Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help, malware problem again [Solved]


  • This topic is locked This topic is locked

#16
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
hi.
what if combofix asks to be updated? As you know, I don't have internet access at the moment...........

thank you
  • 0

Advertisements


#17
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
If after Step 1 (The OTL Fix) you still do not have internet in normal mode, please check and see if you can boot into Safe Mode with Networking to access the internet. If needed here are instructions for accessing Safe Mode with Networking. If you are unable to connect to the internet either way, do you have a USB drive that can be used to transfer the programs over after protecting the USB from infection (I'll post those instructions later if necessary)?
  • 0

#18
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok,. after step one I still don't have internet in normal or safe mode. I did ran otlfix and aswmbr, the logs are below. on aswmbr before running it, it asked if I wanted to install avast free antivirus. I clicked no and went ahead with the scan. I did not ran combofix because of my internet problem. shoujd I have run it, anyway? all along I've been doing the file transfer using the usb drive. I use my dad's laptop d/load the programs into a usb stick than transfer and copy to my pc's destop. is that what you meant? ok, here are the first two logs...........


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\RIGO\Desktop\cmd.bat deleted successfully.
C:\Users\RIGO\Desktop\cmd.txt deleted successfully.
< netsh int ip reset /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
C:\Users\RIGO\Desktop\cmd.bat deleted successfully.
C:\Users\RIGO\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RIGO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2483728 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41102 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08192013_123248

Files\Folders moved on Reboot...
C:\Users\RIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-19 12:41:15
-----------------------------
12:41:15.590 OS Version: Windows x64 6.1.7601 Service Pack 1
12:41:15.591 Number of processors: 2 586 0x1706
12:41:15.591 ComputerName: PC UserName:
12:41:16.623 Initialize success
12:42:10.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:42:10.261 Disk 0 Vendor: ST3320613AS DE13 Size: 305245MB BusType: 3
12:42:10.422 Disk 0 MBR read successfully
12:42:10.425 Disk 0 MBR scan
12:42:10.428 Disk 0 Windows 7 default MBR code
12:42:10.431 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:42:10.441 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:42:10.455 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
12:42:10.505 Disk 0 scanning C:\Windows\system32\drivers
12:42:18.360 Service scanning
12:42:35.738 Modules scanning
12:42:35.747 Disk 0 trace - called modules:
12:42:35.754
12:42:35.758 Scan finished successfully
12:43:03.221 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
12:43:03.247 The log file has been saved successfully to "J:\aswMBR.txt"
  • 0

#19
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Please go ahead and run ComboFix, just make sure to download a new copy of ComboFix with the link I provided you, then transfer it over and run the scan with it rather than an outdated version.
  • 0

#20
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, here's the combofix log...........



ComboFix 13-08-19.02 - RIGO 08/20/2013 12:39:05.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2815 [GMT -5:00]
Running from: J:\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))))
.
.
2013-08-20 17:47 . 2013-08-20 17:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-20 17:47 . 2013-08-20 17:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-20 17:47 . 2013-08-20 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-20 17:47 . 2013-08-20 17:47 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-08-18 01:54 . 2013-08-18 01:54 -------- d-----w- C:\_OTL
2013-08-18 01:42 . 2013-08-18 01:42 -------- d-----w- c:\windows\ERUNT
2013-08-18 01:36 . 2013-08-18 01:36 -------- d-----w- c:\programdata\AVG Secure Search
2013-08-18 01:29 . 2013-08-18 01:29 163 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-11 19:54 . 2013-08-11 19:54 -------- d-----w- c:\users\RIGO\AppData\Roaming\GRETECH
2013-08-11 18:20 . 2013-08-12 03:53 -------- d-----w- c:\users\RIGO\AppData\Roaming\Media Player Classic
2013-08-11 18:04 . 2013-07-02 08:34 9460976 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4C1605F-76FD-48A4-9EE1-4022C8900102}\mpengine.dll
2013-08-11 03:09 . 2013-08-11 03:18 -------- d-----w- c:\users\RIGO\AppData\Local\Daum
2013-08-11 01:47 . 2013-08-11 01:47 -------- d-----w- c:\users\RIGO\AppData\Roaming\OpenOffice
2013-08-10 23:51 . 2013-08-10 23:51 -------- d-----w- c:\users\RIGO\AppData\Local\Freemake Music Box
2013-08-10 23:49 . 2013-08-10 23:50 -------- d-----w- c:\programdata\Freemake
2013-08-10 23:49 . 2013-08-10 23:50 -------- d-----w- c:\program files (x86)\Freemake
2013-08-10 23:39 . 2013-08-10 23:43 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-08-10 22:51 . 2013-08-10 22:51 -------- d-----w- c:\program files (x86)\OpenOffice 4
2013-08-10 21:45 . 2013-08-10 21:45 -------- d-----w- c:\program files (x86)\Hanso Recorder
2013-08-10 01:03 . 2013-08-10 01:03 -------- d-----w- c:\programdata\spotflux
2013-08-09 19:42 . 2013-08-10 22:23 -------- d-----w- c:\program files (x86)\Sanwhole
2013-08-07 03:18 . 2013-08-07 03:18 49240 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2013-08-07 03:18 . 2013-08-07 03:18 -------- dc-h--w- c:\programdata\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}
2013-08-07 03:17 . 2013-08-07 03:17 -------- d-----w- c:\program files (x86)\AntiLogger
2013-08-05 21:39 . 2013-08-05 21:39 -------- d-----w- c:\users\RIGO\AppData\Roaming\GetGo Software
2013-08-05 21:38 . 2013-08-17 19:31 -------- d-----w- c:\program files (x86)\GetGo Software
2013-08-02 03:22 . 2013-08-02 03:22 -------- d-----w- c:\users\RIGO\AppData\Roaming\wurst
2013-07-31 23:10 . 2013-07-31 23:10 -------- d-----w- c:\users\RIGO\.swt
2013-07-31 23:08 . 2013-08-10 01:02 -------- d-----w- c:\program files (x86)\Spotflux
2013-07-31 23:03 . 2013-08-10 02:02 -------- d-----w- c:\users\RIGO\AppData\Roaming\.spotflux
2013-07-31 00:59 . 2013-07-31 00:59 -------- d-----w- c:\users\RIGO\AppData\Local\emaze
2013-07-30 19:39 . 2013-07-31 18:12 -------- d-----w- c:\programdata\iQNotes
2013-07-23 18:16 . 2013-07-23 18:16 -------- d-----w- c:\users\RIGO\AppData\Roaming\Awesomium
2013-07-23 18:11 . 2013-07-23 18:11 -------- d-----w- c:\program files\Badosoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-10 18:35 . 2012-04-16 16:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-10 18:35 . 2011-06-14 22:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-31 19:29 . 2012-06-30 23:48 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-31 19:29 . 2010-04-23 00:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-12 05:23 . 2010-03-17 20:51 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 02:50 . 2013-06-19 02:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 23:43 . 2013-07-11 05:20 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-11 05:20 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-11 05:20 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-11 05:20 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-11 05:20 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-11 05:20 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-11 05:20 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-11 05:20 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-11 05:20 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-11 05:20 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-11 05:20 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-11 05:20 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-11 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-11 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-11 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-11 05:20 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-11 05:20 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-11 05:20 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 21:45 . 2013-06-11 21:45 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-07 03:22 . 2013-07-11 05:20 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-11 05:20 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 23:29 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 23:29 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 23:29 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-30 18:50 . 2013-02-08 01:23 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2013-05-28 23:12 . 2013-05-28 23:12 39104 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2012-12-10 03:47 . 2012-12-09 01:16 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-12 . 884691F819503DD2191A2641CC827A52 . 19482112 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_7a3b4f88ac52fcc5\mshtml.dll
[-] 2013-06-11 . 9586EC4E1CC39CCBA26A5E7DFE774C9E . 19238912 . . [10.00.9200.16635] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9112816e92a4b4ab\mshtml.dll
[7] 2013-06-08 . 5C41AF3F4B83340D2783CE8FDE30566A . 19233792 . . [10.00.9200.16618] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_91103c8292a6cee0\mshtml.dll
[7] 2013-06-08 . D8FEA3117BEA18064DA7F0668FA94F38 . 19479552 . . [10.00.9200.20723] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20723_none_7a39382cac54e3b8\mshtml.dll
[7] 2013-05-17 . DBB793D8B7ED6747F121D5831E749B6A . 19480576 . . [10.00.9200.20719] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20719_none_7a37af32ac566427\mshtml.dll
[7] 2013-05-17 . 945C49FA10B96570DFE37CFB145A1D10 . 19233792 . . [10.00.9200.16614] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_911097a292a6685c\mshtml.dll
[7] 2013-04-13 . 394ECD933CD66BADF97EA85A183B9E1E . 19230208 . . [10.00.9200.16540] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_911ec38c929b31ec\mshtml.dll
[7] 2013-04-05 . C56EF4C50A1FEED0CC9B7AE068CBBBBB . 19231232 . . [10.00.9200.16576] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_91213bba929917b7\mshtml.dll
[7] 2013-04-05 . 6D81646922700482A82F253E73989CE4 . 19476480 . . [10.00.9200.20681] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20681_none_7a4a3764ac472c8f\mshtml.dll
[7] 2013-03-04 . 23FF9EA25842DB24427A7993CC192D8F . 9382400 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21484_none_8a7ad133cbfb1a54\mshtml.dll
[7] 2013-03-02 . 7C91A589EC32A0D183D9BDA19D45274F . 9059328 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18106_none_8c301162afc1399c\mshtml.dll
[7] 2013-03-02 . 633B37E7AB84DF5E0A95173A9C33938F . 9377280 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17267_none_8a09d338b2ca9186\mshtml.dll
[7] 2013-03-02 . 01A3EE0DB86FD44D7E0BFC7269F18405 . 9061888 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22272_none_8c69fd91c91b37a1\mshtml.dll
[-] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16448] .. c:\windows\erdnt\cache64\mshtml.dll
[7] 2011-01-07 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll
[7] 2011-01-07 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll
[7] 2010-12-18 . B26512F06AC6E6841F9092DA5CD07B15 . 9302528 . . [8.00.7600.16722] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_8a3031bcb2ae7b31\mshtml.dll
[7] 2010-12-18 . B9C8DB637F63838B977AD44190677F43 . 9306624 . . [8.00.7600.20861] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_8a8d8e8dcbed7168\mshtml.dll
[7] 2010-11-20 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[7] 2010-11-04 . 1F5BE643D0C7949CA8A387598B225754 . 9303040 . . [8.00.7600.20831] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_8aadfe51cbd51d95\mshtml.dll
[7] 2010-11-04 . 30C4D25A902F264E52F7F3A1EEF8576A . 9306624 . . [8.00.7600.16700] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_8a43d100b2a010a1\mshtml.dll
[7] 2010-09-08 . BA91EF2891B44E03FA71A8F608E6FB0D . 9296384 . . [8.00.7600.16671] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_89f91ff0b2d7f068\mshtml.dll
[7] 2010-09-08 . 87F2577E0240B62D6934D1076358A96A . 9298944 . . [8.00.7600.20795] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_8a711e0bcc022d70\mshtml.dll
[7] 2010-06-30 . E16D240876BAD97B05DCAD346AC734F6 . 9295360 . . [8.00.7600.20745] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_8aa72da7cbd9a1bb\mshtml.dll
[7] 2010-06-30 . 74DA18BB61FE98FC002866F032329265 . 9298432 . . [8.00.7600.16625] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_8a3330b4b2abca0f\mshtml.dll
[7] 2010-05-06 . A9A3272AF5BB3B73E93A268FEB8A9367 . 9290240 . . [8.00.7600.16588] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_89f55024b2d9c093\mshtml.dll
[7] 2010-05-06 . 77942703FC36E71B86C3585CC32CBFEB . 9295872 . . [8.00.7600.20708] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_8ad56e35cbb67dfc\mshtml.dll
[7] 2010-02-23 . 282F2FEB95A6B3985CB30BA236594E7E . 9283072 . . [8.00.7600.16535] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_8a285ee2b2b3e8d9\mshtml.dll
[7] 2010-02-23 . E0A6A14D57662EA1B8FB379BCB679561 . 9289216 . . [8.00.7600.20651] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_8a985aadcbe55b29\mshtml.dll
[7] 2009-12-19 . 4C8FC7269F660374F398F75B240EF446 . 9280512 . . [8.00.7600.20600] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_8acd69ffcbbdb61d\mshtml.dll
[7] 2009-12-19 . F172328C926FF41AA3CC81EB37F7E0AE . 9276928 . . [8.00.7600.16490] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_89e27c02b2e914a5\mshtml.dll
[7] 2009-11-19 . AADEEDB38F70638FD2B7A86EDD837D19 . 9273856 . . [8.00.7600.20579] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_8a8abb3fcbee609c\mshtml.dll
[7] 2009-11-19 . E5DED66EFC742ADE04819551AF3652B1 . 9273344 . . [8.00.7600.16466] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_8a08ed82b2cb58dc\mshtml.dll
[7] 2009-10-19 . 8C23278E750FEC81AFBC6FC41BA20FB4 . 9272832 . . [8.00.7600.20553] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_8a9a595bcbe390b0\mshtml.dll
[7] 2009-10-19 . AD58895EC8B72839F122FAB9597F059B . 9272320 . . [8.00.7600.16444] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_8a1c8cc6b2bcee4c\mshtml.dll
[7] 2009-09-05 . D3514BFD4746921F967FA72664937658 . 9272832 . . [8.00.7600.20521] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20521_none_8ab8c88bcbcd0a2f\mshtml.dll
[7] 2009-09-05 . 3ACDE094881B54C688FB4CA3868B9705 . 9272320 . . [8.00.7600.16419] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16419_none_8a41fdfcb2a0192c\mshtml.dll
[7] 2009-07-14 . 12C3F25EA578DAA752024E1918D59313 . 9271296 . . [8.00.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_89f24b7ab2dc7a40\mshtml.dll
[-] 2013-06-11 . 9586EC4E1CC39CCBA26A5E7DFE774C9E . 19238912 . . [10.00.9200.16521] .. c:\windows\system32\mshtml.dll
.
[-] 2013-06-12 . 09BF0D9701F9D846BBC5ABED003851CB . 2248704 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_68e1306a2bfc938f\wininet.dll
[-] 2013-06-11 . FAF6EC2460AD5FBBD38D8E1AE28B0D77 . 2241024 . . [10.00.9200.16635] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_7fb86250124e4b75\wininet.dll
[7] 2013-05-17 . 7E43B93C0E9C138AC1008F646B06E919 . 2248704 . . [10.00.9200.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_68dd90142bfffaf1\wininet.dll
[7] 2013-05-17 . 12716D987D475B051F35895659159705 . 2241024 . . [10.00.9200.16611] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_7fb67884124fff26\wininet.dll
[7] 2013-04-13 . 753C0848AE7872A3F59663078A517293 . 2240512 . . [10.00.9200.16540] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_7fc4a46e1244c8b6\wininet.dll
[7] 2013-04-05 . 27A9000C534AA9BADC9EE74940F50C6D . 2242048 . . [10.00.9200.16576] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_7fc71c9c1242ae81\wininet.dll
[7] 2013-04-05 . 61962C7A2D6E32827F089E6F0A03E533 . 2247168 . . [10.00.9200.20681] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_68f018462bf0c359\wininet.dll
[7] 2013-03-04 . 3BD77CF56FF4B03BA390379F67259258 . 1198080 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21484_none_7920b2154ba4b11e\wininet.dll
[7] 2013-03-02 . 9E7687984107C81B859200C9BD570AFF . 1188864 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18106_none_7ad5f2442f6ad066\wininet.dll
[7] 2013-03-02 . 8523338F749AC8C5300C125BC4B08275 . 1198080 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17267_none_78afb41a32742850\wininet.dll
[7] 2013-03-02 . 6E8A768CEA17C6542E3031812745AC3F . 1189888 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22272_none_7b0fde7348c4ce6b\wininet.dll
[-] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16448] .. c:\windows\erdnt\cache64\wininet.dll
[7] 2010-12-21 . E71DB117DBDA6B33646F37936C17D226 . 1197056 . . [8.00.7600.16723] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_78d712e832572b52\wininet.dll
[7] 2010-12-21 . 1D3466E7E9D63F8B2B84A8AD5E833C29 . 1198080 . . [8.00.7600.20862] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_79346fb94b962189\wininet.dll
[7] 2010-12-18 . 8178D4C37F236BF810B2178415FE4949 . 1197056 . . [8.00.7600.16722] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_78d6129e325811fb\wininet.dll
[7] 2010-12-18 . 7EC667385C0D726C9D91D966886B7CFD . 1198080 . . [8.00.7600.20861] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_79336f6f4b970832\wininet.dll
[7] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2010-11-04 . 480E62DF24AD9019824344612CD7CF16 . 1197056 . . [8.00.7600.20831] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_7953df334b7eb45f\wininet.dll
[7] 2010-11-04 . E521F850ADDCEBDBF755819FA608D1FF . 1194496 . . [8.00.7600.16700] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_78e9b1e23249a76b\wininet.dll
[7] 2010-09-08 . 09E42C1CE2199E0442E3531A599983A8 . 1192960 . . [8.00.7600.16671] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_789f00d232818732\wininet.dll
