Need help with hijacked browser - please attend

Discussion in 'adware, spyware & hijack cleaning' started by pappadan, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. pappadan

    pappadan Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    2
    Browser hijacked :'( . Would appreciate someone's assistance. HJ log below.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:23:20 PM, on 7/15/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\WINNT\System32\drivers\trcboot.exe
    C:\INSIGHT\TOOLS\AICLIENT.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Timbuktu Pro\tb2launch.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\pcssfrrx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Timbuktu Pro\Tb2Logon.exe
    C:\Program Files\FileNET\IDM\fnsysmgr.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\dfmurph\Desktop\HijackThis1977.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://pplweb.papl.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://pplweb.papl.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe,,pcssfrrx.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1185A475-D9AD-40E8-8627-FCEE8ACAAAF7} - C:\WINNT\system32\fahc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [DELL KEYBOARD UPDATE] C:\Program Files\Dell\Dell Keyboard\Dellkbd.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
    O4 - HKLM\..\Run: [0FileNET System Manager] C:\Program Files\FileNET\IDM\fnsysmgr.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 10\Office10\OSA.EXE
    O4 - Global Startup: Office Startup.LNK = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.pplweb.com
    O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} -
    O16 - DPF: {689ff870-2ac0-11d5-b634-00c04faedb18} -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38170.2770138889
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ppl.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ppl.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ppl.com,papl.com,forestroot.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ppl.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ppl.com,papl.com,forestroot.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ppl.com,papl.com,forestroot.local
     
    Last edited: Jul 16, 2004
Thread Status:
Not open for further replies.