Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please HELP


  • Please log in to reply

#16
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Here is another program, in fact it is superior to hijackthis in many ways except the report is so gosh darn ugly and difficult to read, so I rarely pull it out.

http://www.sysintern.../autoruns.shtml

Similar in many ways. Download and run it, save the file as a text file, the use the ADD THIS ATTACHMENT button in reply box so I can download and take a look
  • 0

Advertisements


#17
momof2

momof2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hope I did this correctly.

Attached Files


  • 0

#18
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
You can uncheck these three
+ systray c:\windows\system\a.exe
+ Scor c:\windows\application data\aatt.exe
+ SpyKiller File not found: C:\Program Files\SpyKiller\spykiller.exe


-------------

As for this Picture thing....did you hold the shift key, right click, choose OPEN WITH, select NOTEPAD and then check the ALWAYS USE THIS APPLICATION FOR THIS TYPE OF FILE?
  • 0

#19
momof2

momof2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OK I unchecked those things.

As for the picture thing. I tried what you said again and I am still having the same problem. It keeps opening Microsoft Picture it
  • 0

#20
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Open MY COMPUTER, choose VIEW > FOLDER OPTIONS > choose the FILE TYPEs tab, scroll down to TEXT DOCUMENT< click EDIT, select OPEN, click EDIT button (different one), then type the following in the
APPLICATION TO USE PERFORMED ACTION box

C:\WINDOWS\NOTEPAD.EXE

Click OK, CLOSE, CLOSE
  • 0

#21
momof2

momof2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I really appreciate all your help. I am still having the same problem where it is trying to save to Microsoft Picture It. I have no idea why this is happening. Could it be because it is trying to save a .log file not a .txt file? I don't know I am just trying to think of everything possible that could be causing this problem.

This is very frustrating for me and I'm sure for you as well. If you know of anything else I could try I would appreciate it. Thanks again!
  • 0

#22
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts

I really appreciate all your help.  I am still having the same problem where it is trying to save to Microsoft Picture It.  I have no idea why this is happening.  Could it be because it is trying to save a .log file not a .txt file?  I don't know I am just trying to think of everything possible that could be causing this problem.

This is very frustrating for me and I'm sure for you as well.  If you know of anything else I could try I would appreciate it.  Thanks again!

View Post


blink blink....

Yes, yes, yes! It was driving me nuts and it was staring us in the face! I feel like such a knot-head.

Holding down the shift key, right click, choose open with, and select notepad for the log extension

Thank you, I can sleep now.
  • 0

#23
momof2

momof2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OK call me crazy but... How do I see the file extension. When I select Open With I get a box in that box there are selections none of which show the file extension. So I clicked other then my computer froze.
  • 0

#24
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
I just meant hold down the shift key while right clicking the hijackthis.log file, then choose NOTEPAD, and select ALWAYS USE THIS PROGRAM FOR THIS TYPE OF FILE box.

If you no longer have the hijackthis.log file, create one and then do it.

Right click desktop > NEW > TEXT DOCUMENT, then name it hijack.log
  • 0

#25
momof2

momof2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OK I have to be doing something wrong. I open HJT and do a scan. When everything comes up I try to HOLD SHIFT and RIGHT CLICK nothing happens.

So then I tried to HOLD SHIFT and RT CLICK on the HJT ICON I have on my desktop then I click open with select notepad and it tells me the file is too large so I want to use wordpad. But I do not have the option of checking always use this program.
  • 0

Advertisements


#26
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Yes, you are,

Tell you what, let's simplify

Download the attached file to your desktop by right clicking it and choosing save as

Now, hold down the shift key and right click that file, then choose OPEN WITH, then choose NOTEPAD and check the box regaurding always use this program for opening this kind of file



between the two of us, we should start a sitcom :tazz:
  • 0

#27
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
hmm, did not attach

Attached Files


Edited by gerryf, 15 April 2005 - 10:41 AM.

  • 0

#28
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
OK, would not attach as log...open the zip file with whatever zip program you have (winzip, etc), extract that file do your desktop and do as I noted above
  • 0

#29
momof2

momof2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
;) wooo hooo I think I got it! Thanks so much for not giving up on me! A sit come for sure.... :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 10:07:59 AM, on 3/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\defrag\buzzsaw2002\Buzzsaw.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\POPFile\popfileib.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Allaire\HomeSite 4.5\homesite45.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gerry\Desktop\misc desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.mailaka.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.mailaka.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Startup: Shortcut to Buzzsaw.lnk = C:\defrag\buzzsaw2002\Buzzsaw.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108155113796
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 4dtrucking.local
O17 - HKLM\Software\..\Telephony: DomainName = 4dtrucking.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = 4dtrucking.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = 4dtrucking.local
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
  • 0

#30
momof2

momof2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I meant "sitcom"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP