If you don't got this program you download now HijackThis.exe

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It's up to you to decide what should be removed. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.

HijackThis when first opened, you do not have to change any settings at this point.
Notice the empty section in the middle. This is where the scan results will be listed later.

Examine the two sets of buttons. To start the scan, Click the Scan button on the left.

HijackThis after the scan.
The Scan Button has a new Caption. Save Log. Click the Save Log button to create a file named Hijackthis.log. A dialog box will pop up. Use it to select the location where you will save the log. Close the program.

Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum such as HijackThis.de Supportforum and to hope that a more experienced user takes some time to analyze it. The "HijackThis log file analysis" script is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button.

WinTasks Process Library are available online on site www.liutilities.com

Once you have received advice on what should be removed, reopen HijackThis. Scan again. You have changed nothing and this scan result will be the same as the first. Place a checkmark in the box in front of each item you plan to remove.
Click the Fix checked button.
A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.
The next section will cover another tool which has been integrated into HijackThis. This tool is Startuplist. Look at the Buttons on the right. Click the Config... button to go to the next Screen.

This is a regular logfile
Logfile of HijackThis v1.99.0
Scan saved at 10.42.54, on 18/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOW\Ssystem32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet\Sygate\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Common Framework\FrameworkService.exe
C:\Programmi\Mcafee\Mcshield.exe
C:\Programmi\Mcafee\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Mcafee\SHSTAT.EXE
C:\Programmi\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBackTBMon.exe
C:\PROGRA˜1\ANTISP˜1\Ad-Aware\Ad-Watch.exe
d:\Documenti\Downloads\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Utilita'\Acrobat 6.0\ReaderActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA˜1\Internet\SPYBOT˜1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA˜1\Internet\FlashGetjccatch.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA˜1\Internet\STARDO˜1\SDIEInt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA˜1\Internet\FlashGet\fgiebar.dll
O4 - HKLM..Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM..Run: [ShStatEXE] "C:\Programmi\Mcafee\SHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:\Programmi\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM..Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBackTBMon.exe"
O4 - HKLM..Run: [SmcService] C:\PROGRA˜1\Internet\Sygate\smc.exe -startgui
O4 - HKLM..Run: [AWMON] "C:\PROGRA˜1\ANTISP˜1\Ad-Aware\Ad-Watch.exe"
O4 - HKLM..Run: [Logon Loader Random] "C:\Programmi\Utilita'\Logon Loader\LogonLoader.exe" -random
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA˜1MICROS˜2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\PROGRA˜1\Internet\STARDO˜1\sdie.htm
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\Internet\FlashGetjc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\Internet\FlashGetjc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA˜1\Internet\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA˜1\Internet\FlashGet\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094811426578
O23 - Service: Servizio di framework di McAfee - Network Associates, Inc. - C:\Programmi\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Programmi\Mcafee\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Programmi\Mcafee\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\vsvc32.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Programmi\Internet\Sygatesmc.exe


Each line in a HijackThis log starts with a section name.

* R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
* F0, F1 - Autoloading programs
* F2, F3 - Autoloading programs mapped to the Registry
* N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
* O1 - Hosts file redirection
* O2 - Browser Helper Objects
* O3 - Internet Explorer toolbars
* O4 - Autoloading programs from Registry
* O5 - IE Options icon not visible in Control Panel
* O6 - IE Options access restricted by Administrator
* O7 - Regedit access restricted by Administrator
* O8 - Extra items in IE right-click menu
* O9 - Extra buttons on main IE button toolbar, or extra items in IE ‘Tools’ menu
* O10 - Winsock hijacker
* O11 - Extra group in IE ‘Advanced Options’ window
* O12 - IE plugins
* O13 - IE DefaultPrefix hijack
* O14 - ‘Reset Web Settings’ hijack
* O15 - Unwanted site in Trusted Zone
* O16 - ActiveX Objects (aka Downloaded Program Files)
* O17 - Lop.com domain hijackers
* O18 - Extra protocols and protocol hijackers
* O19 - User style sheet hijack
* O20 - AppInit_DLLs Registry value autorun
* O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
* O22 - SharedTaskScheduler autorun Registry key


HijackThis log tutorial by Merijn.org
HijackThis log tutorial by Aumha.org


StartupList
StartupList is a utility which creates a list of everything which starts up when you boot your computer plus a few other items. When run, it creates a file named StartupList.txt and immediately opens this text file in Notepad. A StartupList will not be needed with every forum posting, but if it is needed it will be asked for, so please refrain from posting one unless asked.

Clicking the Config... button on the Opening Screen takes you to the Screen shown on the left. This is the Main Page. Looking at the top, you will find four buttons. Click the Misc Tools button at the far right.

You are now at the Page shown on the right. Notice the three buttons in the middle area of the window. Click the Generate StartupList log button. A confirmation box will pop up. Click Yes.
The Startup list text file will now be generated and opened on the screen. If you are posting at a Forum, please highlight all, and then copy and paste the contents into your Reply in the same post where you originally asked your question.