 |  |  |  |  |  |  |  |
Three infections
 |
I went to "Hijack this" and did a scan and for the life of me I can not find a button which would say "save" and would ask me to where to save. Sorry the most fundamental operation I seem to be having a problem. I read what to do and I will go back and read again.
"The Scan Button has a new Caption. Save Log." of which when I went back and read the quick start I rescanned and still did not see the above quote. I am using the 1.99 version is that correct. I will figure this out with the help of all these good people reading this. So I will be patient.
allthetime
"The Scan Button has a new Caption. Save Log." of which when I went back and read the quick start I rescanned and still did not see the above quote. I am using the 1.99 version is that correct. I will figure this out with the help of all these good people reading this. So I will be patient.
allthetime
Last edited by takethetime; Sep 18th, 2006 at 6:14 pm.
•
•
Join Date: Jul 2006
Posts: 277
Reputation: 
Solved Threads: 10
Posting Whiz in Training
When you start HJT the first time, a "new users quickstart" screen appears, the first button will be "do a system scan and save a log file". If you use this, the log file will automatically saved into the same folder where the HijackThis.exe is located and it will be loaded into notepad after the scan. However, if this screen doesn't show up (you can uncheck a checkbox to bypass this newbie screen), the "scan" -button will change to "save" after the scan, by clicking it you will prompted to save the file by a standard file selection window. Do you have the most recent (1.99.1) version?
Last edited by Xpenetrator; Sep 18th, 2006 at 6:10 pm.
"When you start HJT the first time" Now don't get upset with me but on my computer the forth word I can't make out. That's in the quote above. Are you saying that I don't use the "Hijack this" program first to scan my computer?
•
•
•
•
Originally Posted by takethetime 
I went to "Hijack this" and did a scan and for the life of me I can not find a button which would say "save" and would ask me to where to save. Sorry the most fundamental operation I seem to be having a problem. I read what to do and I will go back and read again.
"The Scan Button has a new Caption. Save Log." of which when I went back and read the quick start I rescanned and still did not see the above quote. I am using the 1.99 version is that correct. I will figure this out with the help of all these good people reading this. So I will be patient.
allthetime
allthetime
•
•
Join Date: Jul 2006
Posts: 277
Reputation:
Solved Threads: 10
Posting Whiz in Training
I've got a vague feeling that HJT doesn't work correctly on your computer. I guess you refer to the description on this site: http://www.tomcoyote.org/hjt/ (Click on the images to enlarge them on this site)
The "new users quickstart" screen looks like this: http://www.pcentraide.com/index.php?showtopic=796 (Sorry, french site but just have a look at the screenshot on that page)
So which of both screens do you see first when you start HijackThis?
The "new users quickstart" screen looks like this: http://www.pcentraide.com/index.php?showtopic=796 (Sorry, french site but just have a look at the screenshot on that page)
So which of both screens do you see first when you start HijackThis?
•
•
Join Date: Jul 2006
Posts: 277
Reputation:
Solved Threads: 10
Posting Whiz in Training
The very same button you clicked to do the scan should read "Save log" after the scan. That's what the phrase "The Scan Button has a new Caption. Save Log" means. If it doesn't, HJT is somehow messed up, maybe due to the infection. Try renaming the Hjackthis.exe to something else then (like Britney.com or Spears.com) and try it again.
Last edited by Xpenetrator; Sep 18th, 2006 at 8:50 pm. Reason: I like editing :)
•
•
•
•
Originally Posted by takethetime
you know I just give up so I am going to just leave this forum. I will just take my computer down and spend $90 to have it rformated or just have the 3 viresus taken out.
allthetime
Logfile of HijackThis v1.99.1
Scan saved at 7:18:32 PM, on 9/18/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXCGPPLS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARK 2300 SERIES\LXCGMON.EXE
C:\PROGRAM FILES\LEXMARK 2300 SERIES\EZPRINT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\RXMON.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\CM DATA SOFTWARE\CM DISKCLEANER\SCHEDULE.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\LXCGCOMS.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login...cnM%3d&.src=ym
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F1 - win.ini: run=lxcgppls.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\SYSTEM\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Schedule] C:\Program Files\CM Data Software\CM DiskCleaner\Schedule.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...9x/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/169c85fd...p/RdxIE601.cab
O21 - SSODL: rjgoitr - {CDEFEE3D-EDCB-4226-931B-90E184C11CAC} - C:\WINDOWS\SYSTEM\hehesox.dll
I hope this is better. Also , I forgot to tell all that I just had cancer prostate surgery and am recovering and I am 62 and a bit slow at times but when I get the hang of it I am fine.
•
•
Join Date: Jul 2006
Posts: 277
Reputation:
Solved Threads: 10
Posting Whiz in Training
Well done 
Can you remember the names of the three infections or do you still have the log files of the virus scan that told you of these infections? I can identify only two of them at the moment. The indication of the third one should be the last entry in the HJT log but I can't find any reference on which malware it generated.
I'm crossing my fingers for you that your recovery is taking the best possible progress. And don't worry, you'll find all friendly and patient people here and you can't imagine how slow I can be at times... I'll continue browsing through your log tomorrow. (Need a nap now..3:15am local time here)
Can you remember the names of the three infections or do you still have the log files of the virus scan that told you of these infections? I can identify only two of them at the moment. The indication of the third one should be the last entry in the HJT log but I can't find any reference on which malware it generated.•
•
•
•
I forgot to tell all that I just had cancer prostate surgery and am recovering and I am 62 and a bit slow at times but when I get the hang of it I am fine.
I'll continue browsing through your log tomorrow. (Need a nap now..3:15am local time here) Last edited by Xpenetrator; Sep 18th, 2006 at 10:18 pm.
Here are the names of infected vireses"
C:\WINDOWS\HELP\imapi.exe (may be infected by unknown virus.MPH
C:\WINDOWS\HELP\svchost.exe (may be infected by unknown virus.MPH
C:\PROGRAM FILES\secure32.html (virus found SpySheriff)
C:\WINDOWS\HELP\imapi.exe (may be infected by unknown virus.MPH
C:\WINDOWS\HELP\svchost.exe (may be infected by unknown virus.MPH
C:\PROGRAM FILES\secure32.html (virus found SpySheriff)
•
•
Join Date: Jul 2006
Posts: 277
Reputation:
Solved Threads: 10
Posting Whiz in Training
Hi takethetime,
if possible, please upload these files to http://virusscan.jotti.org for an online scan. Just go to that website, click on the "Choose" button on top of the page and navigate to the first file
C:\WINDOWS\HELP\imapi.exe
click "Submit" and wait for the result. Please post the result log here.
Same goes for
C:\WINDOWS\HELP\svchost.exe
If something doesn't work or if you have questions. don't hesitate to ask.
if possible, please upload these files to http://virusscan.jotti.org for an online scan. Just go to that website, click on the "Choose" button on top of the page and navigate to the first file
C:\WINDOWS\HELP\imapi.exe
click "Submit" and wait for the result. Please post the result log here.
Same goes for
C:\WINDOWS\HELP\svchost.exe
If something doesn't work or if you have questions. don't hesitate to ask.
|
Similar Threads
- multiple infections, please help... (Viruses, Spyware and other Nasties)
- Creating a Boot Disk for an NTFS or FAT Partition (Windows tips 'n' tweaks)
- Fixes for Specific Infections (Viruses, Spyware and other Nasties)
- neededware and yazifind infections (Viruses, Spyware and other Nasties)
- New Worm Infects Without Attachment (IT Professionals' Lounge)
- Ask The Computer Geek (Windows NT / 2000 / XP)
- gstartup.ink (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Pages won't load, HELP!!!
- Next Thread: win min and yoursearcher.com
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
