As tg1911 has so aptly stated, there are several pitfalls when using HijackThis for malware removal that the inexperienced and uneducated can fall into. For the more casual use that you are alluding to, it is good to have a healthy respect for it, but, IMO, you are OK to not be afraid of it. The restrictions against posting in just any forum is because you can often get bad advice that can even be harmful, and the warnings against casual use are because HJT modifies the registry. And we all know what happens when the registry is modified without the proper knowledge.
Even tho you have now enjoyed Grinler's nice tutorial, let me try to summarize in the simplest terms what HJT is all about. It has two basic functions.
1. An enumerator. When you scan with HJT, you don't make any changes to your system. It just lists areas, mostly in the registry, where any program can be started so that it runs in memory. Whether that is a file that is loaded when windows starts, or that takes some user action to initiate, such as opening your browser so that an extension runs.
2. Modifies the registry (with some few exceptions) when you select an entry and click Fix Checked. For malware, this is key to ending bad behavior because no malware (or any other file for that matter) is going to affect you if it is not started/loaded into memory. What most people know as Startups, i.e., what some manage in msconfig, are values of Run keys in the registry.
In the earlier days, before malware got to be so vicious and HJT was little heard of, HJT specialists would use it to both rid victims of hijackings and various other unwanted software, and as a startup manager. The latter is still done to some extent--and by some specialists more than others. For the most part there are way too many logs in the malware removal forum to worry about helping to speed up startup.
For several reasons, it is not a good idea to use HJT as a startup manager. Most important is that most reg entries are deleted rather than being just disabled. HJT makes backups in case of mistakes, but they are not always viable and can be lost. I have to admit I do use it to enumerate when I am trying out new software to see what startups it adds when installed, but I will rarely fix anything with it. In my opinion the best way to manage startups is to configure the program to not start if you don't want it to. Short of that there are many nice startup managers available that are designed for just this purpose. Plus many security tools include a startup manager component.
I'm fond of Mike Linn's Startup Control Panel--simple and sweet.
We would be remiss if we failed to give warnings about some startup managers as well. Autoruns
by SysInternals is very much like HijackThis--it shows little known areas where Windows allows startups to load (and Windows has a lot of them). It also allows you to delete the startups--and I don't remember seeing anywhere that it makes backups. There is a pinned topic in their forum where some people have deleted userinit and so then weren't able to boot their computer.
Startup Control Panel is less dangerous as it doesn't enumerate the Userinit/Wininit, but you still can delete startups. It does make backups tho.
It is amazing, really, how much Autoruns is like HJT. Besides the browser start page and search settings, the main difference is that HJT does have a whitelist of system files to make the list to analyze shorter--that is why I use it to enumerate when trying out new software.
Hope I've added a bit to the great help you've already received.
Edited by Papakid, 09 March 2009 - 03:13 PM.