Home > Hijackthis Log > HijackThis Logfile - Trying To Remove PeopleOnPage

HijackThis Logfile - Trying To Remove PeopleOnPage

Contents

Please try again. What does ... Stay logged in Sign up now! It opens the browser to home page (MSN) every time.QUOTE Cannot Find File:///C:Program%20Files/Common%20Files/Remove-tols.html Was tools misspelled that way in the message?Could you use My Computer/Windows Explorer and navigate to the C:ProgramFiles\CommonFiles his comment is here

The AnalyzeThis function has never worked afaik, should have been deleted long ago. And thanks much for the tutorial link. Please make sure that you can view all hidden files. Pacman's Startup List can help with identifying an item.N1, N2, N3, N4 - Netscape/Mozilla Start & Search pageWhat it looks like:N1 - Netscape 4: user_pref "browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)N2 - Netscape

Hijackthis Log Analyzer

New log posted below:Logfile of HijackThis v1.99.0Scan saved at 1:13:09 PM, on 1/14/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Press that, then Ctrl-A to Select All, and copy its contents here. It's the life in your years."Abraham Lincoln Back to top #6 radiumlight radiumlight Topic Starter Members 32 posts OFFLINE Location:Arizona Local time:05:58 PM Posted 16 January 2005 - 09:23 PM

It requires expertise to interpret the results, though - it doesn't tell you which items are bad. Start Ad-Aware and click on "Plug-ins". Please print this out and follow these directions carefully.Download LSPFIX.exe and remove ua_lsp.dll onlyhttp://cexx.org/lspfix.htmDownload the latest v1.98.1 version of HijackThis to post your new log:http://aumha.org/downloads/hijackthis.exeorhttp://tools.radiosplace.com/HijackThis.exeYou have the peper trojan.Download the peper If I may ask, how can I learn more about what does and does not belong in the HijackThis log file?

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Download Hijackthis Ad-Aware and Spybot Download the latest version of Ad-Aware at ADAWARE Setup Ad-Aware . When clicking on details the path is shown but seeking that path finds nothing. In fact, quite the opposite.

Please do not be concerned if any of the items are not found as they may have been automatically removed by actions I had you take earlier in the cleaning process.C:\Program The Way Ooze 32 drive one and the software okay.exe. Since then I have removed several of them, most notably SurfSideKick 3. So I did the safe mode thing again and deleted the RI main search page again - that was the only thing that had come back this time.

Download Hijackthis

One of the best places to go is the official HijackThis forums at SpywareInfo. https://sourceforge.net/projects/hjt/ Get notifications on updates for this project. Hijackthis Log Analyzer I didn't delete C:\Program Files\2Wire\2PortalMon.exe because I knew that wasn't harmful. Malwarebytes Items listed at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad are loaded by Explorer when Windows starts.

Radiumlight "And in the end, it's not the years in your life that count. this content Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Remove any VX2 objects detected. Register now!

i have never heard of that program and google comes up blank. Only OnFlow adds a plugin here that you don't want (.ofb).O13 - IE DefaultPrefix hijackWhat it looks like: O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?O13 - WWW. Comparison Chart Deals Top Searches hijackthis windows 10 hijackthis malware anti malware hijack this hijack anti-malware bad sector repair facebook password hack hjt Thanks for helping keep SourceForge clean. http://pcialliance.org/hijackthis-log/hijackthis-log-what-do-i-remove.html I did delete C:\WINDOWS\fzowlbo.exe and C:\WINDOWS\fzowlboA.exe.

Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - History 4.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 -

It's the life in your years."Abraham Lincoln Back to top #11 radiumlight radiumlight Topic Starter Members 32 posts OFFLINE Location:Arizona Local time:05:58 PM Posted 19 January 2005 - 03:03 AM Yes I can get into safe mode and I will disable the programs you told me to. However, if it is causing risk I will disable it.Click to expand... If you are not confident about it then don't do any registry edits and if you do make sure you backup the registry before you attempt any edits.Run the Trend Micro

Only thing I'm questioning is the 2PortalMon. Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: Spyware removal software such as Adaware or Spybot S&D do a good job of detecting and removing most spyware programs, but some spyware and browser hijackers are too insidious for even check over here Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class)

I would strongly suggest tho that you not do anything else until you hear back from me. Close the program. it is the best one and will keep your computer functioning well.Click to expand... O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 -

After rebooting, rerun HJT and have it fix any of these entries if it finds them: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm Any HJT entries which indicate "(file missing)" or During this procedure is when you got this message?Yes I've tried many times w/add/remove to uninstall and get the message below. Please don't fill out this field.