[7] 2010-09-08 . 25B069DDF6206EF3C968179F98D351C7 . 1196032 . . [8.00.7600.20795] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_7916feed4babc43a\wininet.dll
[7] 2010-06-30 . DBC6EC40DDEDF875C0576CF2C0CAF9C3 . 1196544 . . [8.00.7600.20745] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_794d0e894b833885\wininet.dll
[7] 2010-06-30 . 3DEB428ACD3D4DECD1619C24E4628DD2 . 1192960 . . [8.00.7600.16625] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_78d91196325560d9\wininet.dll
[7] 2010-05-21 . 40643F8400F5C05770EE8F1373BBE3EA . 1196032 . . [8.00.7600.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_796e7e974b69fe09\wininet.dll
[7] 2010-05-21 . CE40A889CB71A292E2947DBC630F47DF . 1192960 . . [8.00.7600.16596] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_788e6086328d40a0\wininet.dll
[7] 2010-02-23 . 096698014315B32C84A7AFD4EA61FB6F . 1192960 . . [8.00.7600.16535] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_78ce3fc4325d7fa3\wininet.dll
[7] 2010-02-23 . DD9CA58E7DB6E64BAD127C7AD6FE1D08 . 1196032 . . [8.00.7600.20651] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_793e3b8f4b8ef1f3\wininet.dll
[7] 2009-12-19 . 46C47A10DB10E3055ADE41C4EB4FF7CA . 1192960 . . [8.00.7600.20600] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_79734ae14b674ce7\wininet.dll
[7] 2009-12-19 . 9C0E12FB8BD14397EC9CCA99EC0ED5A3 . 1192960 . . [8.00.7600.16490] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_78885ce43292ab6f\wininet.dll
[7] 2009-07-14 . B1037F0131C9A010D611F6914E03CD92 . 1193472 . . [8.00.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll
[-] 2013-06-11 . FAF6EC2460AD5FBBD38D8E1AE28B0D77 . 2241024 . . [10.00.9200.16521] .. c:\windows\system32\wininet.dll
.
[-] 2013-06-12 . E6CC3F7EAA761794E13E0F99393EEB97 . 14358528 . . [10.00.9200.20742] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_848ff9dae0b3bec0\mshtml.dll
[-] 2013-06-11 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16521] .. c:\windows\SysWOW64\mshtml.dll
[-] 2013-06-11 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16635] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9b672bc0c70576a6\mshtml.dll
[7] 2013-06-08 . 2C01EA6CBF9E7C6A96535BEA1AB35580 . 14355456 . . [10.00.9200.20723] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20723_none_848de27ee0b5a5b3\mshtml.dll
[7] 2013-06-08 . 05920BD009621D06722A1CD339DA6481 . 14327808 . . [10.00.9200.16618] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_9b64e6d4c70790db\mshtml.dll
[7] 2013-05-17 . D77D1A53C38DF6CE26749D77BED6A527 . 14355968 . . [10.00.9200.20719] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20719_none_848c5984e0b72622\mshtml.dll
[7] 2013-05-17 . 69A03AB053CAD761E51BAE1B01F95F55 . 14327808 . . [10.00.9200.16614] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_9b6541f4c7072a57\mshtml.dll
[7] 2013-04-13 . D017BF8D92938EEB9B3A1D1C53FDA152 . 14323200 . . [10.00.9200.16540] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_9b736ddec6fbf3e7\mshtml.dll
[7] 2013-04-05 . 7A468BC721C1D34E60389D3F2F87BBEA . 14323712 . . [10.00.9200.16576] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_9b75e60cc6f9d9b2\mshtml.dll
[7] 2013-04-05 . 92D1C395680C2878F9778C1649C00CB0 . 14353408 . . [10.00.9200.20681] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20681_none_849ee1b6e0a7ee8a\mshtml.dll
[7] 2013-03-04 . BFA23AFB5E625CE3F1AE5226ADE13831 . 6034944 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21484_none_94cf7b86005bdc4f\mshtml.dll
[7] 2013-03-02 . 5ABB67F8CA088F32F8BF1A81F1C82EA9 . 6032384 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17267_none_945e7d8ae72b5381\mshtml.dll
[7] 2013-03-02 . E3828BFBF2605ABF13BAB26F6C89CF2B . 6032384 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18106_none_9684bbb4e421fb97\mshtml.dll
[7] 2013-03-02 . 6A54A85FA37E01066346884680965FEE . 6033408 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22272_none_96bea7e3fd7bf99c\mshtml.dll
[-] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16448] .. c:\windows\erdnt\cache86\mshtml.dll
[7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_96656a9ae43943bc\mshtml.dll
[7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_96ee071bfd57ca2f\mshtml.dll
[7] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16722] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_9484dc0ee70f3d2c\mshtml.dll
[7] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.20861] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_94e238e0004e3363\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
[7] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.20831] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_9502a8a40035df90\mshtml.dll
[7] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16700] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_94987b52e700d29c\mshtml.dll
[7] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.20795] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_94c5c85e0062ef6b\mshtml.dll
[7] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16671] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_944dca42e738b263\mshtml.dll
[7] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16625] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_9487db06e70c8c0a\mshtml.dll
[7] 2010-06-30 . 25C1646ADC24C371B594544C3D530967 . 5972992 . . [8.00.7600.20745] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_94fbd7fa003a63b6\mshtml.dll
[7] 2010-05-06 . 1186C9E0759E0AC7CC6C9A0F66D003ED . 5972992 . . [8.00.7600.20708] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_952a188800173ff7\mshtml.dll
[7] 2010-05-06 . C5A57D9A8C055643BBB2E65D5E181D52 . 5970944 . . [8.00.7600.16588] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_9449fa76e73a828e\mshtml.dll
[7] 2010-02-23 . 49E3588AFD08BE40A9775BF3FB9D43F1 . 5964800 . . [8.00.7600.16535] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_947d0934e714aad4\mshtml.dll
[7] 2010-02-23 . DA9D73D95D2B74742D4936739B1D9669 . 5966336 . . [8.00.7600.20651] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_94ed050000461d24\mshtml.dll
[7] 2009-12-19 . 96990605689B601287D4A83DD2B05F0B . 5962240 . . [8.00.7600.20600] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_95221452001e7818\mshtml.dll
[7] 2009-12-19 . 6EE36579E69E37D2AB2926A40B16DBB3 . 5961728 . . [8.00.7600.16490] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_94372654e749d6a0\mshtml.dll
[7] 2009-11-19 . F8F43D14BA21CF92D16B3A16A958778B . 5958656 . . [8.00.7600.16466] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_945d97d4e72c1ad7\mshtml.dll
[7] 2009-11-19 . 31F80311F487ABA186A10E551B212573 . 5959168 . . [8.00.7600.20579] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_94df6592004f2297\mshtml.dll
[7] 2009-10-19 . 5F0851C767DE71C261283D423650FAC9 . 5958656 . . [8.00.7600.16444] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_94713718e71db047\mshtml.dll
[7] 2009-10-19 . FE1B4F611CFF0B442CEC979BE1CDDF77 . 5958656 . . [8.00.7600.20553] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_94ef03ae004452ab\mshtml.dll
[7] 2009-09-05 . 56F5053760581989A9BC7A47E916F661 . 5958656 . . [8.00.7600.16419] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16419_none_9496a84ee700db27\mshtml.dll
[7] 2009-09-05 . A89E3948B2EFC55F642FE1FE2CDA2D9E . 5958656 . . [8.00.7600.20521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20521_none_950d72de002dcc2a\mshtml.dll
[7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_9446f5cce73d3c3b\mshtml.dll
.
[-] 2013-06-12 . 24AE444B165D11835EF3D38CF3CC7FA4 . 1777664 . . [10.00.9200.20742] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_0cc294e6739f2259\wininet.dll
[-] 2013-06-11 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16521] .. c:\windows\SysWOW64\wininet.dll
[-] 2013-06-11 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16635] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_2399c6cc59f0da3f\wininet.dll
[7] 2013-05-17 . 425A20F1C6855222944BFD4FA9BE61A5 . 1777664 . . [10.00.9200.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_0cbef49073a289bb\wininet.dll
[7] 2013-05-17 . 2473CA6595A2659D7039A4A89FECA269 . 1767936 . . [10.00.9200.16611] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_2397dd0059f28df0\wininet.dll
[7] 2013-04-13 . CFE0CEE587F9CEA4C29DEEC6D85FC91C . 1766912 . . [10.00.9200.16540] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_23a608ea59e75780\wininet.dll
[7] 2013-04-05 . 5ABB3F36AF17007F33FA275E96A2C95E . 1767424 . . [10.00.9200.16576] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_23a8811859e53d4b\wininet.dll
[7] 2013-04-05 . 1D48B7F4618EE77430ACECCA1BCA88E1 . 1775616 . . [10.00.9200.20681] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223\wininet.dll
[7] 2013-03-04 . 109DD2D8F7A7A013C1A93CBA3138E532 . 982528 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21484_none_1d02169193473fe8\wininet.dll
[7] 2013-03-02 . 6A02CB2EDC24630845D11B507952141A . 981504 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17267_none_1c9118967a16b71a\wininet.dll
[7] 2013-03-02 . C3D43E21FA49657BC1645E9D745656C6 . 981504 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18106_none_1eb756c0770d5f30\wininet.dll
[7] 2013-03-02 . 073488F3805ADC63DFFDDC6247DD9F4E . 982016 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22272_none_1ef142ef90675d35\wininet.dll
[-] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16448] .. c:\windows\erdnt\cache86\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
[7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
[7] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
[7] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
[7] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
[7] 2010-06-30 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
[7] 2010-05-21 . ABE73A2F762A74B6AD2C9BE636915595 . 977920 . . [8.00.7600.16596] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll
[7] 2010-05-21 . 5FF3118C688D43ED77DEADC6F4895EF9 . 980480 . . [8.00.7600.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll
[7] 2010-02-23 . 99A6F1253A886C4A9C1F8E1822B10A80 . 977920 . . [8.00.7600.16535] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
[7] 2010-02-23 . 0962CB2A9E6B4363C74249A4A5CCDBBF . 980480 . . [8.00.7600.20651] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
[7] 2009-12-19 . 23587164011EC849E58E229ABC49E239 . 977920 . . [8.00.7600.20600] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll
[7] 2009-12-19 . F1C359CE656BD76F90E0E6C4BC04A4BE . 977920 . . [8.00.7600.16490] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AC02E217-6E13-4F14-9BAC-D7BA27C1E912}]
2013-06-19 21:53 1359672 ----a-w- c:\progra~2\STICKY~1\spIEBho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{AC02E217-6E13-4F14-9BAC-D7BA27C1E912}"= "c:\progra~2\STICKY~1\spIEBho.dll" [2013-06-19 1359672]
.
[HKEY_CLASSES_ROOT\clsid\{ac02e217-6e13-4f14-9bac-d7ba27c1e912}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-11-09 366576]
"StickyPassword"="c:\program files (x86)\Sticky Password\stpass.exe" [2013-06-19 8136504]
"xwidget"="c:\program files (x86)\XWidget\xwidget.exe" [2013-04-16 1799680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Sticker"="c:\program files (x86)\Sticker\Sticker.exe" [2010-10-04 139264]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2013-07-22 17289640]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Uninstall LastPass RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid [email protected] [2012-12-8 14794312]
.
c:\users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-2-18 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files (x86)\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 bojkdyjh;bojkdyjh; [x]
R1 fqpzyetf;fqpzyetf; [x]
R1 hmcndveu;hmcndveu; [x]
R1 qigxwray;qigxwray; [x]
R1 qxhpkosk;qxhpkosk; [x]
R1 scfhhajv;scfhhajv; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RoxLiveShare10;LiveShare P2P Server 10; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 STGMFEngine64;Steganos RAM Disk Engine 64 Bit [Driver];c:\windows\system32\drivers\STGMFEngine64.sys;c:\windows\SYSNATIVE\drivers\STGMFEngine64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe;c:\windows\SYSNATIVE\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 SpotfluxUpdateService;Spotflux Update Service;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe [x]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler64.exe;c:\windows\SYSNATIVE\STGRAMDiskHandler64.exe [x]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant =
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-23 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-06-23 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-04 15:27; {E4091D66-127C-11DB-903A-DE80D2EFDFE8}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF - ExtSQL: 2013-07-04 17:38; {E10A6337-382E-4FE6-96DE-936ADC34DD04}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
FF - ExtSQL: 2013-07-04 21:45; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-04 22:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-13 14:34; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-25 22:04; {5B52016C-D097-4aec-BE61-9F129D8FDDBA}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
FF - ExtSQL: 2013-07-27 22:09; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-04 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-05 16:39; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-07 20:01; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-08-07 20:01; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-08-07 20:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-07 20:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-09 13:46; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-12-08 21:41; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\3d559b07-551d-406d-a932-1b54bc57da14]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"16vokl5vmx5vz"=hex:34,36,63,34,30,63,64,62,2d,34,63,31,62,2d,34,61,39,33,2d,
38,30,63,64,2d,62,61,64,39,31,37,33,65,65,34,32,63
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2013-08-20 13:07:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-20 18:07
ComboFix2.txt 2013-08-13 00:45
.
Pre-Run: 192,413,847,552 bytes free
Post-Run: 192,212,144,128 bytes free
.
- - End Of File - - 1F124A43813932AF383E81203F2FA82F
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#21
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
There still some more malware to remove and we will further investigate the internet connection issue.

Step 1 - ComboFix Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Driver::

bojkdyjh
fqpzyetf
hmcndveu
qigxwray
qxhpkosk
scfhhajv

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2 - Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
  • ComboFix Log
  • Farbar Service Scanner Log (FSS.txt)

  • 0

#22
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, here are the logs.............


ComboFix 13-08-20.01 - RIGO 08/21/2013 12:10:10.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2769 [GMT -5:00]
Running from: J:\ComboFix.exe
Command switches used :: c:\users\RIGO\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bojkdyjh
-------\Service_fqpzyetf
-------\Service_hmcndveu
-------\Service_qigxwray
-------\Service_qxhpkosk
-------\Service_scfhhajv
.
.
((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 )))))))))))))))))))))))))))))))
.
.
2013-08-21 17:18 . 2013-08-21 17:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-21 17:18 . 2013-08-21 17:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-21 17:18 . 2013-08-21 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-21 17:18 . 2013-08-21 17:18 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-08-18 01:54 . 2013-08-18 01:54 -------- d-----w- C:\_OTL
2013-08-18 01:42 . 2013-08-18 01:42 -------- d-----w- c:\windows\ERUNT
2013-08-18 01:36 . 2013-08-18 01:36 -------- d-----w- c:\programdata\AVG Secure Search
2013-08-18 01:29 . 2013-08-18 01:29 163 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-11 19:54 . 2013-08-11 19:54 -------- d-----w- c:\users\RIGO\AppData\Roaming\GRETECH
2013-08-11 18:20 . 2013-08-12 03:53 -------- d-----w- c:\users\RIGO\AppData\Roaming\Media Player Classic
2013-08-11 18:04 . 2013-07-02 08:34 9460976 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4C1605F-76FD-48A4-9EE1-4022C8900102}\mpengine.dll
2013-08-11 03:09 . 2013-08-11 03:18 -------- d-----w- c:\users\RIGO\AppData\Local\Daum
2013-08-11 01:47 . 2013-08-11 01:47 -------- d-----w- c:\users\RIGO\AppData\Roaming\OpenOffice
2013-08-10 23:51 . 2013-08-10 23:51 -------- d-----w- c:\users\RIGO\AppData\Local\Freemake Music Box
2013-08-10 23:49 . 2013-08-10 23:50 -------- d-----w- c:\programdata\Freemake
2013-08-10 23:49 . 2013-08-10 23:50 -------- d-----w- c:\program files (x86)\Freemake
2013-08-10 23:39 . 2013-08-10 23:43 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-08-10 22:51 . 2013-08-10 22:51 -------- d-----w- c:\program files (x86)\OpenOffice 4
2013-08-10 21:45 . 2013-08-10 21:45 -------- d-----w- c:\program files (x86)\Hanso Recorder
2013-08-10 01:03 . 2013-08-10 01:03 -------- d-----w- c:\programdata\spotflux
2013-08-09 19:42 . 2013-08-10 22:23 -------- d-----w- c:\program files (x86)\Sanwhole
2013-08-07 03:18 . 2013-08-07 03:18 49240 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2013-08-07 03:18 . 2013-08-07 03:18 -------- dc-h--w- c:\programdata\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}
2013-08-07 03:17 . 2013-08-07 03:17 -------- d-----w- c:\program files (x86)\AntiLogger
2013-08-05 21:39 . 2013-08-05 21:39 -------- d-----w- c:\users\RIGO\AppData\Roaming\GetGo Software
2013-08-05 21:38 . 2013-08-17 19:31 -------- d-----w- c:\program files (x86)\GetGo Software
2013-08-02 03:22 . 2013-08-02 03:22 -------- d-----w- c:\users\RIGO\AppData\Roaming\wurst
2013-07-31 23:10 . 2013-07-31 23:10 -------- d-----w- c:\users\RIGO\.swt
2013-07-31 23:08 . 2013-08-10 01:02 -------- d-----w- c:\program files (x86)\Spotflux
2013-07-31 23:03 . 2013-08-10 02:02 -------- d-----w- c:\users\RIGO\AppData\Roaming\.spotflux
2013-07-31 00:59 . 2013-07-31 00:59 -------- d-----w- c:\users\RIGO\AppData\Local\emaze
2013-07-30 19:39 . 2013-07-31 18:12 -------- d-----w- c:\programdata\iQNotes
2013-07-23 18:16 . 2013-07-23 18:16 -------- d-----w- c:\users\RIGO\AppData\Roaming\Awesomium
2013-07-23 18:11 . 2013-07-23 18:11 -------- d-----w- c:\program files\Badosoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-10 18:35 . 2012-04-16 16:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-10 18:35 . 2011-06-14 22:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-31 19:29 . 2012-06-30 23:48 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-31 19:29 . 2010-04-23 00:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-12 05:23 . 2010-03-17 20:51 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 02:50 . 2013-06-19 02:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 23:43 . 2013-07-11 05:20 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-11 05:20 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-11 05:20 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-11 05:20 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-11 05:20 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-11 05:20 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-11 05:20 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-11 05:20 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-11 05:20 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-11 05:20 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-11 05:20 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-11 05:20 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-11 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-11 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-11 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-11 05:20 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-11 05:20 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-11 05:20 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 21:45 . 2013-06-11 21:45 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-07 03:22 . 2013-07-11 05:20 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-11 05:20 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 23:29 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 23:29 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 23:29 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-30 18:50 . 2013-02-08 01:23 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2013-05-28 23:12 . 2013-05-28 23:12 39104 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2012-12-10 03:47 . 2012-12-09 01:16 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-12 . 884691F819503DD2191A2641CC827A52 . 19482112 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_7a3b4f88ac52fcc5\mshtml.dll
[-] 2013-06-11 . 9586EC4E1CC39CCBA26A5E7DFE774C9E . 19238912 . . [10.00.9200.16635] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9112816e92a4b4ab\mshtml.dll
[7] 2013-06-08 . 5C41AF3F4B83340D2783CE8FDE30566A . 19233792 . . [10.00.9200.16618] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_91103c8292a6cee0\mshtml.dll
[7] 2013-06-08 . D8FEA3117BEA18064DA7F0668FA94F38 . 19479552 . . [10.00.9200.20723] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20723_none_7a39382cac54e3b8\mshtml.dll
[7] 2013-05-17 . DBB793D8B7ED6747F121D5831E749B6A . 19480576 . . [10.00.9200.20719] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20719_none_7a37af32ac566427\mshtml.dll
[7] 2013-05-17 . 945C49FA10B96570DFE37CFB145A1D10 . 19233792 . . [10.00.9200.16614] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_911097a292a6685c\mshtml.dll
[7] 2013-04-13 . 394ECD933CD66BADF97EA85A183B9E1E . 19230208 . . [10.00.9200.16540] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_911ec38c929b31ec\mshtml.dll
[7] 2013-04-05 . C56EF4C50A1FEED0CC9B7AE068CBBBBB . 19231232 . . [10.00.9200.16576] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_91213bba929917b7\mshtml.dll
[7] 2013-04-05 . 6D81646922700482A82F253E73989CE4 . 19476480 . . [10.00.9200.20681] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20681_none_7a4a3764ac472c8f\mshtml.dll
[7] 2013-03-04 . 23FF9EA25842DB24427A7993CC192D8F . 9382400 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21484_none_8a7ad133cbfb1a54\mshtml.dll
[7] 2013-03-02 . 7C91A589EC32A0D183D9BDA19D45274F . 9059328 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18106_none_8c301162afc1399c\mshtml.dll
[7] 2013-03-02 . 633B37E7AB84DF5E0A95173A9C33938F . 9377280 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17267_none_8a09d338b2ca9186\mshtml.dll
[7] 2013-03-02 . 01A3EE0DB86FD44D7E0BFC7269F18405 . 9061888 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22272_none_8c69fd91c91b37a1\mshtml.dll
[-] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16448] .. c:\windows\erdnt\cache64\mshtml.dll
[7] 2011-01-07 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll
[7] 2011-01-07 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll
[7] 2010-12-18 . B26512F06AC6E6841F9092DA5CD07B15 . 9302528 . . [8.00.7600.16722] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_8a3031bcb2ae7b31\mshtml.dll
[7] 2010-12-18 . B9C8DB637F63838B977AD44190677F43 . 9306624 . . [8.00.7600.20861] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_8a8d8e8dcbed7168\mshtml.dll
[7] 2010-11-20 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[7] 2010-11-04 . 1F5BE643D0C7949CA8A387598B225754 . 9303040 . . [8.00.7600.20831] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_8aadfe51cbd51d95\mshtml.dll
[7] 2010-11-04 . 30C4D25A902F264E52F7F3A1EEF8576A . 9306624 . . [8.00.7600.16700] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_8a43d100b2a010a1\mshtml.dll
[7] 2010-09-08 . BA91EF2891B44E03FA71A8F608E6FB0D . 9296384 . . [8.00.7600.16671] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_89f91ff0b2d7f068\mshtml.dll
[7] 2010-09-08 . 87F2577E0240B62D6934D1076358A96A . 9298944 . . [8.00.7600.20795] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_8a711e0bcc022d70\mshtml.dll
[7] 2010-06-30 . E16D240876BAD97B05DCAD346AC734F6 . 9295360 . . [8.00.7600.20745] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_8aa72da7cbd9a1bb\mshtml.dll
[7] 2010-06-30 . 74DA18BB61FE98FC002866F032329265 . 9298432 . . [8.00.7600.16625] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_8a3330b4b2abca0f\mshtml.dll
[7] 2010-05-06 . A9A3272AF5BB3B73E93A268FEB8A9367 . 9290240 . . [8.00.7600.16588] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_89f55024b2d9c093\mshtml.dll
[7] 2010-05-06 . 77942703FC36E71B86C3585CC32CBFEB . 9295872 . . [8.00.7600.20708] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_8ad56e35cbb67dfc\mshtml.dll
[7] 2010-02-23 . 282F2FEB95A6B3985CB30BA236594E7E . 9283072 . . [8.00.7600.16535] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_8a285ee2b2b3e8d9\mshtml.dll
[7] 2010-02-23 . E0A6A14D57662EA1B8FB379BCB679561 . 9289216 . . [8.00.7600.20651] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_8a985aadcbe55b29\mshtml.dll
[7] 2009-12-19 . 4C8FC7269F660374F398F75B240EF446 . 9280512 . . [8.00.7600.20600] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_8acd69ffcbbdb61d\mshtml.dll
[7] 2009-12-19 . F172328C926FF41AA3CC81EB37F7E0AE . 9276928 . . [8.00.7600.16490] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_89e27c02b2e914a5\mshtml.dll
[7] 2009-11-19 . AADEEDB38F70638FD2B7A86EDD837D19 . 9273856 . . [8.00.7600.20579] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_8a8abb3fcbee609c\mshtml.dll
[7] 2009-11-19 . E5DED66EFC742ADE04819551AF3652B1 . 9273344 . . [8.00.7600.16466] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_8a08ed82b2cb58dc\mshtml.dll
[-] 2013-06-11 . 9586EC4E1CC39CCBA26A5E7DFE774C9E . 19238912 . . [10.00.9200.16521] .. c:\windows\system32\mshtml.dll
.
[-] 2013-06-12 . 09BF0D9701F9D846BBC5ABED003851CB . 2248704 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_68e1306a2bfc938f\wininet.dll
[-] 2013-06-11 . FAF6EC2460AD5FBBD38D8E1AE28B0D77 . 2241024 . . [10.00.9200.16635] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_7fb86250124e4b75\wininet.dll
[7] 2013-05-17 . 7E43B93C0E9C138AC1008F646B06E919 . 2248704 . . [10.00.9200.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_68dd90142bfffaf1\wininet.dll
[7] 2013-05-17 . 12716D987D475B051F35895659159705 . 2241024 . . [10.00.9200.16611] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_7fb67884124fff26\wininet.dll
[7] 2013-04-13 . 753C0848AE7872A3F59663078A517293 . 2240512 . . [10.00.9200.16540] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_7fc4a46e1244c8b6\wininet.dll
[7] 2013-04-05 . 27A9000C534AA9BADC9EE74940F50C6D . 2242048 . . [10.00.9200.16576] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_7fc71c9c1242ae81\wininet.dll
[7] 2013-04-05 . 61962C7A2D6E32827F089E6F0A03E533 . 2247168 . . [10.00.9200.20681] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_68f018462bf0c359\wininet.dll
[7] 2013-03-04 . 3BD77CF56FF4B03BA390379F67259258 . 1198080 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21484_none_7920b2154ba4b11e\wininet.dll
[7] 2013-03-02 . 9E7687984107C81B859200C9BD570AFF . 1188864 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18106_none_7ad5f2442f6ad066\wininet.dll
[7] 2013-03-02 . 8523338F749AC8C5300C125BC4B08275 . 1198080 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17267_none_78afb41a32742850\wininet.dll
[7] 2013-03-02 . 6E8A768CEA17C6542E3031812745AC3F . 1189888 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22272_none_7b0fde7348c4ce6b\wininet.dll
[-] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16448] .. c:\windows\erdnt\cache64\wininet.dll
[7] 2010-12-21 . E71DB117DBDA6B33646F37936C17D226 . 1197056 . . [8.00.7600.16723] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_78d712e832572b52\wininet.dll
[7] 2010-12-21 . 1D3466E7E9D63F8B2B84A8AD5E833C29 . 1198080 . . [8.00.7600.20862] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_79346fb94b962189\wininet.dll
[7] 2010-12-18 . 8178D4C37F236BF810B2178415FE4949 . 1197056 . . [8.00.7600.16722] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_78d6129e325811fb\wininet.dll
[7] 2010-12-18 . 7EC667385C0D726C9D91D966886B7CFD . 1198080 . . [8.00.7600.20861] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_79336f6f4b970832\wininet.dll
[7] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2010-11-04 . 480E62DF24AD9019824344612CD7CF16 . 1197056 . . [8.00.7600.20831] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_7953df334b7eb45f\wininet.dll
[7] 2010-11-04 . E521F850ADDCEBDBF755819FA608D1FF . 1194496 . . [8.00.7600.16700] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_78e9b1e23249a76b\wininet.dll
[7] 2010-09-08 . 09E42C1CE2199E0442E3531A599983A8 . 1192960 . . [8.00.7600.16671] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_789f00d232818732\wininet.dll
[7] 2010-09-08 . 25B069DDF6206EF3C968179F98D351C7 . 1196032 . . [8.00.7600.20795] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_7916feed4babc43a\wininet.dll
[7] 2010-06-30 . DBC6EC40DDEDF875C0576CF2C0CAF9C3 . 1196544 . . [8.00.7600.20745] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_794d0e894b833885\wininet.dll
[7] 2010-06-30 . 3DEB428ACD3D4DECD1619C24E4628DD2 . 1192960 . . [8.00.7600.16625] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_78d91196325560d9\wininet.dll
[7] 2010-05-21 . 40643F8400F5C05770EE8F1373BBE3EA . 1196032 . . [8.00.7600.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_796e7e974b69fe09\wininet.dll
[7] 2010-05-21 . CE40A889CB71A292E2947DBC630F47DF . 1192960 . . [8.00.7600.16596] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_788e6086328d40a0\wininet.dll
[7] 2010-02-23 . 096698014315B32C84A7AFD4EA61FB6F . 1192960 . . [8.00.7600.16535] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_78ce3fc4325d7fa3\wininet.dll
[7] 2010-02-23 . DD9CA58E7DB6E64BAD127C7AD6FE1D08 . 1196032 . . [8.00.7600.20651] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_793e3b8f4b8ef1f3\wininet.dll
[7] 2009-12-19 . 46C47A10DB10E3055ADE41C4EB4FF7CA . 1192960 . . [8.00.7600.20600] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_79734ae14b674ce7\wininet.dll
[7] 2009-12-19 . 9C0E12FB8BD14397EC9CCA99EC0ED5A3 . 1192960 . . [8.00.7600.16490] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_78885ce43292ab6f\wininet.dll
[7] 2009-07-14 . B1037F0131C9A010D611F6914E03CD92 . 1193472 . . [8.00.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll
[-] 2013-06-11 . FAF6EC2460AD5FBBD38D8E1AE28B0D77 . 2241024 . . [10.00.9200.16521] .. c:\windows\system32\wininet.dll
.
[-] 2013-06-12 . E6CC3F7EAA761794E13E0F99393EEB97 . 14358528 . . [10.00.9200.20742] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_848ff9dae0b3bec0\mshtml.dll
[-] 2013-06-11 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16521] .. c:\windows\SysWOW64\mshtml.dll
[-] 2013-06-11 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16635] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9b672bc0c70576a6\mshtml.dll
[7] 2013-06-08 . 2C01EA6CBF9E7C6A96535BEA1AB35580 . 14355456 . . [10.00.9200.20723] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20723_none_848de27ee0b5a5b3\mshtml.dll
[7] 2013-06-08 . 05920BD009621D06722A1CD339DA6481 . 14327808 . . [10.00.9200.16618] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_9b64e6d4c70790db\mshtml.dll
[7] 2013-05-17 . D77D1A53C38DF6CE26749D77BED6A527 . 14355968 . . [10.00.9200.20719] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20719_none_848c5984e0b72622\mshtml.dll
[7] 2013-05-17 . 69A03AB053CAD761E51BAE1B01F95F55 . 14327808 . . [10.00.9200.16614] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_9b6541f4c7072a57\mshtml.dll
[7] 2013-04-13 . D017BF8D92938EEB9B3A1D1C53FDA152 . 14323200 . . [10.00.9200.16540] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_9b736ddec6fbf3e7\mshtml.dll
[7] 2013-04-05 . 7A468BC721C1D34E60389D3F2F87BBEA . 14323712 . . [10.00.9200.16576] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_9b75e60cc6f9d9b2\mshtml.dll
[7] 2013-04-05 . 92D1C395680C2878F9778C1649C00CB0 . 14353408 . . [10.00.9200.20681] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20681_none_849ee1b6e0a7ee8a\mshtml.dll
[7] 2013-03-04 . BFA23AFB5E625CE3F1AE5226ADE13831 . 6034944 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21484_none_94cf7b86005bdc4f\mshtml.dll
[7] 2013-03-02 . 5ABB67F8CA088F32F8BF1A81F1C82EA9 . 6032384 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17267_none_945e7d8ae72b5381\mshtml.dll
[7] 2013-03-02 . E3828BFBF2605ABF13BAB26F6C89CF2B . 6032384 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18106_none_9684bbb4e421fb97\mshtml.dll
[7] 2013-03-02 . 6A54A85FA37E01066346884680965FEE . 6033408 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22272_none_96bea7e3fd7bf99c\mshtml.dll
[-] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16448] .. c:\windows\erdnt\cache86\mshtml.dll
[7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_96656a9ae43943bc\mshtml.dll
[7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_96ee071bfd57ca2f\mshtml.dll
[7] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16722] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_9484dc0ee70f3d2c\mshtml.dll
[7] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.20861] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_94e238e0004e3363\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
[7] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.20831] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_9502a8a40035df90\mshtml.dll
[7] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16700] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_94987b52e700d29c\mshtml.dll
[7] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.20795] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_94c5c85e0062ef6b\mshtml.dll
[7] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16671] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_944dca42e738b263\mshtml.dll
[7] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16625] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_9487db06e70c8c0a\mshtml.dll
[7] 2010-06-30 . 25C1646ADC24C371B594544C3D530967 . 5972992 . . [8.00.7600.20745] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_94fbd7fa003a63b6\mshtml.dll
[7] 2010-05-06 . 1186C9E0759E0AC7CC6C9A0F66D003ED . 5972992 . . [8.00.7600.20708] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_952a188800173ff7\mshtml.dll
[7] 2010-05-06 . C5A57D9A8C055643BBB2E65D5E181D52 . 5970944 . . [8.00.7600.16588] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_9449fa76e73a828e\mshtml.dll
[7] 2010-02-23 . 49E3588AFD08BE40A9775BF3FB9D43F1 . 5964800 . . [8.00.7600.16535] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_947d0934e714aad4\mshtml.dll
[7] 2010-02-23 . DA9D73D95D2B74742D4936739B1D9669 . 5966336 . . [8.00.7600.20651] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_94ed050000461d24\mshtml.dll
[7] 2009-12-19 . 96990605689B601287D4A83DD2B05F0B . 5962240 . . [8.00.7600.20600] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_95221452001e7818\mshtml.dll
[7] 2009-12-19 . 6EE36579E69E37D2AB2926A40B16DBB3 . 5961728 . . [8.00.7600.16490] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_94372654e749d6a0\mshtml.dll
[7] 2009-11-19 . F8F43D14BA21CF92D16B3A16A958778B . 5958656 . . [8.00.7600.16466] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_945d97d4e72c1ad7\mshtml.dll
[7] 2009-11-19 . 31F80311F487ABA186A10E551B212573 . 5959168 . . [8.00.7600.20579] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_94df6592004f2297\mshtml.dll
[7] 2009-10-19 . 5F0851C767DE71C261283D423650FAC9 . 5958656 . . [8.00.7600.16444] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_94713718e71db047\mshtml.dll
[7] 2009-10-19 . FE1B4F611CFF0B442CEC979BE1CDDF77 . 5958656 . . [8.00.7600.20553] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_94ef03ae004452ab\mshtml.dll
[7] 2009-09-05 . 56F5053760581989A9BC7A47E916F661 . 5958656 . . [8.00.7600.16419] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16419_none_9496a84ee700db27\mshtml.dll
[7] 2009-09-05 . A89E3948B2EFC55F642FE1FE2CDA2D9E . 5958656 . . [8.00.7600.20521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20521_none_950d72de002dcc2a\mshtml.dll
[7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_9446f5cce73d3c3b\mshtml.dll
.
[-] 2013-06-12 . 24AE444B165D11835EF3D38CF3CC7FA4 . 1777664 . . [10.00.9200.20742] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_0cc294e6739f2259\wininet.dll
[-] 2013-06-11 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16521] .. c:\windows\SysWOW64\wininet.dll
[-] 2013-06-11 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16635] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_2399c6cc59f0da3f\wininet.dll
[7] 2013-05-17 . 425A20F1C6855222944BFD4FA9BE61A5 . 1777664 . . [10.00.9200.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_0cbef49073a289bb\wininet.dll
[7] 2013-05-17 . 2473CA6595A2659D7039A4A89FECA269 . 1767936 . . [10.00.9200.16611] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_2397dd0059f28df0\wininet.dll
[7] 2013-04-13 . CFE0CEE587F9CEA4C29DEEC6D85FC91C . 1766912 . . [10.00.9200.16540] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_23a608ea59e75780\wininet.dll
[7] 2013-04-05 . 5ABB3F36AF17007F33FA275E96A2C95E . 1767424 . . [10.00.9200.16576] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_23a8811859e53d4b\wininet.dll
[7] 2013-04-05 . 1D48B7F4618EE77430ACECCA1BCA88E1 . 1775616 . . [10.00.9200.20681] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223\wininet.dll
[7] 2013-03-04 . 109DD2D8F7A7A013C1A93CBA3138E532 . 982528 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21484_none_1d02169193473fe8\wininet.dll
[7] 2013-03-02 . 6A02CB2EDC24630845D11B507952141A . 981504 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17267_none_1c9118967a16b71a\wininet.dll
[7] 2013-03-02 . C3D43E21FA49657BC1645E9D745656C6 . 981504 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18106_none_1eb756c0770d5f30\wininet.dll
[7] 2013-03-02 . 073488F3805ADC63DFFDDC6247DD9F4E . 982016 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22272_none_1ef142ef90675d35\wininet.dll
[-] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16448] .. c:\windows\erdnt\cache86\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
[7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
[7] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
[7] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
[7] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
[7] 2010-06-30 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
[7] 2010-05-21 . ABE73A2F762A74B6AD2C9BE636915595 . 977920 . . [8.00.7600.16596] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll
[7] 2010-05-21 . 5FF3118C688D43ED77DEADC6F4895EF9 . 980480 . . [8.00.7600.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll
[7] 2010-02-23 . 99A6F1253A886C4A9C1F8E1822B10A80 . 977920 . . [8.00.7600.16535] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
[7] 2010-02-23 . 0962CB2A9E6B4363C74249A4A5CCDBBF . 980480 . . [8.00.7600.20651] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
[7] 2009-12-19 . 23587164011EC849E58E229ABC49E239 . 977920 . . [8.00.7600.20600] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll
[7] 2009-12-19 . F1C359CE656BD76F90E0E6C4BC04A4BE . 977920 . . [8.00.7600.16490] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AC02E217-6E13-4F14-9BAC-D7BA27C1E912}]
2013-06-19 21:53 1359672 ----a-w- c:\progra~2\STICKY~1\spIEBho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{AC02E217-6E13-4F14-9BAC-D7BA27C1E912}"= "c:\progra~2\STICKY~1\spIEBho.dll" [2013-06-19 1359672]
.
[HKEY_CLASSES_ROOT\clsid\{ac02e217-6e13-4f14-9bac-d7ba27c1e912}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-11-09 366576]
"StickyPassword"="c:\program files (x86)\Sticky Password\stpass.exe" [2013-06-19 8136504]
"xwidget"="c:\program files (x86)\XWidget\xwidget.exe" [2013-04-16 1799680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Sticker"="c:\program files (x86)\Sticker\Sticker.exe" [2010-10-04 139264]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2013-07-22 17289640]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Uninstall LastPass RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid [email protected] [2012-12-8 14794312]
.
c:\users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-2-18 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files (x86)\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RoxLiveShare10;LiveShare P2P Server 10; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 STGMFEngine64;Steganos RAM Disk Engine 64 Bit [Driver];c:\windows\system32\drivers\STGMFEngine64.sys;c:\windows\SYSNATIVE\drivers\STGMFEngine64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe;c:\windows\SYSNATIVE\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 SpotfluxUpdateService;Spotflux Update Service;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe [x]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler64.exe;c:\windows\SYSNATIVE\STGRAMDiskHandler64.exe [x]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [x]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant =
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-23 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-06-23 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-04 15:27; {E4091D66-127C-11DB-903A-DE80D2EFDFE8}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF - ExtSQL: 2013-07-04 17:38; {E10A6337-382E-4FE6-96DE-936ADC34DD04}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
FF - ExtSQL: 2013-07-04 21:45; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-04 22:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-13 14:34; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-25 22:04; {5B52016C-D097-4aec-BE61-9F129D8FDDBA}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
FF - ExtSQL: 2013-07-27 22:09; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-04 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-05 16:39; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-07 20:01; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-08-07 20:01; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-08-07 20:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-07 20:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-09 13:46; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-12-08 21:41; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\3d559b07-551d-406d-a932-1b54bc57da14]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"16vokl5vmx5vz"=hex:34,36,63,34,30,63,64,62,2d,34,63,31,62,2d,34,61,39,33,2d,
38,30,63,64,2d,62,61,64,39,31,37,33,65,65,34,32,63
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2013-08-21 12:38:15 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-21 17:38
ComboFix2.txt 2013-08-20 18:07
ComboFix3.txt 2013-08-13 00:45
.
Pre-Run: 192,075,280,384 bytes free
Post-Run: 191,879,565,312 bytes free
.
- - End Of File - - 1184AA9348AB9BECED069286D338EF6E
A36C5E4F47E84449FF07ED3517B43A31



Farbar Service Scanner Version: 18-08-2013
Ran by RIGO (administrator) on 21-08-2013 at 12:47:08
Running from "C:\Users\RIGO\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#23
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have a few more steps for you. :) Also, can you let me know what error you get when you try to connect to the internet?

Step 1 - ComboFix Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 1 - New FSS Scan

Please re-open Farbar Service Scanner
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3 - Run MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 4 - Run System File Check

  • Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow. (see screenshot below)
    Posted Image
  • In the black box that opens type or copy and paste the following command and press Enter:
    sfc /scannow
    Posted Image
    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
  • Let me know the results of the scan in your next reply.
  • Type exit and press the ENTER key to close the command window.

  • 0

#24
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
hi,
after I ran the three programs on post #7.I checked my system and tried to see if it would allow me install windows security essentials. However, when I enabled my internet connection, there was no signal. I checked connections, wires, reset my modem and tried connecting with my wireless adapter but still no internet. I don't get an error message but when I ran the windows network diagnostics. It gives me the following results “there might be a problem with the driver for the local area connection area” so, maybe, one of those programs deleted somethig to with my network program. I hope you can fix this problem, also.

I'll post the new logs tomorrow when my caregiver is here...

thank you
  • 0

#25
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

I hope you can fix this problem, also.

We will get it worked out. :) Of the scans done in Step 7, everything that was removed was either adware or malicious. Programs like Optimizer Pro that was on your machine have been known to cause network issues.

I'll post the new logs tomorrow when my caregiver is here...

thank you


You're welcome! That sounds like a good plan, I'll be watching for the new logs tomorrow.
  • 0

Advertisements


#26
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, here the first three logs. I have a quesrion on the last scanning. When the black command promp window comes up. the promp is on c:\users\rigo and not on c:\windows\system32 like in your postin #23. does it matter where do I run it from? now the logs..........


