HijackThis Log File Entry Types

This section provides a quick introduction of different entry types in the log file generated by 'HijackThis'.

If you look at the HijackThis log file included in the previous section, you will see that the report is divided into two sections.

The first part of the log file tells you what non-system processes currently running on the system. You should review them to ensure that they are all legitimate.

The second part of the log file tells you what registry settings and file settings that are different than the default system. These differences could contain browser hijacking settings created by malware. You should review them to ensure that they are all legitimate.

Each entry in the log file is labeled with a log file entry type code. If you highlight an entry and click the "Info on selected item" button, additional information will be displayed about this entry and about the entry type.

Here is a list of log file entry types:

 R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
 F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
 N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
 O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry and Winlogon Notify Registry
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

HijackThis - Browser Hijacker Diagnosis Tool

 Downloading and Installing HijackThis

 Scan Report Generated by HijackThis

HijackThis Log File Entry Types

 Building "ignorelist" for HijackThis

 Fixing Settings Reported by HijackThis

 Generating Startup Program List by HijackThis

 Listing Processes and DLL Files with HijackThis

 Listing Installed Programs with HijackThis

 HijackThis Configuration Settings

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 Full Version in PDF/ePUB