Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

fliphkd778

1 Message

442

August 21st, 2011 20:00

code 80073EFE and Hijack Log

I cannot seem to install the Windows 7 SP1 download the Microsoft Malicious Software Tool. Pasted is the HiJack this log and a MBAM log follows. I tried running the Kaspersky TDSSKiller rootkit tool; it was unable to detect anything. 

Help?

 

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:34:46 PM, on 8/21/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v8.00 (8.00.7601.17514)Boot mode: Normal
Running processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\OEM02Mon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Users\Reid Shaeffer\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Reid Shaeffer\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Windows\system32\conhost.exeC:\Users\Reid Shaeffer\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Reid Shaeffer\Downloads\msert.exeC:\Users\Reid Shaeffer\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Reid Shaeffer\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLLO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\niupdate.exeO4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [Google Update] "C:\Users\Reid Shaeffer\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - Global Startup: Gatorlink VPN Client.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dllO16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CABO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exeO23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exeO23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exeO23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exeO23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exeO23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\Windows\system32\nipalsm.exeO23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exeO23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exeO23 - Service: NI PXI Resource Manager Service (nipxirmu) - National Instruments Corporation - C:\Windows\system32\nipxism.exeO23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exeO23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exeO23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exeO23 - Service: Remote Solver for Flow Simulation 2010 - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--End of file - 10298 bytes

 

 

 

Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.org
Database version: 7529
Windows 6.1.7601 Service Pack 1Internet Explorer 8.0.7601.17514
8/21/2011 8:51:34 PMmbam-log-2011-08-21 (20-51-34).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)Objects scanned: 408247Time elapsed: 2 hour(s), 12 minute(s), 10 second(s)
Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:(No malicious items detected)
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:(No malicious items detected)

No Responses!

Was this post helpful?

View All

No Events found!

Top