Home > Hijack This > Hijack This Win 98 Log Please Help

Hijack This Win 98 Log Please Help

In our explanations of each section we will try to explain in layman terms what they mean. When you fix these types of entries, HijackThis will not delete the offending file listed. An example of a legitimate program that you may find here is the Google Toolbar. Since the LSPs are chained together, when Winsock is used, the data is also transported through each of the LSPs in the chain. have a peek here

Introduction HijackThis is a utility that produces a listing of certain settings found in your computer. Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLLO9 - Extra 'Tools' menuitem: BT &Yahoo! Examples and their descriptions can be seen below. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. http://www.techsupportforum.com/forums/f284/hijack-this-win-98-log-please-help-40992.html

The first step is to download HijackThis to your computer in a location that you know where to find it again. The CLSID in the listing refer to registry entries that contain information about the Browser Helper Objects or Toolbars. Starting Screen of Hijack This You should first click on the Config button, which is designated by the blue arrow in Figure 2, and confirm that your settings match those

If you click on that button you will see a new screen similar to Figure 10 below. Then when you run a program that normally reads their settings from an .ini file, it will first check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping for an .ini mapping, and if found Ce tutoriel est aussi traduit en français ici. So if you still need help, please do this:To get the newest copy of HijackThis, click on the following link and follow the instructions there exactly:How to post a HijackThis LogThen

There were some programs that acted as valid shell replacements, but they are generally no longer used. Under the SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges key you may find other keys called Ranges1, Ranges2, Ranges3, Ranges4,... Example Listing: F0 - system.ini: Shell=Explorer.exe badprogram.exe Files Used: c:\windows\system.ini The Shell is the program that would load your desktop, handle window management, and allow the user to interact with the http://www.bleepingcomputer.com/forums/t/11305/hijack-this-log-please-help/ Hopefully with either your knowledge or help from others you will have cleaned up your computer.

Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIE.DLLO9 - Extra 'Tools' menuitem: BT &Yahoo! You can see that these entries, in the examples below, are referring to the registry as it will contain REG and then the .ini file which IniFileMapping is referring to. Register now to gain access to all of our features, it's FREE and only takes one minute. It is possible to select multiple lines at once using the shift and control keys or dragging your mouse over the lines you would like to interact with.

O1 Section This section corresponds to Host file Redirection. https://forums.malwarebytes.org/topic/30-hijackthis-log/ This will attempt to end the process running on the computer. Files Used: prefs.js As most spyware and hijackers tend to target Internet Explorer these are usually safe. adenuff 18:01 24 Feb 05 Locked Anyone to have a look at this log for me please?Many many thanksPART 1 Logfile of HijackThis v1.99.0Scan saved at 17:11:42, on 24/02/05Platform: Windows 98

To do so, download the HostsXpert program and run it. navigate here This would have a value of http=4 and any future IP addresses added to the restricted sites will be placed in that key. You can also use SystemLookup.com to help verify files. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLLO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: BT Yahoo!

If you would like to learn more detailed information about what exactly each section in a scan log means, then continue reading. If you have had your HijackThis program running from a temporary directory, then the restore procedure will not work. Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE O4 - Startup: HP Digital Imaging Monitor.lnk Check This Out Registry Keys: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Example Listing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavShExt.dll There is an excellent list of known CSLIDs associated with Browser Helper Objects

If you see another entry with userinit.exe, then that could potentially be a trojan or other malware. O17 Section This section corresponds to Lop.com Domain Hacks. Help stop the muzzling by bullies, defend free speech and ensure BC continues to help people for free.

These are the toolbars that are underneath your navigation bar and menu in Internet Explorer.

If you click on that button you will see a new screen similar to Figure 9 below. This particular key is typically used by installation or update programs. The most common listing you will find here are free.aol.com which you can have fixed if you want. If you ever see any domains or IP addresses listed here you should generally remove it unless it is a recognizable URL such as one your company uses.

I can not stress how important it is to follow the above warning. With this manager you can view your hosts file and delete lines in the file or toggle lines on or off. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. this contact form You should have the user reboot into safe mode and manually delete the offending file.

You should therefore seek advice from an experienced user when fixing these errors. When you fix O16 entries, HijackThis will attempt to delete them from your hard drive. Be aware that there are some company applications that do use ActiveX objects so be careful. Explorer shutdown messages would come one after another, culminating in a computer shutdown.I couldn't even get online to post here until Iuninstalled everything.

F2 entries are displayed when there is a value that is not whitelisted, or considered safe, in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under the values Shell and Userinit. O7 Section This section corresponds to Regedit not being allowed to run by changing an entry in the registry. We start from the oldest to the most recent. If you are asked to save this list and post it so someone can examine it and advise you as to what you should remove, you can click on the Save