O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
O1 - Hosts: 66.98.178.19 clit6.sextracker.com
O1 - Hosts: 66.98.178.19 clit8.sextracker.com
O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
O1 - Hosts: 66.98.178.19 counter.aaddzz.com
O1 - Hosts: 66.98.178.19 counter.bloke.com
O1 - Hosts: 66.98.178.19 counter.hitslink.com
O1 - Hosts: 66.98.178.19 counter.yadro.ru
O1 - Hosts: 66.98.178.19 counter14.sextracker.com
O1 - Hosts: 66.98.178.19 counter16.bravenet.com
O1 - Hosts: 66.98.178.19 counter17.bravenet.com
O1 - Hosts: 66.98.178.19 counter2.hitslink.com
O1 - Hosts: 66.98.178.19 counter26.bravenet.com
O1 - Hosts: 66.98.178.19 counter32.bravenet.com
O1 - Hosts: 66.98.178.19 counter34.breavenet.com
O1 - Hosts: 66.98.178.19 counter41.bravenet.com
O1 - Hosts: 66.98.178.19 counter47.bravenet.com
O1 - Hosts: 66.98.178.19 counter6.sextracker.com
O1 - Hosts: 66.98.178.19 counter8.bravenet.com
O1 - Hosts: 66.98.178.19 data.coremetrics.com
O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
O1 - Hosts: 66.98.178.19 dwclick.com
O1 - Hosts: 66.98.178.19 ebay.doubleclick.net
O1 - Hosts: 66.98.178.19 ehg-amerix.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-bestbuy.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-crain.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-dig.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-eckounlimited.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-espn.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-idg.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-liveperson.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-oreilley.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-space.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-sportsline.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-techtarget.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-tigerdirect.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-uniontrib.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-viacom.hitbox.com
O1 - Hosts: 66.98.178.19 ehg.commjun.hitbox.com
O1 - Hosts: 66.98.178.19 ehg.hitbox.com
O1 - Hosts: 66.98.178.19 fastclick.net
O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
O1 - Hosts: 66.98.178.19 flycast.com
O1 - Hosts: 66.98.178.19 g-wizzads.net
O1 - Hosts: 66.98.178.19 gostats.com
O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
O1 - Hosts: 66.98.178.19 hc2.humanclick.com
O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
O1 - Hosts: 66.98.178.19 hit37.chark.dk
O1 - Hosts: 66.98.178.19 hitbox.com
O1 - Hosts: 66.98.178.19 hits.webstat.com
O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
O1 - Hosts: 66.98.178.19 imp.clickability.com
O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
O1 - Hosts: 66.98.178.19 insightfirst.com
O1 - Hosts: 66.98.178.19 int.sitestat.com
O1 - Hosts: 66.98.178.19 jkearns.freestats.com
O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
O1 - Hosts: 66.98.178.19 logs.comics.com
O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
O1 - Hosts: 66.98.178.19 media101.sitebrand.com
O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
O1 - Hosts: 66.98.178.19 mt122.mtree.com
O1 - Hosts: 66.98.178.19 nedstat.s0.nl
O1 - Hosts: 66.98.178.19 nl.sitestat.com
O1 - Hosts: 66.98.178.19 partner.alerts.aol.com
O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
O1 - Hosts: 66.98.178.19 perso.estat.com
O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
O1 - Hosts: 66.98.178.19 prof.estat.com
O1 - Hosts: 66.98.178.19 s10.sitemeter.com
O1 - Hosts: 66.98.178.19 s11.sitemeter.com
O1 - Hosts: 66.98.178.19 s12.sitemeter.com
O1 - Hosts: 66.98.178.19 s13.sitemeter.com
O1 - Hosts: 66.98.178.19 s14.sitemeter.com
O1 - Hosts: 66.98.178.19 s15.sitemeter.com
O1 - Hosts: 66.98.178.19 s16.sitemeter.com
O1 - Hosts: 66.98.178.19 s2.statcounter.com
O2 - BHO: (no name) - {9819C369-5F62-4D37-9A42-44043A742C1E} - c:\progra~1\ddm\5330\redirect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - HKLM\..\Run: [CFIMP] C:\WINDOWS\CFIMP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\System32\realupd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB


Cheers

 

Hi pandah,

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing
All the O1 - Hosts: entries
O2 - BHO: (no name) - {9819C369-5F62-4D37-9A42-44043A742C1E} - c:\progra~1\ddm\5330\redirect.dll

O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - HKLM\..\Run: [CFIMP] C:\WINDOWS\CFIMP.exe

O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\System32\realupd.exe

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

Then reboot and delete:
C:\program files\ddm <= entire folder
C:\WINDOWS\System32\realupd.exe

Regards,

Pieter

 

thankyou muchly

 

Re: THANK YOU yuhmee

Dear Pandah,

As you noticed, you've come to the right place, with great people, great experts, and great advice.
A month ago I also experienced simular problems with that nasty YUHMEE.
Somehow I "stumbled" onto this forum, and it has been one of the best lucky punches I had for years on the net !

*** That's why I shout a firm: THANK YOU YUHMEE.com ! ***

Why?

Because if it wasn't for their annoying spyware activities I would never had been served with so much expert help and knowledge already; I would never had met these fantastic people here!
Besides that, this has given me a treasure of links on this -alas- very important subject /threat and all that comes with it.

I'm still learning every day - and I love it!

As a bonus you'll meet new people, some of which I already consider new online friends.

That is why I hope you return, so we can welcome you as a member. CU @ Wilders!
Don't be shy...look around, ask whatever you want: We all have to start somewhere.
You'll find your way - like we all did.

ENJOY : It's a feast.

Take care Pandah.

Regards,
slammer

(Only downside may be....lack of sleep, and possible 'addiction'. But there's help for that too, here + plenty of other pleasant "nut-cases" around. )