nightowl
03-25-2005, 01:29 PM
Some people have asked me to do this, Heres a short guide if you want to try and Fix your HijackThis Log yourself. A list of programs and websites to help you clean your log.
First I use Hijack This tutorial.
http://computercops.biz/HijackThis.html
To check the top part of the log I type in the file name on this website. It has a search function.
http://www.processlibrary.com/
If there is a file in question just type it into the search function and it will tell you if its good or bad. If no results are found check dogpile or google search engines and find info on those files. If they dont find anything usually its bad.
For R1,R0,014 etc If they are homepage, Internet provider, email they should be ok. If not I delete them.
R3s are usually always bad.
01s usually always bad
02s and 03s i use this website to check the CLSID number.
example of CLSID Number
0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7
http://computercops.biz/CLSID.html
If they are not on the list I use Dogpile or Google to see what other boards are doing with them. If I still cant find any info I'll usually delete it.
04s I use the program start_ups.exe to find if they are good or bad. It has a search function. If its not listed on here use Google or Dogpile. Here is the website where you can download this program.
http://www.pacs-portal.co.uk/startup_content.php
scroll down a ways its near the bottom.
05 06 07 dont see these much. follow tutorial if needed
08 09 if you dont recognize it check dogpile or google.
010 LSPs. Need to be careful with these sometimes. Here is a few websites to check out.
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
http://computercops.biz/LSPs.html
This website will tell you if the file is good or bad.
http://www.cexx.org/lspfix.htm
This website is where you download LSP_Fix
Only delete files with LSPFIX if they are bad (Check first website) If they are good or not on the list leave them alone.
010 - Hijacked Internet access by New.Net
http://www.newdotnet.com/removal.html
this is bad, follow directions on this website.
011 dont see these much follow tutorial
012 usually ok. plugins etc
013s usually bad unless its a website you are familiar with
014 same as R1s if you recognize its ok if not usually bad,
015 usually bad, I usually automaticallly fix these. Can be exceptions though.
016 these take alot of time to check. SpywareBlaster has a search function. (Right click then click find, type in CLSID number) If SpywareBlaster finds it its always bad.
If it doesnt find it use dogpile or google, Type in CLSID number. SpywareBlaster will also work on 02,03,09s anything with a CLSID number.
017,018 These are sometimes hard to figure out if they are good or bad. Sometimes I wait and see how the computers are running before I delete these. But sometimes I can tell if they are bad. Follow tutorial on these.
Another thing on 017s I use this website to check the IP numbers. If they have no info on the number in question I usually delete it.
http://www.geobytes.com/IpLocator.htm?GetLocation
019, 020 , 021, 022 follow tutorial
O20 - AppInit_DLLs: l7bc916zop39ud.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll
If you have a 020 with a dll string like the one above its bad. These can be hard to remove.If the dll string gets too long(like the one above) it can shut your computer down. HijackThis can shorten these sometimes. Trend Micro also has been known to kill this. If you can get the dll string down to one renaming the file can kill it in most cases.
l7bc916zop39ud.dll rename to anything.txt or anything.old then delete, empty recycle bin and reboot.
dll string has to be down to one
http://housecall.trendmicro.com/
023 most of the time these are ok, may see some with missing files i usually delete. If it looks strange check dogpile or google.
If there are any questions feel free to ask them here. Please no Logs here.Questions or more info only........Jim :vivi
First I use Hijack This tutorial.
http://computercops.biz/HijackThis.html
To check the top part of the log I type in the file name on this website. It has a search function.
http://www.processlibrary.com/
If there is a file in question just type it into the search function and it will tell you if its good or bad. If no results are found check dogpile or google search engines and find info on those files. If they dont find anything usually its bad.
For R1,R0,014 etc If they are homepage, Internet provider, email they should be ok. If not I delete them.
R3s are usually always bad.
01s usually always bad
02s and 03s i use this website to check the CLSID number.
example of CLSID Number
0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7
http://computercops.biz/CLSID.html
If they are not on the list I use Dogpile or Google to see what other boards are doing with them. If I still cant find any info I'll usually delete it.
04s I use the program start_ups.exe to find if they are good or bad. It has a search function. If its not listed on here use Google or Dogpile. Here is the website where you can download this program.
http://www.pacs-portal.co.uk/startup_content.php
scroll down a ways its near the bottom.
05 06 07 dont see these much. follow tutorial if needed
08 09 if you dont recognize it check dogpile or google.
010 LSPs. Need to be careful with these sometimes. Here is a few websites to check out.
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
http://computercops.biz/LSPs.html
This website will tell you if the file is good or bad.
http://www.cexx.org/lspfix.htm
This website is where you download LSP_Fix
Only delete files with LSPFIX if they are bad (Check first website) If they are good or not on the list leave them alone.
010 - Hijacked Internet access by New.Net
http://www.newdotnet.com/removal.html
this is bad, follow directions on this website.
011 dont see these much follow tutorial
012 usually ok. plugins etc
013s usually bad unless its a website you are familiar with
014 same as R1s if you recognize its ok if not usually bad,
015 usually bad, I usually automaticallly fix these. Can be exceptions though.
016 these take alot of time to check. SpywareBlaster has a search function. (Right click then click find, type in CLSID number) If SpywareBlaster finds it its always bad.
If it doesnt find it use dogpile or google, Type in CLSID number. SpywareBlaster will also work on 02,03,09s anything with a CLSID number.
017,018 These are sometimes hard to figure out if they are good or bad. Sometimes I wait and see how the computers are running before I delete these. But sometimes I can tell if they are bad. Follow tutorial on these.
Another thing on 017s I use this website to check the IP numbers. If they have no info on the number in question I usually delete it.
http://www.geobytes.com/IpLocator.htm?GetLocation
019, 020 , 021, 022 follow tutorial
O20 - AppInit_DLLs: l7bc916zop39ud.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d ll.dll.dll.dll.dll.dll.dll.dll.dll.dll
If you have a 020 with a dll string like the one above its bad. These can be hard to remove.If the dll string gets too long(like the one above) it can shut your computer down. HijackThis can shorten these sometimes. Trend Micro also has been known to kill this. If you can get the dll string down to one renaming the file can kill it in most cases.
l7bc916zop39ud.dll rename to anything.txt or anything.old then delete, empty recycle bin and reboot.
dll string has to be down to one
http://housecall.trendmicro.com/
023 most of the time these are ok, may see some with missing files i usually delete. If it looks strange check dogpile or google.
If there are any questions feel free to ask them here. Please no Logs here.Questions or more info only........Jim :vivi