Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby amateur » May 10th, 2006, 3:31 pm

Hi Carl, :)

Before we start, you need to place HijackThis in a folder of its own as I've described earlier (see the quotation box below). That's very important. HijackThis cannot function properly if you don't.
................... your HijackThis log. It needs to be put in a folder of its own for it to function properly though. So, right click on an empty space on the desktop and go to New>Folder to create a new folder. Name it HijackThis and then drag and drop the HijackThis.exe into this folder.


============================================

Make sure that Windows Defender and the Norton Script Blocking are still disabled, as posted earlier.

============================================

Now, run HijackThis. Close all windows and browsers except HijackThis.
Go to Config > Misc tools
Click on Delete a File On Reboot
Click once on the file below to select it:
C:\Program Files\WinAntiVirus Pro 2006\winav.exe
Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, click on Scan and put a check in front of the following

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)


Make sure that there is no other window/browser open, except HijackThis. Then click on "fix checked". Exit HijackThis.

============================================

  • Copy the contents of the Quote Box below to Notepad.. Must be notepad, otherwise it will not work.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAntiVirusPro2006"=-



Make sure there is no line before REGEDIT4
Make sure there is one line at the end

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

============================================

Use Windows Explorer to navigate to the following folder and delete it, if present:

C:\Program Files\WinAntiVirus Pro 2006\ <-- delete this entire folder.

============================================

Open Notepad, copy and paste the following text (in bold) into the new Notepad window.
Save it to your Desktop, as type "all files", as fixservice.bat:

    sc stop FWSvc
    sc delete FWSvc
    del fixservice.bat


Doubleclick fixservice.bat on your Desktop.
A window will pop up and close. This is normal.

============================================

Then, reboot your computer (it's important). Scan with HijackThis and post the new HiJackThis log please.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA
Advertisement
Register to Remove

Unread postby carl » May 10th, 2006, 3:39 pm

do i need to delete the old hijackthis folder in desktop, because it's telling me a file already exists?
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 3:55 pm

Your HijackThis log is showing only a file on your desktop:
C:\Documents and Settings\Carl Gibson\Desktop\HijackThis.exe

This file has to be placed in a folder. When you create a new folder, name it HijackThis, and put that file in it, it would look like this:

C:\Documents and Settings\Carl Gibson\Desktop\HijackThis\HijackThis.exe

HijackThis<=== that would be the new folder that you created. You'll drag HijackThis.exe which is a file, and drop it into the new folder.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 4:07 pm

i'm sorry you've confused me...i can see a highjackthis folder on my desktop, and i have a highjackthis.exe with all my other icons (plus a log)
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 4:10 pm

i can see a highjackthis folder on my desktop

Can you please open the folder and tell me what's inside?
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 4:12 pm

shortcut to highjackthis, and shortcut to highjackthis.exe
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 4:14 pm

and you also have a HijackThis.exe and a log on your desktop, right?
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 4:15 pm

correct
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby carl » May 10th, 2006, 4:16 pm

when i say "a log" i mean a highjackthis.log
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 4:20 pm

When HijackThis.exe is not inside a folder of its own, running from the desktop, it would place the logs you save on the desktop. That's why we would like you to have the HijackThis.exe in a folder. So, if you already have another HijackThis.exe inside the HijackThis folder, you can delete the one which is on your desktop among other icons. You can drag and drop the log into the HijackThis folder. Next time when you want to scan with HijackThis, open the folder and click on the HijackThis.exe to run it. From now on, the logs/backups will be saved inside that folder.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 4:25 pm

i've now deleted the highjackthis.exe showing in desktop and dragged the log to the folder.
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 4:28 pm

Good. :thumbright: Now, you have your HijackThis.exe in a folder of its own. :) Please continue with the rest of the instructions.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 4:31 pm

o.k., when you say Close all windows and browsers except HijackThis
do i close internet explorer?
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 4:40 pm

Yes, please. :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 4:58 pm

o.k. i don't have a working printer so i've had to use a digital camera to photograph the instructions!!!
oh well here goes...
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 278 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware