Here's where it gets tedious
If you don't know what a particular program is, what it does, or where it's supposed to live on your hard drive, you'll have to do some research. Check out the list of processes that are known to be either benign or malevolent at Uniblue Systems' WinTasks Process Library.
Alternatively, you can enter the filename in a search engine and look through the results for a description of the process. Some legitimate processes get a bad rap as spyware, so it's important to corroborate any negative reports you discover.
Remove the reprobates
If the program you want to remove from your PC doesn't have an entry in Windows' Add/Remove Programs applet in Control Panel, it has probably changed your Registry to make itself difficult to find and eradicate.
Enter HijackThis, a free program designed to remove Registry entries and other settings that spyware uses to take over your PC.
Rather than removing the programs, HijackThis deletes the Registry entries that prevent you from deleting the software yourself. To familiarise yourself with how HijackThis works, read the Quick Start guide, but beware: HijackThis, if misused, can render your system unbootable. Be sure to proceed deliberately, and keep those essential backups close by.
It's a good idea to consult experts before making any changes with HijackThis.
To do so, run the program by double-clicking HijackThis.exe, and then click Do a system scan and save a logfile. HijackThis will make a record of everything it finds and - in a few seconds - will create a text-file report that you can post online or send to your expert. Volunteers who use the message boards at TomCoyote, Geeks to Go, andSpywareInfo will help you sort through the log if you post it to the Malware Removal message board on any of those sites.
If you want HijackThis to dislodge a program, fill in the checkbox next to it and click Fix Checked at the bottom of the program window to delete the appropriate Registry entries. Then manually delete the related file. Reboot your PC into Safe Mode (press F8 at the beginning of the reboot cycle, before the Windows logo appears), navigate to the unwanted file on your hard drive, right-click it, and select Delete. Easy as pie.
Rid yourself of rootkits
The nastiest spyware specimens - the worst of the worst - are rootkits. These programs hide themselves from Windows, from antispyware tools, and from utilities such as Process Explorer and Security Task Manager.
If you suspect that a rootkit has invaded your PC, you still may triumph. A free utility called IceSword can find and remove many kinds of rootkits. The only downside (for all but about 1 billion of us)? The tool's instructions are in Chinese.
Fortunately, some smart people have created an illustrated guide in English for using IceSword. If you're considering using the program, read this guide carefully before you begin. As with HijackThis, a wrong move can cause serious problems.