Windows Tutorials - Herong's Tutorial Examples - v5.62, by Dr. Herong Yang
Outdated: "HijackThis" - Spyware and Browser Hijacker Detector
This section provides a tutorial example on how to run 'HijackThis' to generate a system diagnose report.
HijackThis is probably the most popular spyware detection tools available on the Internet. So I downloaded HijackThis v1.99.0 from the Web site: http://www.merijn.org/.
Here is a basic tour of how to use HijackThis:
1. Run HijackThis, it will offer you a couple of command buttons on the first dialog box.
2. Click the "Do a system scan and save a logfile" button. HijackThis will scan your system and show you the "Save logfile" dialog box.
3. Select a directory and enter a file name for the log file, for example, c:\temp\hijackthis.log.
4. Open c:\temp\hijackthis.log with a text editor. You will see a HijackThis report like this:
Logfile of HijackThis v1.99.0
...
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
...
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
...
C:\WINDOWS\Explorer.EXE
...
C:\local\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
= http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
= http://www.yahoo.com
...
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5
-9803-1c2956615786} - C:\Program Files\Google\Google Desktop
Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333
-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
- C:\WINDOWS\System32\AlxTB1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467}
- C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090...}
- C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
- C:\local\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
- c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless
\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies
\ATI Control Panel\atiptaxx.exe
...
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google
\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NetZero_uoltray] C:\local\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files
\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip
\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files
\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:
\program files\google\GoogleToolbar2.dll/cmwordtrans.html
...
O8 - Extra context menu item: Translate Page into English - res://c:
\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF
-AAA5-00401...} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
...
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
- C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d
-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = abc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList
= abc.com,xyz.com
...
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: Network Associates Task Manager - Network Associates,
Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel
\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation
- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Apache Tomcat - Apache Software Foundation
- C:\tomcat50\bin\tomcat.exe
...
See the next section on how to read this report.
Table of Contents
Introduction to Microsoft Windows
Introduction to Windows Explorer
Introduction to Internet Explorer
"Paint" Program and Computer Graphics
GIMP - GNU Image Manipulation Program
JPEG Image File Format Quality and Size
GIF Image File Format and Transparent Background
"WinZip" - ZIP File Compression Tool
"WinRAR" - RAR and ZIP File Compression Tool
FTP Server, Client and Commands
"FileZilla" - Free FTP Client and Server
Web Server Log Files and Analysis Tool - "Analog"
Spyware Adware Detection and Removal
IE Addon Program Listing and Removal
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
Spybot - Spyware Blocker, Detection and Removal
Setting Up and Using Crossover Cable Network
Home Network Gateway - DSL Modem/Wireless Router
Windows Task Manager - The System Performance Tool
"tasklist" Command Line Tool to List Process Information
"msconfig" - System Configuration Tool
Configuring and Managing System Services
Windows Registry Key and Value Management Tools
Startup Programs Removal for Better System Performance
►Outdated: "HijackThis" - Spyware and Browser Hijacker Detector
Outdated: Removing deSrcAs.dll - MyWay Search Assistant
Outdated: Removing Google Desktop Icon - GoogleDesktop.exe
Outdated: Removing IE Default Search Settings
Outdated: Removing IE Addon "winfixer"
Outdated: Removing Yahoo! IE Services Button - yiesrvc.dll
Outdated: Removing MySearch Toolbar - S4BAR.DLL
Outdated: Removing NetZero Toolbar - Toolbar.dll