ComboFix 13-08-22.01 - RIGO 08/22/2013 13:03:53.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2749 [GMT -5:00]
Running from: J:\ComboFix.exe
Command switches used :: c:\users\RIGO\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-22 to 2013-08-22 )))))))))))))))))))))))))))))))
.
.
2013-08-22 18:11 . 2013-08-22 18:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-22 18:11 . 2013-08-22 18:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-22 18:11 . 2013-08-22 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-22 18:11 . 2013-08-22 18:11 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-08-18 01:54 . 2013-08-18 01:54 -------- d-----w- C:\_OTL
2013-08-18 01:42 . 2013-08-18 01:42 -------- d-----w- c:\windows\ERUNT
2013-08-18 01:36 . 2013-08-18 01:36 -------- d-----w- c:\programdata\AVG Secure Search
2013-08-18 01:29 . 2013-08-18 01:29 163 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-11 19:54 . 2013-08-11 19:54 -------- d-----w- c:\users\RIGO\AppData\Roaming\GRETECH
2013-08-11 18:20 . 2013-08-12 03:53 -------- d-----w- c:\users\RIGO\AppData\Roaming\Media Player Classic
2013-08-11 18:04 . 2013-07-02 08:34 9460976 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4C1605F-76FD-48A4-9EE1-4022C8900102}\mpengine.dll
2013-08-11 03:09 . 2013-08-11 03:18 -------- d-----w- c:\users\RIGO\AppData\Local\Daum
2013-08-11 01:47 . 2013-08-11 01:47 -------- d-----w- c:\users\RIGO\AppData\Roaming\OpenOffice
2013-08-10 23:51 . 2013-08-21 17:59 -------- d-----w- c:\users\RIGO\AppData\Local\Freemake Music Box
2013-08-10 23:49 . 2013-08-10 23:50 -------- d-----w- c:\programdata\Freemake
2013-08-10 23:49 . 2013-08-10 23:50 -------- d-----w- c:\program files (x86)\Freemake
2013-08-10 23:39 . 2013-08-10 23:43 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-08-10 22:51 . 2013-08-10 22:51 -------- d-----w- c:\program files (x86)\OpenOffice 4
2013-08-10 21:45 . 2013-08-10 21:45 -------- d-----w- c:\program files (x86)\Hanso Recorder
2013-08-10 01:03 . 2013-08-10 01:03 -------- d-----w- c:\programdata\spotflux
2013-08-09 19:42 . 2013-08-10 22:23 -------- d-----w- c:\program files (x86)\Sanwhole
2013-08-07 03:18 . 2013-08-07 03:18 49240 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2013-08-07 03:18 . 2013-08-07 03:18 -------- dc-h--w- c:\programdata\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}
2013-08-07 03:17 . 2013-08-07 03:17 -------- d-----w- c:\program files (x86)\AntiLogger
2013-08-05 21:39 . 2013-08-05 21:39 -------- d-----w- c:\users\RIGO\AppData\Roaming\GetGo Software
2013-08-05 21:38 . 2013-08-17 19:31 -------- d-----w- c:\program files (x86)\GetGo Software
2013-08-02 03:22 . 2013-08-02 03:22 -------- d-----w- c:\users\RIGO\AppData\Roaming\wurst
2013-07-31 23:10 . 2013-07-31 23:10 -------- d-----w- c:\users\RIGO\.swt
2013-07-31 23:08 . 2013-08-10 01:02 -------- d-----w- c:\program files (x86)\Spotflux
2013-07-31 23:03 . 2013-08-10 02:02 -------- d-----w- c:\users\RIGO\AppData\Roaming\.spotflux
2013-07-31 00:59 . 2013-07-31 00:59 -------- d-----w- c:\users\RIGO\AppData\Local\emaze
2013-07-30 19:39 . 2013-07-31 18:12 -------- d-----w- c:\programdata\iQNotes
2013-07-23 18:16 . 2013-07-23 18:16 -------- d-----w- c:\users\RIGO\AppData\Roaming\Awesomium
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-10 18:35 . 2012-04-16 16:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-10 18:35 . 2011-06-14 22:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-31 19:29 . 2012-06-30 23:48 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-31 19:29 . 2010-04-23 00:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-12 05:23 . 2010-03-17 20:51 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 02:50 . 2013-06-19 02:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 23:43 . 2013-07-11 05:20 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-11 05:20 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-11 05:20 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-11 05:20 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-11 05:20 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-11 05:20 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-11 05:20 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-11 05:20 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-11 05:20 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-11 05:20 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-11 05:20 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-11 05:20 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-11 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-11 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-11 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-11 05:20 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-11 05:20 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-11 05:20 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 21:45 . 2013-06-11 21:45 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-07 03:22 . 2013-07-11 05:20 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-11 05:20 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 23:29 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 23:29 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 23:29 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-30 18:50 . 2013-02-08 01:23 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2013-05-28 23:12 . 2013-05-28 23:12 39104 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2012-12-10 03:47 . 2012-12-09 01:16 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-12 . 884691F819503DD2191A2641CC827A52 . 19482112 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_7a3b4f88ac52fcc5\mshtml.dll
[-] 2013-06-11 . 9586EC4E1CC39CCBA26A5E7DFE774C9E . 19238912 . . [10.00.9200.16635] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9112816e92a4b4ab\mshtml.dll
[7] 2013-06-08 . 5C41AF3F4B83340D2783CE8FDE30566A . 19233792 . . [10.00.9200.16618] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_91103c8292a6cee0\mshtml.dll
[7] 2013-06-08 . D8FEA3117BEA18064DA7F0668FA94F38 . 19479552 . . [10.00.9200.20723] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20723_none_7a39382cac54e3b8\mshtml.dll
[7] 2013-05-17 . DBB793D8B7ED6747F121D5831E749B6A . 19480576 . . [10.00.9200.20719] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20719_none_7a37af32ac566427\mshtml.dll
[7] 2013-05-17 . 945C49FA10B96570DFE37CFB145A1D10 . 19233792 . . [10.00.9200.16614] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_911097a292a6685c\mshtml.dll
[7] 2013-04-13 . 394ECD933CD66BADF97EA85A183B9E1E . 19230208 . . [10.00.9200.16540] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_911ec38c929b31ec\mshtml.dll
[7] 2013-04-05 . C56EF4C50A1FEED0CC9B7AE068CBBBBB . 19231232 . . [10.00.9200.16576] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_91213bba929917b7\mshtml.dll
[7] 2013-04-05 . 6D81646922700482A82F253E73989CE4 . 19476480 . . [10.00.9200.20681] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20681_none_7a4a3764ac472c8f\mshtml.dll
[7] 2013-03-04 . 23FF9EA25842DB24427A7993CC192D8F . 9382400 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21484_none_8a7ad133cbfb1a54\mshtml.dll
[7] 2013-03-02 . 7C91A589EC32A0D183D9BDA19D45274F . 9059328 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18106_none_8c301162afc1399c\mshtml.dll
[7] 2013-03-02 . 633B37E7AB84DF5E0A95173A9C33938F . 9377280 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17267_none_8a09d338b2ca9186\mshtml.dll
[7] 2013-03-02 . 01A3EE0DB86FD44D7E0BFC7269F18405 . 9061888 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22272_none_8c69fd91c91b37a1\mshtml.dll
[-] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16448] .. c:\windows\erdnt\cache64\mshtml.dll
[7] 2011-01-07 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll
[7] 2011-01-07 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll
[7] 2010-12-18 . B26512F06AC6E6841F9092DA5CD07B15 . 9302528 . . [8.00.7600.16722] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_8a3031bcb2ae7b31\mshtml.dll
[7] 2010-12-18 . B9C8DB637F63838B977AD44190677F43 . 9306624 . . [8.00.7600.20861] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_8a8d8e8dcbed7168\mshtml.dll
[7] 2010-11-20 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[7] 2010-11-04 . 1F5BE643D0C7949CA8A387598B225754 . 9303040 . . [8.00.7600.20831] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_8aadfe51cbd51d95\mshtml.dll
[7] 2010-11-04 . 30C4D25A902F264E52F7F3A1EEF8576A . 9306624 . . [8.00.7600.16700] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_8a43d100b2a010a1\mshtml.dll
[7] 2010-09-08 . BA91EF2891B44E03FA71A8F608E6FB0D . 9296384 . . [8.00.7600.16671] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_89f91ff0b2d7f068\mshtml.dll
[7] 2010-09-08 . 87F2577E0240B62D6934D1076358A96A . 9298944 . . [8.00.7600.20795] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_8a711e0bcc022d70\mshtml.dll
[7] 2010-06-30 . E16D240876BAD97B05DCAD346AC734F6 . 9295360 . . [8.00.7600.20745] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_8aa72da7cbd9a1bb\mshtml.dll
[7] 2010-06-30 . 74DA18BB61FE98FC002866F032329265 . 9298432 . . [8.00.7600.16625] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_8a3330b4b2abca0f\mshtml.dll
[7] 2010-05-06 . A9A3272AF5BB3B73E93A268FEB8A9367 . 9290240 . . [8.00.7600.16588] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_89f55024b2d9c093\mshtml.dll
[7] 2010-05-06 . 77942703FC36E71B86C3585CC32CBFEB . 9295872 . . [8.00.7600.20708] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_8ad56e35cbb67dfc\mshtml.dll
