Hijackthis problem

Hey, before I even mention my problems, I have a more pressing one. I CANT USE THE HIJACK THIS PROGRAM!! It just opens and closes in one second, can anyone tell me why hijackthis wont run?

after I get that working, Ill be able to post my log and the problems.


Thank you in advance,

Dylan Burnett.

Hello,DylanBurnett & Welcome

See if this helps at all
http://www.merijn.org/files/HijackThis.exe

HGD

Nope, opens and closes like the other one. Any suggestions?

Hi,DylanBurnett

Hmmm ok lit's try this here boot to safe mode: Instructions here

& Rename HijackThis to say wobat if it works run a scan
then show us the logfile

HGD

Here is my logfile (I put "wobat" in a folder c/hjthis because I saw you recomend that to other users)

Logfile of HijackThis v1.99.1
Scan saved at 7:53:51 PM, on 5/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Anvshell.exe
C:\WINDOWS\System32\msconfig32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\mousehs.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dwwin.exe
C:\hjthis\wobat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [Windows Compliant] okxtou.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116376566203
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1611CAB-5829-4A43-A37A-2674EF77795D}: NameServer = 206.47.244.90 206.47.244.106
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProcessEnumerator32 (pe32) - Unknown owner - C:\WINDOWS\fi49.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

Hope you can help.

and yes I ran extensive adaware and spybot scans before doing the logfile.


also, the names of the main spyware I cant get rid of are IBIS Toolbar, Hunterbar, DyfuCa Internet optimiser, and n-Case.

Thanks again.

Hi,DylanBurnett

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
WinTools

Press control-alt-delete to get into the task manager and end the follow processes if they exist:
msconfig32.exe
mousehs.exe
okxtou.exe
servic.exe
fi49.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [Windows Compliant] okxtou.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe

This one here is it your ISP????
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1611CAB-5829-4A43-A37A-2674EF77795D}: NameServer = 206.47.244.90 206.47.244.106

O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe
O23 - Service: ProcessEnumerator32 (pe32) - Unknown owner - C:\WINDOWS\fi49.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:
C:\PROGRA~1\COMMON~1\WinTools\<---This folder
C:\WINDOWS\System32\mousehs.exe<---This file
C:\WINDOWS\fi49.exe<---This file

Still in Safe Mode do a file Search for these here if found delete them
msconfig32.exe<---NOTE it's this file not this one msconfig.exe
okxtou.exe
servic.exe

Then do a reboot & do this here

Go for free online Virus scans here:

http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

& you should get this prog here right away

Download ewido security suite from here… http://www.ewido.net/en/download/

Update it’s database from here.. http://www.ewido.net/en/download/updates/
Run a scan and let it clean the PC. Post a new hijackthis log when complete.

NOTE there maybe an option with in the scanner to auto update check & see
but download the update just incase

after you do all of the above lit us know how it is & show us new logfile

HGD

k step one done, got rid of wintools, but I cant get into my task manager, its got that bug where it closes itself. is there anyway I can fix that or should I just skip that step?

Hi,DylanBurnett

Boy this one is being a Bleep Bleep try this here

* Click Start -> Run. Type in "regedit" (no quotes) and hit Enter.

* Search for HKEY_CURRENT_USER -> Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System.

* Look for: DisableTaskMgr. Click on REG_DWORD. Value: 1=Enable this key (disables TaskManager); Value: 0=Disable (actually enables TaskManager)

* Close RegEdit

* Reboot your machine.

Please note the name of the Key "Disable Task Manager" when Enabled will actually disable TaskManager. I know it's confusing, but please pay attention to the setting (the value 0 will enable it).


And as always: make a backup of your Registry before making changes to it.

see if this helps at all please if you can help it try not
to skip any steps at all lit me know

HGD

edit : I got regedit open, but in "policies" I can only find explorer and not system.

Hi,DylanBurnett

Download and run this REG fix and double-click it.

oh why me right click & save like as
then run file

HGD