well....First few entries in HijackThis (HJT) Log file is the Background Running Processes/ Here u check the files or processes which have suspecious looking names like Expl0rer.ex (has Zero instead of O) or winupdt.exe (windows doents have this file, but the user is tricked by the name) or some random names like sdfrw3345sdf.exe or something.Then we to delete those fiels.
Netx, in HJT log u will have entries preceded by R0, R1, R2, these entries list IE Startup Page, Search Page and Default update page. If the Browser is
hijacked, these links will be changed to some unknown underground websites or some AD websites. Default entries r contains links to msn, microsoft, wwindowsupadte.microsoft like that...
Next, u will have entries precede by F0, F1, These list the Programas that run at Startup. Here also u have look at the Filenames which is suspecious in nature.
then there r entries preceded by o1, o2, o3 up to o23, all these may not be in a single log file....
Important ones are:-
O2 - Browser Helper Objects (BHO)
O3 - Internet Explorer toolbars (like Google Toolbar)
O4 - Autoloading programs from Registry
O8 - Extra items in IE right-click menu (Added Context menu items)
O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (Added buttons like FlashGet or DAP buttons)
O12 - IE plugins (Lists all the Plugins of IE installed)
O15 - Unwanted site in Trusted Zone (Trusted Zone ideally lists WindowsUpdate Site, but some Spyware adds sites like Ad-sites, Warez site etc to it, HJT list all the sites here)
O16 - ActiveX Objects (aka Downloaded Program Files) (lists all ActiveX components, like Java, Flash plugin and any possible spyware)
O17 - Lop.com domain hijackers (LOP.COM is one Spyware/ADware site, which when infects a system, it places Icons like Poker, Travel, Bingo etc on Desktop and these can not be deleted)
HJT lists ALL entries of above fields, but we have to filter out the bad ones out of these and remove them....
common methods to identify bad things r:-
1]Suspicious looking or randome looking filename
2]Non default IE startup/search page.
3]Suspicious DLL files that too residing in Temp folders.
4]AdWare (like IEPlugin, Aureate, Go!zilla etc) based buttons / toolbars in IE.