Options
Hello need help with hijack this log Search extender owning me :(
Hi there guys first time poster and im a bit unhappy with my lack of intelligence in this area. I thought i could handle search extender but he has done a number in handling me. I have been reading your post and have all of the programs listed and up to date ready to fight this punk. All i need is the expertise to walk me through it.
theres the logfile from hijack this, , dunno how its beating me up so bad. I need some help Thank you in advance for whoever decides to tackle my problem
Logfile of HijackThis v1.99.1
Scan saved at 10:54:37 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virus Chaser\SpiderNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Virus Chaser\Vcrmon.exe
C:\Program Files\Virus Chaser\Spiderui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David Wring\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.242.20.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 12.242.20.9;;localhost;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {F0F72CB3-714A-ED8F-9D97-127E290AEAF2} - C:\WINDOWS\system32\ipet.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ntsc32.exe] C:\WINDOWS\system32\ntsc32.exe
O4 - HKLM\..\RunOnce: [appfi.exe] C:\WINDOWS\system32\appfi.exe
O4 - HKLM\..\RunOnce: [adddr32.exe] C:\WINDOWS\system32\adddr32.exe
O4 - HKLM\..\RunOnce: [apihn.exe] C:\WINDOWS\system32\apihn.exe
O4 - HKLM\..\RunOnce: [atlfq32.exe] C:\WINDOWS\system32\atlfq32.exe
O4 - HKLM\..\RunOnce: [mfcle32.exe] C:\WINDOWS\mfcle32.exe
O4 - HKLM\..\RunOnce: [netzp.exe] C:\WINDOWS\netzp.exe
O4 - HKLM\..\RunOnce: [apiin.exe] C:\WINDOWS\system32\apiin.exe
O4 - HKLM\..\RunOnce: [mfclf.exe] C:\WINDOWS\system32\mfclf.exe
O4 - HKLM\..\RunOnce: [atlsc.exe] C:\WINDOWS\atlsc.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] C:\WINDOWS\system32\apizh32.exe
O4 - HKLM\..\RunOnce: [apiuy.exe] C:\WINDOWS\system32\apiuy.exe
O4 - HKLM\..\RunOnce: [netxy32.exe] C:\WINDOWS\netxy32.exe
O4 - HKLM\..\RunOnce: [apiut.exe] C:\WINDOWS\apiut.exe
O4 - HKLM\..\RunOnce: [d3bi32.exe] C:\WINDOWS\d3bi32.exe
O4 - HKLM\..\RunOnce: [netvh.exe] C:\WINDOWS\netvh.exe
O4 - HKLM\..\RunOnce: [appff.exe] C:\WINDOWS\system32\appff.exe
O4 - HKLM\..\RunOnce: [ieqq32.exe] C:\WINDOWS\ieqq32.exe
O4 - HKLM\..\RunOnce: [d3cm32.exe] C:\WINDOWS\d3cm32.exe
O4 - HKLM\..\RunOnce: [d3ml.exe] C:\WINDOWS\d3ml.exe
O4 - HKLM\..\RunOnce: [ntwq.exe] C:\WINDOWS\system32\ntwq.exe
O4 - HKLM\..\RunOnce: [sysku.exe] C:\WINDOWS\sysku.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {34D7C9A0-9A30-4AB6-9196-F1CE2D43EBD4} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {985DF250-0004-4289-A98F-F1D2085513FC} - http://www.comcast.net/ (file missing) (HKCU)
O9 - Extra button: Help - {A6942A9C-E45E-4CFA-84AA-8C85DBFE70B6} - http://online.comcast.net/help/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3cm32.exe" /s (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Virus Chaser Spider NT (spidernt) - New Technology Wave Inc. - C:\Program Files\Virus Chaser\SpiderNT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Dave
theres the logfile from hijack this, , dunno how its beating me up so bad. I need some help Thank you in advance for whoever decides to tackle my problem
Logfile of HijackThis v1.99.1
Scan saved at 10:54:37 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virus Chaser\SpiderNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Virus Chaser\Vcrmon.exe
C:\Program Files\Virus Chaser\Spiderui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David Wring\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.242.20.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 12.242.20.9;;localhost;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {F0F72CB3-714A-ED8F-9D97-127E290AEAF2} - C:\WINDOWS\system32\ipet.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ntsc32.exe] C:\WINDOWS\system32\ntsc32.exe
O4 - HKLM\..\RunOnce: [appfi.exe] C:\WINDOWS\system32\appfi.exe
O4 - HKLM\..\RunOnce: [adddr32.exe] C:\WINDOWS\system32\adddr32.exe
O4 - HKLM\..\RunOnce: [apihn.exe] C:\WINDOWS\system32\apihn.exe
O4 - HKLM\..\RunOnce: [atlfq32.exe] C:\WINDOWS\system32\atlfq32.exe
O4 - HKLM\..\RunOnce: [mfcle32.exe] C:\WINDOWS\mfcle32.exe
O4 - HKLM\..\RunOnce: [netzp.exe] C:\WINDOWS\netzp.exe
O4 - HKLM\..\RunOnce: [apiin.exe] C:\WINDOWS\system32\apiin.exe
O4 - HKLM\..\RunOnce: [mfclf.exe] C:\WINDOWS\system32\mfclf.exe
O4 - HKLM\..\RunOnce: [atlsc.exe] C:\WINDOWS\atlsc.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] C:\WINDOWS\system32\apizh32.exe
O4 - HKLM\..\RunOnce: [apiuy.exe] C:\WINDOWS\system32\apiuy.exe
O4 - HKLM\..\RunOnce: [netxy32.exe] C:\WINDOWS\netxy32.exe
O4 - HKLM\..\RunOnce: [apiut.exe] C:\WINDOWS\apiut.exe
O4 - HKLM\..\RunOnce: [d3bi32.exe] C:\WINDOWS\d3bi32.exe
O4 - HKLM\..\RunOnce: [netvh.exe] C:\WINDOWS\netvh.exe
O4 - HKLM\..\RunOnce: [appff.exe] C:\WINDOWS\system32\appff.exe
O4 - HKLM\..\RunOnce: [ieqq32.exe] C:\WINDOWS\ieqq32.exe
O4 - HKLM\..\RunOnce: [d3cm32.exe] C:\WINDOWS\d3cm32.exe
O4 - HKLM\..\RunOnce: [d3ml.exe] C:\WINDOWS\d3ml.exe
O4 - HKLM\..\RunOnce: [ntwq.exe] C:\WINDOWS\system32\ntwq.exe
O4 - HKLM\..\RunOnce: [sysku.exe] C:\WINDOWS\sysku.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {34D7C9A0-9A30-4AB6-9196-F1CE2D43EBD4} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {985DF250-0004-4289-A98F-F1D2085513FC} - http://www.comcast.net/ (file missing) (HKCU)
O9 - Extra button: Help - {A6942A9C-E45E-4CFA-84AA-8C85DBFE70B6} - http://online.comcast.net/help/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3cm32.exe" /s (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Virus Chaser Spider NT (spidernt) - New Technology Wave Inc. - C:\Program Files\Virus Chaser\SpiderNT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Dave
0
Comments
CWShredder
Spybot Search and Destroy
Run the setup files and then update each program with their latest definitions. Exit these for now.
Close all open windows. Run Hijack This, place a checkmark next to these entries and click Fix Checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vofvh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {F0F72CB3-714A-ED8F-9D97-127E290AEAF2} - C:\WINDOWS\system32\ipet.dll
O4 - HKLM\..\Run: [ntsc32.exe] C:\WINDOWS\system32\ntsc32.exe
O4 - HKLM\..\RunOnce: [appfi.exe] C:\WINDOWS\system32\appfi.exe
O4 - HKLM\..\RunOnce: [adddr32.exe] C:\WINDOWS\system32\adddr32.exe
O4 - HKLM\..\RunOnce: [apihn.exe] C:\WINDOWS\system32\apihn.exe
O4 - HKLM\..\RunOnce: [atlfq32.exe] C:\WINDOWS\system32\atlfq32.exe
O4 - HKLM\..\RunOnce: [mfcle32.exe] C:\WINDOWS\mfcle32.exe
O4 - HKLM\..\RunOnce: [netzp.exe] C:\WINDOWS\netzp.exe
O4 - HKLM\..\RunOnce: [apiin.exe] C:\WINDOWS\system32\apiin.exe
O4 - HKLM\..\RunOnce: [mfclf.exe] C:\WINDOWS\system32\mfclf.exe
O4 - HKLM\..\RunOnce: [atlsc.exe] C:\WINDOWS\atlsc.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] C:\WINDOWS\system32\apizh32.exe
O4 - HKLM\..\RunOnce: [apiuy.exe] C:\WINDOWS\system32\apiuy.exe
O4 - HKLM\..\RunOnce: [netxy32.exe] C:\WINDOWS\netxy32.exe
O4 - HKLM\..\RunOnce: [apiut.exe] C:\WINDOWS\apiut.exe
O4 - HKLM\..\RunOnce: [d3bi32.exe] C:\WINDOWS\d3bi32.exe
O4 - HKLM\..\RunOnce: [netvh.exe] C:\WINDOWS\netvh.exe
O4 - HKLM\..\RunOnce: [appff.exe] C:\WINDOWS\system32\appff.exe
O4 - HKLM\..\RunOnce: [ieqq32.exe] C:\WINDOWS\ieqq32.exe
O4 - HKLM\..\RunOnce: [d3cm32.exe] C:\WINDOWS\d3cm32.exe
O4 - HKLM\..\RunOnce: [d3ml.exe] C:\WINDOWS\d3ml.exe
O4 - HKLM\..\RunOnce: [ntwq.exe] C:\WINDOWS\system32\ntwq.exe
O4 - HKLM\..\RunOnce: [sysku.exe] C:\WINDOWS\sysku.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Support - {34D7C9A0-9A30-4AB6-9196-F1CE2D43EBD4} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {985DF250-0004-4289-A98F-F1D2085513FC} - http://www.comcast.net/ (file missing) (HKCU)
O9 - Extra button: Help - {A6942A9C-E45E-4CFA-84AA-8C85DBFE70B6} - http://online.comcast.net/help/ (file missing) (HKCU)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3cm32.exe" /s (file missing)
Delete these files or direcotries if they exist:
C:\WINDOWS\system32\vofvh.dll
C:\WINDOWS\system32\ipet.dll
C:\WINDOWS\system32\ntsc32.exe
C:\WINDOWS\system32\appfi.exe
C:\WINDOWS\system32\adddr32.exe
C:\WINDOWS\system32\apihn.exe
C:\WINDOWS\system32\atlfq32.exe
C:\WINDOWS\mfcle32.exe
C:\WINDOWS\netzp.exe
C:\WINDOWS\system32\apiin.exe
C:\WINDOWS\system32\mfclf.exe
C:\WINDOWS\atlsc.exe
C:\WINDOWS\system32\apizh32.exe
C:\WINDOWS\system32\apiuy.exe
C:\WINDOWS\netxy32.exe
C:\WINDOWS\apiut.exe
C:\WINDOWS\d3bi32.exe
C:\WINDOWS\netvh.exe
C:\WINDOWS\system32\appff.exe
C:\WINDOWS\ieqq32.exe
C:\WINDOWS\d3cm32.exe
C:\WINDOWS\d3ml.exe
C:\WINDOWS\system32\ntwq.exe
C:\WINDOWS\sysku.exe
Run CWShredder and Spybot S&D. Remove all files found.
Reboot. Make sure all hidden files are viewable:
Open my computer>click tools>click folder options>
click view tab>check show hidden files>uncheck hide file extensions>click apply>click OK>exit
Post a new log.