"HijackThis" - Spyware and Browser Hijacker Detector

This section provides a tutorial example on how to run 'HijackThis' to generate a system diagnose report.

HijackThis is probably the most popular spyware detection tools available on the Internet. So I downloaded HijackThis v2.0.4 from the Web site: http://sourceforge.net/projects/hjt

Here is a basic tour of how to use HijackThis:

1. Run HijackThis, it will offer you a couple of command buttons on the first dialog box.

2. Click the "Do a system scan and save a logfile" button. HijackThis will scan your system and show you the "Save logfile" dialog box.

3. Select a directory and enter a file name for the log file, for example, c:\temp\hijackthis.log.

4. Open c:\temp\hijackthis.log with a text editor. You will see a HijackThis report like this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:44 PM, on 4/7/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
...
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antima...
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_U...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssist...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSea...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolder...
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-...
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695EC...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3...
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}...
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BB...
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D...
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02F...
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f}...
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74...
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F...
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - ...
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Off...
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\...
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common F...
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Commo...
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Fi...
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe...
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft ...
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messeng...
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\local\httpd\b...
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C...
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1...
O8 - Extra context menu item: Send image to &Bluetooth Device... -...
O8 - Extra context menu item: Send page to &Bluetooth Device... - ...
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663...
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3...
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-984...
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC...
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\b...
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth ...
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E...
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Ad...
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayer...
O23 - Service: Apache2.2 - Apache Software Foundation - C:\local\h...
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation....
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown...
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unkno...
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - ...
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. -...
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner ...
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead S...
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\...
...

See the next section on how to read this report.

Table of Contents

 About This Book

 Introduction to Microsoft Windows

 Introduction to Windows Explorer

 Introduction to Internet Explorer

 "Paint" Program and Computer Graphics

 GIMP - GNU Image Manipulation Program

 JPEG Image File Format Quality and Size

 GIF Image File Format and Transparent Background

 "WinZip" - ZIP File Compression Tool

 "WinRAR" - RAR and ZIP File Compression Tool

 FTP Server, Client and Commands

 "FileZilla" - Free FTP Client and Server

 Web Server Log Files and Analysis Tool - "Analog"

Spyware Adware Detection and Removal

 What Is Spyware?

"HijackThis" - Spyware and Browser Hijacker Detector

 "HijackThis" Report Entry Types

 Spyware: WebBar - htwtb.bin and bar.dll

 Spyware: SurfBuddy - sbuddy.dll

 Spyware: WebSpecials - webspec.dll

 Spyware: DSSAgent - DSSAgent.exe

 Transponder: Best Offer - farmmext.exe

 Spyware: dinst.exe - dsr.dll

 IE Addon Program Listing and Removal

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 Spybot - Spyware Blocker, Detection and Removal

 Setting Up and Using Crossover Cable Network

 Home Network Gateway - DSL Modem/Wireless Router

 Windows Task Manager - The System Performance Tool

 "tasklist" Command Line Tool to List Process Information

 "msconfig" - System Configuration Tool

 Configuring and Managing System Services

 Windows Registry Key and Value Management Tools

 Startup Programs Removal for Better System Performance

 Winsock - Windows Sockets API

 Java on Windows

 Glossary of Terms

 Outdated Tutorials

 References

 PDF Printing Version