Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Scan Report Generated by HijackThis
This section provides a tutorial example on how to run 'HijackThis' to generate a system diagnose report in Windows systems.
The primary use of HijackThis is to scan browser hijacking locations and list all programs at those locations. Here is how to do this:
1. Double click "C:\local\HijackThis\HijackThis.exe". You will see HijackThis started with its main menu:
2. Click the "Do a system scan" button. HijackThis will scan your Windows system and report all registry settings and file settings related browser hijacking locations. You will see the scan report display in the HijackThis windows.
3. Click the "Save log" button. HijackThis lets you save the scan report as HijackThis log file on your computer:
Logfile of Trend Micro HijackThis v2.0.4
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)
FIREFOX: 26.0 (en-US)
Running processes:
...
C:\Windows\Explorer.EXE
...
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\local\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
= http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
- (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
- (no file)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
- C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper
- {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files\Java\jre7\bin\ssv.dll
...
O4 - HKLM\..\Run: [Adobe ARM]
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
...
O4 - Startup: OpenOffice.org 3.2.lnk
= C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Monitor Apache Servers.lnk
= C:\local\httpd\bin\ApacheMonitor.exe
...
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send page to &Bluetooth Device...
- C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
...
O18 - Protocol: skype4com
- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
...
O23 - Service: Apache2.2 - Apache Software Foundation
- C:\local\httpd\bin\httpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies
- C:\Program Files\Skype\Updater\Updater.exe
...
The picture below shows how scan report displayed in HijackThis window:
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
►HijackThis - Browser Hijacker Diagnosis Tool
Downloading and Installing HijackThis
►Scan Report Generated by HijackThis
HijackThis Log File Entry Types
Building "ignorelist" for HijackThis
Fixing Settings Reported by HijackThis
Generating Startup Program List by HijackThis
Listing Processes and DLL Files with HijackThis
Listing Installed Programs with HijackThis
HijackThis Configuration Settings
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal