MUST READ before posting HijackThis Logs!

[Statica]

Folks:

Over the past little while, we've seen this rash of HijackThis logs being posted on this site. It's a wonderful tool that helps diagnose issues with your computer, but there are a couple of things that must be kept in mind before randomly posting it on the forum.

1) Tell us why you are running Hijack This. It is very unproductive to have us guess why you are posting your log in the first place. If you have a virus, let us know what the virus was, if you got spyware, tell us what it was.
2) Tell us what you have done before posting your logs. And it would be nice if you did something before someone suggests that you do what you should have done in the first place. Run an online virus scan like Housecall, run a spyware/adware scan like Spybot S&D, AdAware. As much as we would like to help you, you have to first learn to help yourself.
3) Help us help you by making our job easier. It is ridiculous to run your logger while you have a million other programs running in the background. The more unnecessary lines you make someone parse through, the more likely it is that the person will miss something important. Either take the time to shut down everything or run it as soon as you perform a reboot.

I hope that with these methods you will find help faster on these forums.

Cheers

[glc]

This thread is open for procedural discussion, but NOT for posting logs or obtaining help. Please open your own threads for obtaining assistance.

[Panama Red]

I'm finding that one of the most difficult obstacles in using a Hijack This! log is finding a valid explanation for some of the files it finds. So many logs have been posted all over the web that a google search invariably lists a large number of these posts but no reference to a description of some of the items listed. Does anyone have a good source to id some of these files?

[kram 2.0]

Quote:

Originally posted by glc This thread is open for procedural discussion, but NOT for posting logs or obtaining help. Please open your own threads for obtaining assistance.

Thanks - I was hoping this thread would be unlocked so I could post the links:

Adaware 6: (http://www.lavasoftusa.com/)

Spybot Search & Destroy 1.3: (http://www.safer-networking.org/)

TrendMicro's Housecall: (http://housecall.trendmicro.com)

HiJack This! and CWShredder: (http://www.spywareinfo.com/~merijn/downloads.html)

Hope that helps,
kram

[Steve1]

If I understand your question correctly, the following might be of help to you.

HijackThis Tutorial

Pacmans Startup List for checking 04 entries and running processes.

BHO and Toolbar List for checking 02 and 03 entries.

LSP List for checking 010 entries.

CWS Domains for checking R0 and R1 entries to see if they are CoolWebSearch related.

[Lobos]

Great tutorial for hijackthis by Acsell


BHO's Tools Bars

Use this for 02's & 03's in the log

CLSID - BHO List - Toolbar List @ CC

Tony KleinsBHO's

Start Up Items

Use this for 04's in the log

answersthatwork

Startup Applications

Windows Startup Online

Startup Programs



Active X controls

Use this for 016's in the log

Spywareblaster

Lobos

[Statica]

Thanx for the input guys.

Kram, the post was closed temporarily to make sure that the thread started off on the right foot. It seems to have.

[Panama Red]

Steve1 and Lobos, Thank you very much. Those are all going to be bookmarked in a "spyware" folder!

[mikezel]

Quote:

Originally posted by Panama Red Steve1 and Lobos, Thank you very much. Those are all going to be bookmarked in a "spyware" folder!

Ditto here Steve1 and Lobos, except I bookmarked the thread under "The best of PCMech"

Those resources will be extremely valuble to me in the future.

Mike

[CarlS]

Thank you, Statica, for posting this as a sticky and thank you, Steve1 and Lobos, for the excellent references. I am going to send this link to someone and I hope she will join PCMechanic as a result - after she gets her computer working well enough to go online.

[Cricket]

Great info in this thread, keep it coming.

With the increase in hijack activity lately, it's good to have a thread like this that we can all reference back to.

One thing, the creator of CoolWebShredder won't be updating it anymore (or not as often) since he's busy with school. So watch out for newer CoolWebSearch hijacks...they're said to be harder to deal with and remove. Hopefully, something else will come along to help with this problem.

Cricket

[Lobos]

oops I forgot to put the best resource of them all

http://www.google.com/

Lobos

[kev7555]

MAN!

Every day I become more impressed with the efficiency with which this forum is administrated. Thanks guys for all of the very useful links.

I was a bit stumped as to what to make of all the data in a HijackThis log.


-Kev

[glc]

Please read this thread, folks.

http://forum.pcmech.com/showthread.php?t=104450

[SGS]

I'd just like to add:

FBJ's List for checking those new 020, 021 and 022 entries.

[ghost2003]

posted a thread for this a while ago but im gonna add it here.
http://majorgeeks.com/download4265.html
Its a very nice little program to help with looking through HJT logs.

[Lobos]

Understanding Spyware, Browser Hijackers, and Dialers

tutorial Using Ad-aware

Tutorial Using Spybot S/D

Tutorial Using SpywareBlaster


I put these in here because it is a safer browser if anyone has a question on how to set it up Here are some tutorials

Howto Switch from Internet Explorer to Firefox

Enhancing Firefox with Browser Extensions

[toomyg]

You should make a special section in the forum just for HiJack logs

[kev7555]

Thanks, Statica and all else who have posted links here. I have taken Panama Red's suggestion and created a folder on spyware info.

The links to HiJackthis tutorials and start-up items have been especially helpful.



-Kev






,,

[glc]

Current version is 1.99, and is available here:

http://www.spychecker.com/program/hijackthis.html

Please use this version when you post a log.

[glc]

Updated to show current versions of recommended applications:

HijackThis - see previous post (#20)

Spybot S&D 1.3, http://safer-networking.org/en/download/index.html
Ad-Aware 1.05 SE, http://www.lavasoftusa.com/
CWShredder 2.12, http://cwshredder.net/bin/CWShredder.exe

Update and run your existing antivirus, then follow up with Housecall (http://housecall.trendmicro.com/hous...start_corp.asp) and Panda Active Scan (http://www.pandasoftware.com/actives..._principal.htm) to be totally thorough. IE required as they both require ActiveX.

[davsl]

Please could somebody take a look at my Hijack This Log file and see if anything is wrong. I posted a recent thread about Windows Media player 9 constantly starting evertime I booted up Windows XP and GLC recommended posting my logs up here. Thanks for any help

http://forum.pcmech.com/showthread.php?t=120314

[rjfvillarosa]

Davsl.
You need to start a new thread in the securities forum, then copy and paste your HJT log into the thread in order for people to see it, it is not going to get picked up tagged on the end of this thread.

[davsl]

Ok thanks very much will do

[glc]

Not to chew on you, but the second post in this thread says:

Quote:

This thread is open for procedural discussion, but NOT for posting logs or obtaining help. Please open your own threads for obtaining assistance.

In your case, you should have tacked your log (as a copy/paste, not an attachment) onto your existing thread instead of opening a new one, but all is good now.

[Dazzer]

Post removed, please see below.

[glc]

Quote:

Originally Posted by glc This thread is open for procedural discussion, but NOT for posting logs or obtaining help. Please open your own threads for obtaining assistance.

Please review the entire thread. Thank you.

[PMich]

I don't know if this is old news but there is a hijackthis log interpreter from the HijackThis site. I have attached the link below. Just copy and paste your log into the textbox and it tells you a little more about each entry. Good for those of us who aren't experts but are want to work out our own problems.

HijackThis analysis

[Panama Red]

Nice linky there, PMich! Think I'll give that a try with the next infestation I'm asked to fix.

[rjfvillarosa]

Good link Mich.