Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

HijackThis – your first tool for remove homepage hijackers

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It’s up to you to decide what should be removed. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.

free antispyware

How to make a HijackThis log.

  • Download HijackThis and save it to your Desktop.
  • Doubleclick on the HJTinstall.exe icon for install (By default it will install to C:\Program Files\Trend Micro\HijackThis). Click on Install, It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad.

How to remove malware using HijackThis.

  • Run HijackThis.
  • Click on the Do a system scan only button.
  • Place a checkmark in the box in front of each item you plan to remove.
  • Click the Fix checked button.
  • A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.

How to make a Startup List using HijackThis.

StartupList is a utility which creates a list of everything which starts up when you boot your computer plus a few other items.

  • Run HijackThis.
  • Click on the Open the Misc Tools Section button.
  • Click the Generate StartupList log button. A confirmation box will pop up. Click Yes.
  • The Startup list text file will now be generated and opened on the screen.
  • If you are posting at a Forum, please highlight all, and then copy and paste the contents into your Reply in the same post where you originally asked your question.

Note: If you have run and fixed anything with Spybot Search and Destroy or AdAware, please reboot before scanning.

Download HijackThis Installer (HJTinstall.exe) from here.

If you are seeking help, then I would recommend that you follow the instructions and post your HijackThis log in the spyware removal forum. Myantispyware.com team will help you.

Share and Enjoy:

  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Slashdot
  • Twitter
December 5, 2005 on 8:19 am | In Best Programs, Browser Hijacking, Free Software | 24 Comments |


24 Comments »

RSS feed for comments on this post. TrackBack URI

  1. Don`t post HijackThis logs here, go to Myantispyware forum for get free help!

    Comment by Patrik — June 30, 2007 #

  2. Thanks

    Comment by Jim — December 30, 2007 #

  3. i need help with these browswer hijackers!

    Comment by charlie johnson — February 25, 2008 #

  4. Johnson, read How to use Spyware Removal Forum – MUST READ for get free help.

    Comment by Patrik — February 25, 2008 #

  5. i can not remove w32.virut.w
    virus
    by
    combofix smithfroudfix & hijackthis
    help me

    Comment by hemant — November 21, 2008 #

  6. Hemant, make a new topic at our spyware removal forum. I will help you.

    Comment by Patrik — November 21, 2008 #

  7. When I dowloaded hjtinstall to my mac onto a usb drive to install into my PC. I rebooted my PC into use original boot,ini on the sys config utility. (it may have rebooted into a rogue boot.ini beause I get a weird prompt about access denied when I try to restart in a safe mode) and tried to open the hjtinstall.exe from both the usb drive and the desk top. I get the following prompt: THE SERVICE CANNOT BE STARTED, EITHER BECAUSE IT IS DISABLED OR BECAUSE IT HAS NO ENABLED DEVICES ASSOCIATED WITH IT. Any ideas?

    Comment by ruth — December 20, 2008 #

  8. ruth, the problem only with HijackThis ? Standart windows apps, notepad for example, works ok ?
    Please read and follow these instructions, skip HijacThis section.

    Comment by Patrik — December 20, 2008 #

  9. thanx

    Comment by njoro — January 14, 2009 #

  10. how to remove Autorun.inf

    Comment by Esi — January 22, 2009 #

  11. Esi, use Flash Disinfector.

    Comment by Patrik — January 22, 2009 #

  12. Thanx…

    Comment by Crisjoshua — January 29, 2009 #

  13. I cannot install Hijack, what can I do?

    Comment by rainbow — April 9, 2009 #

  14. Probably malware blocked it. Ask help at our forum.

    Comment by Patrik — April 9, 2009 #

  15. I registered a new account for the forum, received an email, but didnt see the return email address nor the fax number.

    Can someone help on the activation of the account?
    I was able to get rid of the Malware Catcher 2009 but now I cant connect to the Internet. Appreciate help!

    Comment by aaron — June 7, 2009 #

  16. aaron, your account is activated.

    Comment by Patrik — June 7, 2009 #

  17. StartupList report, 28/06/2009, 11:25:29 ص
    StartupList version: 1.52.2

    Comment by bo3bo3x86 — June 28, 2009 #

  18. bo3bo3x86, please ask help at our Spyware removal forum.

    Comment by Patrik — June 28, 2009 #

  19. Nice going. I dowloaded HijackThis, and it keeps shutting down. It won’t run on Vista Home

    Comment by ralph of e — August 14, 2009 #

  20. ralph, looks like you PC infected with malware that blocks it. Ask for help at our Spyware removal forum.

    Comment by Patrik — August 15, 2009 #

  21. I’ve been trying to get rid of windows police pro. I followed all the directions on you post but couldn’t get MBAM to launch.
    I wanted to post a HijackThis log on the forum but the program just shut down after a minute of scanning. I ran it from a USB drive in safe mode.

    Please help, thanks.

    Comment by amy — September 16, 2009 #

  22. StartupList report, 22.4.2010, 11:26:19
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\hijackthis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Enumerating Task Scheduler jobs:

    At1.job
    At10.job
    At11.job
    At12.job
    At13.job
    At14.job
    At15.job
    At16.job
    At17.job
    At18.job
    At19.job
    At2.job
    At20.job
    At21.job
    At22.job
    At23.job
    At24.job
    At3.job
    At4.job
    At5.job
    At6.job
    At7.job
    At8.job
    At9.job
    {BB65B0FB-5712-401b-B616-E69AC55E2757}.job

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    ————————————————–
    End of report, 3.673 bytes
    Report generated in 0,063 seconds

    Command line options:
    /verbose – to add additional info on each section
    /complete – to include empty sections and unsuspicious data
    /full – to include several rarely-important sections
    /force9x – to include Win9x-only startups even if running on WinNT
    /forcent – to include WinNT-only startups even if running on Win9x
    /forceall – to include all Win9x and WinNT startups, regardless of platform
    /history – to list version history only

    Comment by filip — April 22, 2010 #

  23. filip, please start a new topic in our Spyware removal forum. I will help you.

    Comment by Patrik — April 22, 2010 #

  24. nice program perfecttttttttttt

    Comment by alfreo — May 7, 2010 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.