you have the peper trojan
download and run this tool:
http://www.memorywatcher.com/uninst.exe
you must be online while running and let it access the internet.
reboot.
before fixing with hijack this, please extract the program into it's own folder. this will allow the backups to be safe.
then, rescan and check the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll (file missing)
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdaim.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - (no file)
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\mslkgc.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\mscdka.dll (file missing)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [FMSZ] C:\WINDOWS\FMSZ.exe
O4 - HKLM\..\Run: [ISDNY] C:\WINDOWS\ISDNY.exe
O4 - HKLM\..\Run: [bwO0Te] C:\windows\temp\bwO0Te.exe
O4 - HKLM\..\Run: [YmTHa] C:\docume~1\ycho\locals~1\temp\YmTHa.exe
O4 - HKLM\..\Run: [Dsmko] C:\docume~1\ycho\locals~1\temp\Dsmko.exe
O4 - HKLM\..\Run: [sfynsz] C:\WINDOWS\sfynsz.exe
O4 - HKLM\..\Run: [432W39O] C:\WINDOWS\System32\igfjet32.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [msnapco] C:\WINDOWS\System32\msnapco.exe
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com//4/download/...dle37v0d15.cab
this one is optional, but a known resource hog and not needed:
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
close all browser windows and hit fix checked. reboot again.
clear your temp files--> internet explorer --> internet options --> delete cookies and delete files.
make sure hidden and system files are set to show
Code:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
delete the following:
C:\WINDOWS\FMSZ.exe
C:\WINDOWS\ISDNY.exe
C:\windows\temp\bwO0Te.exe
C:\docume~1\ycho\locals~1\temp\YmTHa.exe
C:\docume~1\ycho\locals~1\temp\Dsmko.exe
C:\WINDOWS\sfynsz.exe
C:\WINDOWS\System32\igfjet32.exe
C:\WINDOWS\System32\msnapco.exe
and the ncase folder if found
reboot and post a new log.
Poster
Posting Permissions
Reply With Quote
Bookmarks