Free Spyware Removal

 Spyware-And-Adware-Removal.com
 
> HOME
> Basic Removal
> Advanced Removal
> Spyware Prevention
> What is Spyware?
> What is Adware?
> Trojans
> Phishing
> Tracking Cookies
> BHOs
> Software Reviews
> Spybot
> HijackThis
> Ad-Aware
> Spyware Security Tips
> Prevent Spamming
> Firewalls



           

Using HijackThis

How to get serious and use HijackThis!

HijackThis is probably the most powerful tool that you can use to remove spyware. It can be a very complex program to use, but no other program will give you the kind of access that HijackThis can. But that also means that it can be risky if you aren't sure what you are doing. You can get HijackThis here or just do a Google search for HijackThis. Learn to use it below.

How to Decode the Results

Your scan results log will look something like this:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theregister.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
You can get your log file analyzed quickly online Here. Just Save your log file after the system scan and upload it to that website and look at the results.

Use it at your own risk

There is no real easy way to explain how to use it. If you're a beginner at computers, then it may not be a good idea to use this tool, because you can certainly mess up a few things with it. HijackThis basically gives you full access and control over any files running on your computer, so be careful what you use it to remove.

How to recover something removed with HijackThis

Open up HijackThis, and click 'Do a system scan only'. Next, click the Config button. On that page, under configuration, click Backups. Inside of there will be a list of everything that you have removed. Simply put a checkmark next to the item you want restored, and click the restore button. HijackThis will then move the item from its backup folder back to the way it found it.

Problems to avoid

Just as a tip, some spyware has gotten smart and will be able to hide itself from a HijackThis scan. It looks to see if HijackThis.exe is running, and can avoid it if it is. The way to solve this is to just rename your program to something like scanner.exe. It's a simple fix, but can save you a lot of confusion.


Free Spyware Removal Quick Tips
Help My Computer is Slow
Using System Restore
Browser Hijacking
How To Remove Zlob Spyware
Mac Spyware Removal
Spyware Detection: How to
Effectivley Scan for Spyware


 
Home | Links Directory | BRL | Resources
Spyware-And-Adware-Removal.com 2008