Home > Hijackthis Log > HijackThis Log - What Should I Delete?

HijackThis Log - What Should I Delete?


The most common listing you will find here are free.aol.com which you can have fixed if you want. O17 Section This section corresponds to Lop.com Domain Hacks. Follow Us Facebook How To Fix Buy Do More About Us Advertise Privacy Policy Careers Contact Terms of Use © 2017 About, Inc. — All rights reserved. You can go to Arin to do a whois a on the DNS server IP addresses to determine what company they belong to. his comment is here

Browser helper objects are plugins to your browser that extend the functionality of it. If you would like to learn more detailed information about what exactly each section in a scan log means, then continue reading. Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem? ActiveX objects are programs that are downloaded from web sites and are stored on your computer.

Hijackthis Log File Analyzer

Many users understandably like to have a clean Add/Remove Programs list and have difficulty removing these errant entries. Example Listing O9 - Extra Button: AIM (HKLM) If you do not need these buttons or menu items or recognize them as malware, you can remove them safely. If you didn't add the listed domain to the Trusted Zone yourself, have HijackThis fix it.O16 - ActiveX Objects (aka Downloaded Program Files)What it looks like: O16 - DPF: Yahoo! Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India How To Analyze HijackThis Logs Search the site GO Web & Search Safety & Privacy Best

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. I personally remove all entries from the Trusted Zone as they are ultimately unnecessary to be there. Hijackthis Tutorial Advertisement craigk46 Thread Starter Joined: Jan 27, 2004 Messages: 4 Below is my HIJackThis log file.

So you can always have HijackThis fix this.O12 - IE pluginsWhat it looks like: O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllWhat to do:Most Below is a list of these section names and their explanations. If you're not already familiar with forums, watch our Welcome Guide to get started. her latest blog O15 Section This section corresponds to sites or IP addresses in the Internet Explorer Trusted Zone and Protocol Defaults.

All the text should now be selected. Tfc Bleeping Normally this will not be a problem, but there are times that HijackThis will not be able to delete the offending file. Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. As you can see there is a long series of numbers before and it states at the end of the entry the user it belongs to.

Is Hijackthis Safe

When you fix these types of entries with HijackThis, HijackThis will attempt to the delete the offending file listed. How to use the Process Manager HijackThis has a built in process manager that can be used to end processes as well as see what DLLs are loaded in that process. Hijackthis Log File Analyzer Adding an IP address works a bit differently. Hijackthis Help The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad.

About (file Missing) and what it means. this content O16 Section This section corresponds to ActiveX Objects, otherwise known as Downloaded Program Files, for Internet Explorer. HijackThis can be downloaded from the following link: HijackThis Download Link If you have downloaded the standalone application, then simply double-click on the HijackThis.exe file and then click here to skip This location, for the newer versions of Windows, are C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup or under C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu in Vista. Autoruns Bleeping Computer

It is possible to disable the seeing of a control in the Control Panel by adding an entry into the file called control.ini which is stored, for Windows XP at least, http://free.grisoft.com/freeweb.php/doc/2/Click to expand... Under the SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges key you may find other keys called Ranges1, Ranges2, Ranges3, Ranges4,... weblink This run= statement was used during the Windows 3.1, 95, and 98 years and is kept for backwards compatibility with older programs.

Why do you not have any anti-virus program? Adwcleaner Download Bleeping Items listed at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad are loaded by Explorer when Windows starts. No, create an account now.

Once you restore an item that is listed in this screen, upon scanning again with HijackThis, the entries will show up again.

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL What to do:If you don't Figure 10: Hosts File Manager This window will list the contents of your HOSTS file. For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe Hijackthis Download The Windows NT based versions are XP, 2000, 2003, and Vista.

You should use extreme caution when deleting these objects if it is removed without properly fixing the gap in the chain, you can have loss of Internet access. Stay logged in Sign up now! You can also use SystemLookup.com to help verify files. check over here The pop-up advertisements that I wanted to get rid of are finally gone!

The Global Startup and Startup entries work a little differently. Note: In the listing below, HKLM stands for HKEY_LOCAL_MACHINE and HKCU stands for HKEY_CURRENT_USER. Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions Example Listing O11 - Options group: [CommonName] CommonName According to Merijn, of HijackThis, there is only one known Hijacker that uses this and it is CommonName. Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If

This method is used by changing the standard protocol drivers that your computer users to ones that the Hijacker provides.