|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
09-25-2009, 05:11 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2009
Posts: 1
OS: xp
|
I have a problem with my pc, I tried to run a search in the firefox search box (google) and it came up blank, but when I viewed source I noticed it had a "body hidden" style tag. so I ran hijack this and it went half way through then crashed. I tried to run it again and got the "windows cannot access the specified drive....." error. the only thing I could run was gmer..
please help.. pc specs are: pentium dualcore 3.4ghz 3gb ram win xp pro sp3 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [328] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\Program Files\LogMeIn\x86\LogMeIn.exe [596] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgnsx.exe [604] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1204] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1316] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1516] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1724] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1988] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [2044] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2188] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [3008] 0x35670000 Library \\?\globalroot\Device\__max++>\AA6A0578.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3272] 0x35670000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a9b99bf Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a9b99bf@00125a9c0ffd 0xC8 0xBA 0x87 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a9b99bf@00231259f36f 0x1A 0xF5 0x30 0x3D ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00125a9b99bf (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00125a9b99bf@00125a9c0ffd 0xC8 0xBA 0x87 0xF7 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00125a9b99bf@00231259f36f 0x1A 0xF5 0x30 0x3D ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR I have been trying to run hjt for the last 2 hrs, I then started reading in the forum about all this and ran win32kdiag and here is my log please help me I need to get access to my pc again.. and this thing does now allow me to feel safe. thanks Lou ---------------------------------------------------------------------- Running from: C:\Documents and Settings\LG\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\LG\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB944338-v2\KB944338-v2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB951072-v2\KB951072-v2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB956390\KB956390 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB958215\KB958215 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB960714\KB960714 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Cache\Cache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe [1] 2004-08-04 08:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe () [1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5599132effaee562760dce29f8ca8491\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 08:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished! |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-26-2009, 09:47 AM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,900
OS: WinXP and Vista
|
Re: Why cant i run hijackthis?? It keeps shutting down on me!!!
Hello lougato,
Click Start->Run, and copy-paste the following bolded text into the Run box, and click OK. "%userprofile%\desktop\win32kdiag.exe" -f -r When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents in your next reply along with the following.... Please follow our pre-posting process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. Please post them in your next reply. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. |
|
|
|
|
| Thread Tools | |
|
|
