1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Why is HJT saving log as a movie?

Discussion in 'Virus & Other Malware Removal' started by Infidel_Kastro, Apr 15, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    OK, I am trying to post a HJT log here, but when I run HJT and save, it saves it as a windows movie, thus really not able tpo save it at all. Any help. I have run adaware, CWS,and AVG to check it, its not finding anything, but this is what is there: "[email protected]:C\WINDOWS\start.chm::/start.html"

    This is in the regedit.
    Thanks
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    What Windows version are you using? And when it is saved what file type extension do you see. Do you have "hide extensions for known file types" checked in Folder Options > View? Uncheck that if you do.

    If you continue to have problems, just right click on the file and rename it with a .log or a .txt extension. You should be able to open it in Notepad regardless of the file type you see.

    And what are you doing with regedit? that has nothing to do with the saved file.
     
  3. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    Hey RR, This machine is a Win98. It automatically saves it as "logfile" and doesn't give me an option to save it as anything else. Itried to do a screen print of the log and post it, but it wouldn't upload.
    any other suggestions?
     
  4. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    OK, Finally got a saved log. Here you go:Logfile of HijackThis v1.97.7
    Scan saved at 10:28:36 AM, on 4/16/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v5.00 (5.00.2314.1000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\PELMICED.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IBMMON.EXE
    C:\WINDOWS\SYSTEM\EUSEXE.EXE
    C:\CFGSAFE\AUTOCHK.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\SCANJET\PRECISIONSCANPRO\HPLAMP.EXE
    C:\WINDOWS\SYSTEM\HPSJVXD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\BRODERBUND\MAVIS BEACON TEACHES TYPING 15\MINIMAVIS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\WINDOWS\start.chm::/start.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Ibmmon.exe] Ibmmon.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [ICH Synth] eusexe.exe
    O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
    O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
    O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37902.5466550926
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You can check and "fix" these items in the Scanlog:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\WINDOWS\start.chm::/start.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,

    By the way, your "home" page can be reset simply by dragging and dropping a url on the HOME icon.

    If HijackThis is saving it as a .log file, that is what it is supposed to do. The problem is that you do not have a proper association for log files in the registry.

    Here is how to correct it: Select (highlight) a saved .log file. Then SHIFT+Right Click on it. Select "open with" from the right click menu, then scroll or browse ("other" tab if not in the scroll menu) to Notepad and select that as the application to open with. Check "always use...." and then click "OK".
     
  6. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    Thanks Rog, I have deleted those files before, and I don't know why it was coming back, not to mention what a complte and total cheap-a$$ hijack page.
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    No problem; now that you know how to use HijackThis, just be sure to include a copy/paste any time you think you have a problem.
     
  8. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    You're killing me Rog, absolutely killing me. :D
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220785

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice