O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
I just did a HJ and I am almost sure the 2 above I can delete but i am not sure at all about the ones below. i just remember on some times when i have been help with HJ that I deleted a couple of the ones that had no file and no names in it. how wrong or right am I?
Sharon
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
The “fact” that a HijackThis log entry has “no file” and/or “no name” does NOT
mean it should be “deleted”, but further “research” should be done . For
example, a Google “Search” of “5C255C8A-E604-49b4-9D64-90988571CECB”
shows “Location: %ProgramFiles%\Windows Live\Messenger” which means it is
part of the Windows Live Messenger program . For HijackThis log “02” Entries,
it is recommended to use www.systemlookup.com as part of the Research
“process” .
I do understand in away and would be willing to do research, but really not sure what to look for and what would be the next step. i think i would be looking for some thing that would tell me if the file should be kept or deleted.
thanks Sharon
you say the orphaned entries and qwave,dll is that the name of the no name file? i am glad there is no suspicious entries there. i will still do some reading and see if i can understand any of it. should i delete any of the ones i posted from the scan?
thanks Sharon
As always google is your best friend here. An example from your posting, just give in the CLSID of the entry like: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} and then check what information you get on the B.H.O. Orphaned means you might have deleted it and an empty remnant is there, if it is secure you can either choose to restore the original Browser Helper Object, actually it is a dll module for which the dll is not there anymore or if you have no need of it further tag it in HJT and fix it giving an enter.
So I got the info here: http://www.systemlookup.com/CLSID/39866-LinkScannerIE_dll_avgssie_dll.html
Do this with all the other entries and you can make up a calculated guess what you have there.
Malware fighting is also teaching users/victims to fish for themselves so they can have a meal everyday, not just giving them a fish once,
Stay safe and secure online, is the wish and command of,
netzero use to be my ISP. now I have att. netzero is and has been unstalled four a few weeks. and the removal tool use as well. with help from here and unstalling all the way in safe mode. i have bluelight email address and they send me netzero ads from time to time. i also had trouble getting rid of nortin witch the computer came with and i did use there removal tool also. plus a lot more other troubles in this same kind of way that is going on now. i hope i have not confused you..
the above is what i had went thew and was pertty sure i could put a checkmark by and let HJ delete it. i need to re read your last post a few times to see how much of it i can understand.
i thought you should know it would not unstall the normal way. i had to do it in safemode. sense the netzero i have in the hj is just from the ads that bluelight send me. that is why i thought it would be ok just to delete them.
thanks Sharon
In order to determine IF certain portions of a HijackThis log should be “fixed”
( what HijackThis generally would be considered “Deleted” ), the entire Log
should be Posted so all Items can be viewed in context .
Years ago, when I switched ISPs, I did a Windows “Search” and based on its
Findings, I “deleted” ( right-clicked on the Entry ) all that the 'search" found.
In my case, that was AOL, so I did a Windows “Search” using “AOL” and later
“America Online” and “deleted” all “Items” found"; in your case, it MAY mean
doing a Windows “Search” using the terms “Netzero” and later “bluelight” and
right-clicking on all “Items” found !?
when i 1st posted i did not think any thing was wrong with the log. i just thought that because i no longer used netzero and use there removal tool. got a lot of help from this forum.and beelpingcomputer,com.when it was over my computer got a good bill of health. i just thought sense the 3 lines of the log had to deal with netzero had to do with just the advertisements bluelight sends from time to time. one person here maybe more said not to worry about it. every thing was OK. once again i am confused. but i will do another HJ and post it. it will take a few min.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:50 AM, on 6/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
i am going back and rereading every thing. i do this every time. it take awhile for me to remember what i am reading and learn how to use it.
the url you sent i get almost every question i have ask and i do spend a lot of time there reading and trying to understanding.
i did not thing there was any thing any thing was wrong with the log that i sent a few line only to try to learn what i can and canot delete. if i though there might be trouble i would have posted a full log at the begining. i was surpized that every one thought i was having trouble. like i said before i did not think there was a problem. do you see someting i missed that might be trouble?
thanks Sharon
You do NOT post a “full” HijackThis log ONLY if you think there may be
“trouble” or something “wrong”, but to provide a more through look at what is
on a computer ; when you post a HijackThis log on a Malware Removal Forum
such as Bleepingcomputer, their Experts FOCUS their attention on the
portions that lead to malware removal and leave the more optional portions
for someone else. By posting the “full” log now, what caught my attention is :
"O15 - Trusted Zone: *.mybluelight.com
O15 - Trusted Zone: *.mybluelight.net "
This shows at least one of the “areas” that you spoke about ; the “Begineer’s
Guide” I spoke about says the following about the “Trusted Zone” portion of
a Log :
"There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone… "
and later on, it says :
"I personally remove all entries from the Trusted Zone as they are ultimately unnecessary to be there. "
I am of the computer “philosophy” of having NOTHING in the “Trusted Zone”
section of a computer and would recommend you do likewise, either by having
HijackThis “Fix” those 2 “Lines” or by going to the “Trusted Zone” section of
your computer and “Deleting/Removing” those 2 Listings .
In you Log, I also saw the unnecessary “Bonjour/mDNSResponder” Service
which you could read about in some of my Posts on this Forum IF you use
the “search” function !?
This is about making minor “adjustments” to your computer, to make it more
secure and less troublesome .
with the opera browser i am not sure where to fine that setting. i can fine it in the IE 7 my husband user’s. it is set on the half way mark saying medium. that is the only place i see the trusted sites. should i mover it higher to restrick more site to view. bluelight is my main e-mail. there should be no more bluelight on this computer. next time i ask a question about the log i will post it all because common sense Say’s it would be the right way to ask and get prober help.
thanks Sharon
You will notice that near the top of the HijackThis Log, it says :
“MSIE: Internet Explorer v8.00”, so that means the “Trusted Zone” Info in the
Log ONLY pertains to IE . I would recommend you move the slider from
“Medium” to “Medium High”, which is the One I use . It still would be wise to
go into IE’s “Trusted Sites” and remove those 2 Bluelight Entries . I use Yahoo
and Hotmail for my email and neither “Yahoo” or “Hotmail/MSN” are in my
“Trusted Sites” and “Bluelight” should NOT be in yours either .
most of the time i use opera to check my mail at bluelight. does opera have a setting like that. and thank you i will delete the bluelight in hj. can I delete the netzero in the HJ too.
I did not have a chance to get on the computer yesterday.
thanks Sharon