What do the prefixes (e.g. R1, 013) in HiJackThis logs mean?

R - Registry, StartPage/SearchPage changes


R0 - Changed registry value


R1 - Created registry value


R2 - Created registry key


R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries


F0 - Changed inifile value


F1 - Created inifile value


F2 - Changed inifile value, mapped to Registry


F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes


N1 - Change in prefs.js of Netscape 4.x


N2 - Change in prefs.js of Netscape 6


N3 - Change in prefs.js of Netscape 7


N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:


O1 - Hijack of auto.search.msn.com with Hosts file


O2 - Enumeration of existing MSIE BHO's


O3 - Enumeration of existing MSIE toolbars


O4 - Enumeration of suspicious autoloading Registry entries


O5 - Blocking of loading Internet Options in Control Panel


O6 - Disabling of 'Internet Options' Main tab with Policies


O7 - Disabling of Regedit with Policies


O8 - Extra MSIE context menu items


O9 - Extra 'Tools' menuitems and buttons


O10 - Breaking of Internet access by New.Net or WebHancer


O11 - Extra options in MSIE 'Advanced' settings tab


O12 - MSIE plugins for file extensions or MIME types


O13 - Hijack of default URL prefixes


O14 - Changing of IERESET.INF


O15 - Trusted Zone Autoadd


O16 - Download Program Files item


O17 - Domain hijack


O18 - Enumeration of existing protocols and filters


O19 - User stylesheet hijack


O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys


O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key


O22 - SharedTaskScheduler autorun Registry key


O23 - Enumeration of NT Services