Need help with hijacked browser - please attend

Discussion in 'adware, spyware & hijack cleaning' started by pappadan, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. pappadan

    pappadan Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    2
    Browser hijacked :'( . Would appreciate someone's assistance. HJ log below.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:23:20 PM, on 7/15/2004
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\WINNT\System32\drivers\trcboot.exe
    C:\INSIGHT\TOOLS\AICLIENT.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Timbuktu Pro\tb2launch.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\pcssfrrx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Timbuktu Pro\Tb2Logon.exe
    C:\Program Files\FileNET\IDM\fnsysmgr.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\dfmurph\Desktop\HijackThis1977.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\dfmurph\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://pplweb.papl.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://pplweb.papl.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe,,pcssfrrx.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1185A475-D9AD-40E8-8627-FCEE8ACAAAF7} - C:\WINNT\system32\fahc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [DELL KEYBOARD UPDATE] C:\Program Files\Dell\Dell Keyboard\Dellkbd.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
    O4 - HKLM\..\Run: [0FileNET System Manager] C:\Program Files\FileNET\IDM\fnsysmgr.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 10\Office10\OSA.EXE
    O4 - Global Startup: Office Startup.LNK = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.pplweb.com
    O16 - DPF: {093501ce-d290-11d3-a3d6-00c04fa32518} -
    O16 - DPF: {689ff870-2ac0-11d5-b634-00c04faedb18} -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38170.2770138889
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ppl.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ppl.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ppl.com,papl.com,forestroot.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ppl.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ppl.com,papl.com,forestroot.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ppl.com,papl.com,forestroot.local
     
    Last edited: Jul 16, 2004
    pappadan, Jul 15, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...