How to clean your PC with HijackThis
By Karen Whitehouse
Sometimes, despite your best efforts, insidious adware burrows into your computer and won't come out. It can hijack your home page, add an unwanted toolbar to your browser, pop up ads, or even track your every movement for commercial gain. You should always try running standard adware-removal programs such as Ad-aware and Spybot - Search & Destroy first, but when they can't keep the nasties at bay, HijackThis digs deep. Be careful, though: The program identifies commonly abused methods of altering your computer, some of which may be benign and some that are critical. Fortunately, the Internet community offers ways to separate spyware from critical system components.
Set it up
HijackThis downloads as a ZIP file that contains only the program itself, not an installer. When you unzip it, be sure to create a folder for the program to live in, such as C:\Program Files\HijackThis\, or it will simply unzip to your default downloads folder. To make running it even easier, you can right-click its program icon to create a shortcut on your desktop. Most versions of Windows let you drag the folder--or just the icon--to the Start menu and drop it where you want. Windows XP lets you right-click the icon and "pin" it to the Start menu. If you use the Quick Start toolbar, you can drag and drop the icon there.
Scan your system
Regardless of how you launch the program, running HijackThis can be confusing. All you do is click the Scan button to bring up a list of all the questionable entries in your registry and on your computer. However, even a completely healthy computer that's been customized by, say, setting a new Internet Explorer home page can have dozens of entries. A scan on our test machine resulted in 44 entries, all of which we recognized as benign. (If you'd like more information on why the program flagged a benign entry, you can either select an individual check box and hit the Info on Selected Item button or consult the publisher's excellent log tutorial. [http://www.spywareinfo.com/~merijn/htlogtutorial.html]) The best thing to do is save the log, preferably in the HijackThis folder, and look to the Internet for answers.
Conveniently, after the program scans, the Scan button turns into the Save Log button. Once you press that, the log opens up in Notepad. At that point, the brave or foolhardy can look up entries on the Web to see whether they're benign. For example, we discovered that lsass.exe is a Microsoft Windows process that helps authenticate user logins. Clearly this isn't something we want to delete, whereas the innocent-sounding rundll16.exe comes with the adware program BrowserAid.
However, you don't have to face the cleanup alone. Many anti-adware and tech-support online forums feature dedicated and smart people who will examine your HijackThis log file and tell you which entries to delete. SpywareInfo runs a good one, as do Computer Cops and TweakXP. For all three, registration is required, but it's free and quick. Read the forum rules before posting, and be patient.
Once you've done your research, check the box next to items you know are bad, then hit Fix Checked. After that, restart your computer and run an adware-removal program to see whether that took care of the problem. If you're still having problems, either repeat the process or return to the forums. The person who's helping you will tell you which files to remove, then probably ask you to restart, rescan, and post the new log. This process continues until your computer is once again deemed righteous. At that point, you can check items you know are good, such as those that reset the browser page to your chosen home page, and remove them from future flagging by hitting the Add Selected to Ignorelist button.
zapjb - I posted this guide cause there has been imo nonexperts pretending to be experts advising people about their HT! logs.