Hijack this not working

user33

banned
I believe there is something wrong with my computer. So following instructions I downloaded Malwarebytes and performed a scan. Nothing showed up. Then I downloaded HijackThis and installed it. However every time I try to run the program it says "For some reaosn your system denied write acess to hosts files. If any hijacked domains are in this file, HijackThis may NOT be able to fix this."

I really think there is something wrong with my computer now.......
 
Right click on hijackthis and run it as administrator. If the admin run-as isn't there, then press SHIFT and then right click on the hijackthis icon. It should appear then.

Remember to post the logs. Just copy and paste them into your next post.

(EDIT) And remember to relax and breathe.
 
Last edited:
This is my log for hijack this and thanks gamblingman!!!



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:06 AM, on 10/12/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5484 bytes
 
Post malwarebytes log. And is that the Hijackthis log with the program run as admin? If not, rescan with hijackthis and repost the admin scan version.

Johnb35 will probably be with you later, I'm off to work! yea
 
Last edited:
This is the malwarebyte log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7929

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/12/2011 11:08:15 AM
mbam-log-2011-10-12 (11-08-15).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 229214
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
What kind of problems are you having cause I don't see any signs of malware in your log? I'm not saying you aren't infected, we will have to scan deeper to see. But I need to know what type of issues you are having so I can tell you what to do next.
 
Everytime i reformatted my computer it would of course delete all the data. After reformatting my computer to get into my online banking site I would have to send for a vertification code since it did not recognize my computer. However, now it is no longer doing that after i reformat my computer but instantly recognizes my computer. There are also issues of lagging on my computer. I was also wondering why after formatting the computer no longer recognizes the product key for windows 7 but I've using the automatic telephone to do that. I was thinking of using dban on my hard drives. Is that a good idea?
 
Last edited:
This definately isn't a malware issue.

Most likely this last time it wasn't truly reformatted but only a repair instead. I have Chase bank and it doesn't recognize my pc after a reformat either. Are you using a recovery cd or an actual Microsoft windows 7 install cd? Always make sure you do a full format and not a quick as sometimes the quick format doesn't work very well. Make sure the existing partitions are deleted and then repartitioned after the format. Are you installing the chipset drivers first before any others?
 
I am doing the full format and deleting the partitions on both hard drives with the windows 7 cd. Chipset drivers? not sure what that is.......

But shouldn't chase bank not recognize my pc after a reformat because thats what use to happen but now its recognizing it even after a full reformat.

btw thanks johnb35 for the quick replies and help
 
I am doing the full format and deleting the partitions on both hard drives with the windows 7 cd. Chipset drivers? not sure what that is.......

But shouldn't chase bank not recognize my pc after a reformat because thats what use to happen but now its recognizing it even after a full reformat.

btw thanks johnb35 for the quick replies and help

I agree with johnb35.This is not the malware issue at all.

As for the CHIPSET DRIVER,that is a main driver for the motherboard and should ALWAYS be installed BEFORE ANY OTHER DRIVERS.

You mentioned that after the reformat,your computer would not be recognized which is logical.But the last time you reformatted you said it DID recognize it.That means that you might not fully formatted your HDD properly.
Do what johnb35 said.
When you get to the section with the partitions,delete them ALL and then install Windows OS on the UNPARTITIONED SPACE.Once you have selected the UNPARTITIONED SPACE,Windows setup will automatically create a new partition big as the entire HDD and then install Windows on it.
Also be sure to NOT use the QUICK format like johnb35 said.Use the slow one.Usually it's called "Format the partition using the NTFS file system".

After Windows OS is completely installed on the HDD,install all your drivers in the following order:

-chipset driver
-graphic/display driver
-audio/sound driver
-LAN driver
-wireless lan driver (if any)
-other drivers (if any)


OPTIONAL: You can always fully erase your entire HDD with special tools such as KILL DISK before formatting it with Windows OS disk,but you don't have to of course.I always do,but hey...that's just me :P




Cheers!
 
Can you give us either make and model of PC you have or model number of motherboard so we can get a better idea of what you have?
 
my motherboard is asus m4a79t deluxe

maybe i'm doing something wrong 'cause when i reformat i just put in windows 7 disk and select custom when installing instead of upgrade. Then i delete all the partitions and simply put windows in there. It's always worked in the past. I don't see a Format the partition using the NTFS file system

I tried formatting my computer several times and i'm still having the same issues

Oh i didn't need to install the chipset drivers 'cause it said it was already there.... weird

btw thanks stars and john for the help you guys are awesome
 
Last edited:
Back
Top