If you read the instructions, it tells you to 'fix' certain things. This means clicking on the little square in front of the 'offender' and do that will all the ones that need to be 'fixed'. They will get a tick-mark when you click on them. Clicking them again will remove the tick-mark, if you made a mistake.
When done, you click on the button "fix checked". HJT makes a backup off all its fixes, so it can 'undo' a wrong fix.
Quite simple really.
Don't format yet, we'll do yours in "stages".
Make a new directory (AS INSTRUCTED!), e.g. \Program Files\HJT and copy the program there, DON'T run it from your desktop.
Switch off the Restore Points (Hope you know how to, I don't, have Win2000)
Boot in Safe Mode,
UNinstall anything to do with these programs:
C:\Program Files\XoftSpy\XoftSpy.exe
C:\freescan\freescan.exe -FastScan [=Spyware Begone]
C:\Program Files\Gator.com\Gator\Gator.exe
C:\Program Files\Common Files\GMT\GMT.exe
Then (still in Safe Mode) run Hijackthis on its own and put 'tick-marks' in (if still there):
Tick these running processes:
C:\WINDOWS\system32\
syscw32.exe
C:\PROGRA~1\
MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\
crge.exe
ALL lines starting with R0
ALL lines starting with R1
ALL lines starting with R3
O2 - BHO: (no name) - {C3C7FD25-8011-C8E8-25B7-34DF607095C5} - C:\WINDOWS\system32\
sdkvk.dll
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\
XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [crge.exe] C:\WINDOWS\system32\crge.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Spyware Begone] C:
\freescan\freescan.exe -FastScan
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\
Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\
GMT\GMT.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZNxdm11795US
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
ALL lines starting with O15 - Trusted Zone:
--->>> You do NOT trust ANYbody EVER <<<---
ALL lines starting with O16 - DPF:
O23 - Service: BrSplService - Unknown - C:\WINDOWS\System32\brsvc01a.exe (file missing)
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\syscw32.exe
Now hit the button 'Fix Checked'.
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.