Results 1 to 10 of 20

Thread: Unable to run Hijack This

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2009-10-30, 02:10 #1
    DictatorZero
    DictatorZero is offline
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Unhappy Unable to run Hijack This

    Ok as stated in the title I am unable to run HijackThis on my computer. I'm currently using Windows XP Service Pack 3.

    The issues I'm getting are adware popups all the time and I am unable to run any installed anti-virus or anti-spyware programs, various portable apps work, but are unable to actually do anything as they get denied access. I get a message indicating that I do not have sufficient privileges. When I tried to run HijackThis, it opened, but when I tried to get the log it just quit.

    Thanks in advance for the help.
  2. 2009-11-01, 19:59 #2
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi DictatorZero

    Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  3. 2009-11-02, 04:59 #3
    DictatorZero
    DictatorZero is offline
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Post here is the Win32diag log

    Running from: C:\Documents and Settings\Eric\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE90.tmp\ZAPE90.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6A.tmp\ZAPF6A.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF98.tmp\ZAPF98.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNi\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNS\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

    [1] 2008-04-14 07:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()
  4. 2009-11-02, 05:02 #4
    DictatorZero
    DictatorZero is offline
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Exclamation disabled my anti-virus program for this one

    Running from: C:\Documents and Settings\Eric\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE90.tmp\ZAPE90.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6A.tmp\ZAPF6A.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF98.tmp\ZAPF98.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNi\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNS\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

    [1] 2008-04-14 07:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()



    Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PIF\PIF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f6dd82521ed694\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\system32\eventlog.dll

    [1] 2008-04-14 07:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

    [2] 2008-04-14 07:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^



    Finished!
  5. 2009-11-02, 06:33 #5
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
    "%userprofile%\desktop\win32kdiag.exe" -f -r
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  6. 2009-11-02, 07:44 #6
    DictatorZero
    DictatorZero is offline
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Exclamation win32kdiag new log

    Running from: C:\Documents and Settings\Eric\desktop\win32kdiag.exe

    Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt

    Removing all found mount points.

    Attempting to reset file permissions.

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Cannot access: C:\WINDOWS\system32\eventlog.dll

    Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

    [1] 2008-04-14 07:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

    [2] 2008-04-14 07:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



    Finished!
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules