Home > Hijackthis Log > HijackThis Log: Can You Tell Me Which To Delete?

HijackThis Log: Can You Tell Me Which To Delete?

I also tried search and look for PornDialer.CL with the same results. Back to Top Hijackthis log????Can someone tell me what to delete????? The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. Continue Reading Up Next Up Next Article Malware 101: Understanding the Secret Digital War of the Internet Up Next Article How To Configure The Windows XP Firewall Up Next List How check over here

F3 entries are displayed when there is a value that is not whitelisted in the registry key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows under the values load and run. So, I was looking for a hijacker! Once the program is successfully launched for the first time its entry will be removed from the Registry so it does not run again on subsequent logons. HijackThis Startup screen when run for the first time We suggest you put a checkmark in the checkbox labeled Do not show this windows when I start HijackThis, designated by

If you would like to terminate multiple processes at the same time, press and hold down the control key on your keyboard. We will also tell you what registry keys they usually use and/or files that they use. Join & Ask a Question Need Help in Real-Time?

This is just another method of hiding its presence and making it difficult to be removed. This means that the files loaded in the AppInit_DLLs value will be loaded very early in the Windows startup routine allowing the DLL to hide itself or protect itself before we but it keeps happening now or then... 0 Message Author Comment by:crom654 ID: 132754452005-02-10 Thanks folks. I downloaded Hijackthis.

Select an item to Remove Once you have selected the items you would like to remove, press the Fix Checked button, designated by the blue arrow, in Figure 6. O17 Section This section corresponds to Lop.com Domain Hacks. If the URL contains a domain name then it will search in the Domains subkeys for a match. When it opens, click on the Restore Original Hosts button and then exit HostsXpert.

Messenger (HKLM) O12 - Plugin for .vdo: C:\PROGRA~1\INTERN~1\plugins\npvdo32.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O15 - Trusted Zone: *.waitsex.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} Passwords Security Federated Authentication Why the Conversation can't stop at DevOps Monitoring Tools Article by: Adam C. If you see an entry Hosts file is located at C:\Windows\Help\hosts, that means you are infected with the CoolWebSearch. Loading...

click "proceed" to save your settings. https://www.experts-exchange.com/questions/21308976/Can-you-tell-me-what-I-can-delete-from-this-hijackthis-log.html Join the community of 500,000 technology professionals and ask your questions. The same goes for F2 Shell=; if you see explorer.exe by itself, it should be fine, if you don't, as in the above example listing, then it could be a potential Unlike the RunServices keys, when a program is launched from the RunServicesOnce key its entry will be removed from the Registry so it does not run again on subsequent logons.

O14 Section This section corresponds to a 'Reset Web Settings' hijack. check my blog There are 5 zones with each being associated with a specific identifying number. There is a file on your computer that Internet Explorer uses when you reset options back to their Windows default. O15 Section This section corresponds to sites or IP addresses in the Internet Explorer Trusted Zone and Protocol Defaults.

They are also referenced in the registry by their CLSID which is the long string of numbers between the curly braces. If you would like to see what DLLs are loaded in a selected process, you can put a checkmark in the checkbox labeled Show DLLs, designated by the blue arrow in You can download that and search through it's database for known ActiveX objects. this content When scan is finished, mark everything for removal and get rid of it.

You will now be presented with a screen similar to the one below: Figure 13: HijackThis Uninstall Manager To delete an entry simply click on the entry you would like Thanks in advance =] Here is my log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:11:23 PM, on 9/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 I have an idea, but since this is my first time, I don't want to delete the wrong things.

When consulting the list, using the CLSID which is the number between the curly brackets in the listing.

Simply copy and paste the contents of that notepad into a reply in the topic you are getting help in. Advertisements do not imply our endorsement of that product or service. As long as you hold down the control button while selecting the additional processes, you will be able to select multiple processes at one time. Click on File and Open, and navigate to the directory where you saved the Log file.

You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.The last item sometimes occurs on Windows 2000/XP with a Coolwebsearch infection. This method is known to be used by a CoolWebSearch variant and can only be seen in Regedit by right-clicking on the value, and selecting Modify binary data. You should always delete 016 entries that have words like sex, porn, dialer, free, casino, adult, etc. have a peek at these guys HijackThis Process Manager This window will list all open processes running on your machine.

He/She is infected with a virus that will go tru their address book to find target + sender email addresses. When cleaning malware from a machine entries in the Add/Remove Programs list invariably get left behind. If you want to change the program this entry is associated with you can click on the Edit uninstall command button and enter the path to the program that should be See what it can find, if he cant find anything.

Also, by deleting the Kazaa files, will affect Kazaa in a manner that it will not work anymore? If you ever see any domains or IP addresses listed here you should generally remove it unless it is a recognizable URL such as one your company uses. Registrar Lite, on the other hand, has an easier time seeing this DLL.