Jump to content
Posted 24 January 2011 - 08:30 PM
Posted 25 January 2011 - 04:07 PM
Posted 25 January 2011 - 06:45 PM
Posted 26 January 2011 - 07:29 AM
Yes, but when I select "Info on selected item..." it says that for O2 (BHO) it will delete the registry key and the CLSID and for O20 (Winlogon Notify) it will delete the registry key. Admittedly, for O16 (DPF) it doesn't say anything.
I am by no means an expert, but I do know that not all of the items that you choose "fix" for will be deleted by hijackthis. It is a very complicated tool, and "fixing" items does not always delete them. There are certain areas in the log that a "fix" will do nothing more than delete a shortcut to the file, or remove the DLL from starting at Windows boot.
This was my first thought and as I said in my first post, I have tried logging in as an administrator and fixing in safe mode (as admin).
With that said, if you cannot permanently fix some entries with HijackThis that generally means something is interfering. This could due to one of your other security programs which was not disabled properly or by trying to fix while not logged in as Administrator or an account with administrator privileges.
Thank you, I think I understand what HJT is and what it does. Or is there something specific that I'm missing? Also, perhaps I should have mentioned in my first post that this is on a WinXP Home SP3 machine.
There are tutorials available for advanced users which will help you understand more clearly about the use of HijackThis and what it does.
Again I ask you to heed the warning about fixing anything by yourself. If you choose to ignore that warning you do so at your own risk.
- BC's HijackThis Tutorial & Guide
- Understanding and Interpreting HijackThis Entries - Part 1: R0 to N4
- Understanding and Interpreting HijackThis Entries - Part 2: O1-O9
- Understanding and Interpreting HijackThis Entries - Part 3: O10-O23
Important Note for 64-bit system users: Be aware that many of the tools we use for malware removal are designed for 32-bit systems and do not work or can give misleading results on 64-bit machines. For instance, running HijackThis on a 64-bit machine may show log entries which indicate (file missing) when that is NOT always the case. Anti-malware scanners and many specialized fix tools have problems enumerating the drivers and services on 64-bit machines so they do not always work properly.
Why? Microsoft created a new folder (C:\Windows\SysWOW64) that contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. For a more detailed explanation, please refer to Making the Move to x64: File System Redirection and WOW64 Implementation Details.
Posted 26 January 2011 - 10:20 AM
is that a bird? a plane? nooo it's the flying blueberry!
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!
Follow BleepingComputer on: Facebook | Twitter | Google+
0 members, 0 guests, 0 anonymous users