[7] 2010-02-23 . 282F2FEB95A6B3985CB30BA236594E7E . 9283072 . . [8.00.7600.16535] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_8a285ee2b2b3e8d9\mshtml.dll
[7] 2010-02-23 . E0A6A14D57662EA1B8FB379BCB679561 . 9289216 . . [8.00.7600.20651] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_8a985aadcbe55b29\mshtml.dll
[7] 2009-12-19 . 4C8FC7269F660374F398F75B240EF446 . 9280512 . . [8.00.7600.20600] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_8acd69ffcbbdb61d\mshtml.dll
[7] 2009-12-19 . F172328C926FF41AA3CC81EB37F7E0AE . 9276928 . . [8.00.7600.16490] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_89e27c02b2e914a5\mshtml.dll
[7] 2009-11-19 . AADEEDB38F70638FD2B7A86EDD837D19 . 9273856 . . [8.00.7600.20579] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_8a8abb3fcbee609c\mshtml.dll
[7] 2009-11-19 . E5DED66EFC742ADE04819551AF3652B1 . 9273344 . . [8.00.7600.16466] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_8a08ed82b2cb58dc\mshtml.dll
[7] 2009-10-19 . 8C23278E750FEC81AFBC6FC41BA20FB4 . 9272832 . . [8.00.7600.20553] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_8a9a595bcbe390b0\mshtml.dll
[7] 2009-10-19 . AD58895EC8B72839F122FAB9597F059B . 9272320 . . [8.00.7600.16444] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_8a1c8cc6b2bcee4c\mshtml.dll
[-] 2013-06-11 . 9586EC4E1CC39CCBA26A5E7DFE774C9E . 19238912 . . [10.00.9200.16521] .. c:\windows\system32\mshtml.dll
.
[-] 2013-06-12 . 09BF0D9701F9D846BBC5ABED003851CB . 2248704 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_68e1306a2bfc938f\wininet.dll
[-] 2013-06-11 . FAF6EC2460AD5FBBD38D8E1AE28B0D77 . 2241024 . . [10.00.9200.16635] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_7fb86250124e4b75\wininet.dll
[7] 2013-05-17 . 7E43B93C0E9C138AC1008F646B06E919 . 2248704 . . [10.00.9200.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_68dd90142bfffaf1\wininet.dll
[7] 2013-05-17 . 12716D987D475B051F35895659159705 . 2241024 . . [10.00.9200.16611] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_7fb67884124fff26\wininet.dll
[7] 2013-04-13 . 753C0848AE7872A3F59663078A517293 . 2240512 . . [10.00.9200.16540] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_7fc4a46e1244c8b6\wininet.dll
[7] 2013-04-05 . 27A9000C534AA9BADC9EE74940F50C6D . 2242048 . . [10.00.9200.16576] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_7fc71c9c1242ae81\wininet.dll
[7] 2013-04-05 . 61962C7A2D6E32827F089E6F0A03E533 . 2247168 . . [10.00.9200.20681] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_68f018462bf0c359\wininet.dll
[7] 2013-03-04 . 3BD77CF56FF4B03BA390379F67259258 . 1198080 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21484_none_7920b2154ba4b11e\wininet.dll
[7] 2013-03-02 . 9E7687984107C81B859200C9BD570AFF . 1188864 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18106_none_7ad5f2442f6ad066\wininet.dll
[7] 2013-03-02 . 8523338F749AC8C5300C125BC4B08275 . 1198080 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17267_none_78afb41a32742850\wininet.dll
[7] 2013-03-02 . 6E8A768CEA17C6542E3031812745AC3F . 1189888 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22272_none_7b0fde7348c4ce6b\wininet.dll
[-] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16448] .. c:\windows\erdnt\cache64\wininet.dll
[7] 2010-12-21 . E71DB117DBDA6B33646F37936C17D226 . 1197056 . . [8.00.7600.16723] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_78d712e832572b52\wininet.dll
[7] 2010-12-21 . 1D3466E7E9D63F8B2B84A8AD5E833C29 . 1198080 . . [8.00.7600.20862] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_79346fb94b962189\wininet.dll
[7] 2010-12-18 . 8178D4C37F236BF810B2178415FE4949 . 1197056 . . [8.00.7600.16722] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_78d6129e325811fb\wininet.dll
[7] 2010-12-18 . 7EC667385C0D726C9D91D966886B7CFD . 1198080 . . [8.00.7600.20861] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_79336f6f4b970832\wininet.dll
[7] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2010-11-04 . 480E62DF24AD9019824344612CD7CF16 . 1197056 . . [8.00.7600.20831] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_7953df334b7eb45f\wininet.dll
[7] 2010-11-04 . E521F850ADDCEBDBF755819FA608D1FF . 1194496 . . [8.00.7600.16700] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_78e9b1e23249a76b\wininet.dll
[7] 2010-09-08 . 09E42C1CE2199E0442E3531A599983A8 . 1192960 . . [8.00.7600.16671] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_789f00d232818732\wininet.dll
[7] 2010-09-08 . 25B069DDF6206EF3C968179F98D351C7 . 1196032 . . [8.00.7600.20795] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_7916feed4babc43a\wininet.dll
[7] 2010-06-30 . DBC6EC40DDEDF875C0576CF2C0CAF9C3 . 1196544 . . [8.00.7600.20745] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_794d0e894b833885\wininet.dll
[7] 2010-06-30 . 3DEB428ACD3D4DECD1619C24E4628DD2 . 1192960 . . [8.00.7600.16625] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_78d91196325560d9\wininet.dll
[7] 2010-05-21 . 40643F8400F5C05770EE8F1373BBE3EA . 1196032 . . [8.00.7600.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_796e7e974b69fe09\wininet.dll
[7] 2010-05-21 . CE40A889CB71A292E2947DBC630F47DF . 1192960 . . [8.00.7600.16596] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_788e6086328d40a0\wininet.dll
[7] 2010-02-23 . 096698014315B32C84A7AFD4EA61FB6F . 1192960 . . [8.00.7600.16535] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_78ce3fc4325d7fa3\wininet.dll
[7] 2010-02-23 . DD9CA58E7DB6E64BAD127C7AD6FE1D08 . 1196032 . . [8.00.7600.20651] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_793e3b8f4b8ef1f3\wininet.dll
[7] 2009-12-19 . 46C47A10DB10E3055ADE41C4EB4FF7CA . 1192960 . . [8.00.7600.20600] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_79734ae14b674ce7\wininet.dll
[7] 2009-12-19 . 9C0E12FB8BD14397EC9CCA99EC0ED5A3 . 1192960 . . [8.00.7600.16490] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_78885ce43292ab6f\wininet.dll
[7] 2009-07-14 . B1037F0131C9A010D611F6914E03CD92 . 1193472 . . [8.00.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll
[-] 2013-06-11 . FAF6EC2460AD5FBBD38D8E1AE28B0D77 . 2241024 . . [10.00.9200.16521] .. c:\windows\system32\wininet.dll
.
[-] 2013-06-12 . E6CC3F7EAA761794E13E0F99393EEB97 . 14358528 . . [10.00.9200.20742] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_848ff9dae0b3bec0\mshtml.dll
[-] 2013-06-11 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16521] .. c:\windows\SysWOW64\mshtml.dll
[-] 2013-06-11 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16635] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9b672bc0c70576a6\mshtml.dll
[7] 2013-06-08 . 2C01EA6CBF9E7C6A96535BEA1AB35580 . 14355456 . . [10.00.9200.20723] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20723_none_848de27ee0b5a5b3\mshtml.dll
[7] 2013-06-08 . 05920BD009621D06722A1CD339DA6481 . 14327808 . . [10.00.9200.16618] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_9b64e6d4c70790db\mshtml.dll
[7] 2013-05-17 . D77D1A53C38DF6CE26749D77BED6A527 . 14355968 . . [10.00.9200.20719] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20719_none_848c5984e0b72622\mshtml.dll
[7] 2013-05-17 . 69A03AB053CAD761E51BAE1B01F95F55 . 14327808 . . [10.00.9200.16614] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_9b6541f4c7072a57\mshtml.dll
[7] 2013-04-13 . D017BF8D92938EEB9B3A1D1C53FDA152 . 14323200 . . [10.00.9200.16540] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_9b736ddec6fbf3e7\mshtml.dll
[7] 2013-04-05 . 7A468BC721C1D34E60389D3F2F87BBEA . 14323712 . . [10.00.9200.16576] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_9b75e60cc6f9d9b2\mshtml.dll
[7] 2013-04-05 . 92D1C395680C2878F9778C1649C00CB0 . 14353408 . . [10.00.9200.20681] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20681_none_849ee1b6e0a7ee8a\mshtml.dll
[7] 2013-03-04 . BFA23AFB5E625CE3F1AE5226ADE13831 . 6034944 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21484_none_94cf7b86005bdc4f\mshtml.dll
[7] 2013-03-02 . 5ABB67F8CA088F32F8BF1A81F1C82EA9 . 6032384 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17267_none_945e7d8ae72b5381\mshtml.dll
[7] 2013-03-02 . E3828BFBF2605ABF13BAB26F6C89CF2B . 6032384 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18106_none_9684bbb4e421fb97\mshtml.dll
[7] 2013-03-02 . 6A54A85FA37E01066346884680965FEE . 6033408 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22272_none_96bea7e3fd7bf99c\mshtml.dll
[-] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16448] .. c:\windows\erdnt\cache86\mshtml.dll
[7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_96656a9ae43943bc\mshtml.dll
[7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_96ee071bfd57ca2f\mshtml.dll
[7] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16722] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_9484dc0ee70f3d2c\mshtml.dll
[7] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.20861] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_94e238e0004e3363\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
[7] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.20831] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_9502a8a40035df90\mshtml.dll
[7] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16700] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_94987b52e700d29c\mshtml.dll
[7] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.20795] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_94c5c85e0062ef6b\mshtml.dll
[7] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16671] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_944dca42e738b263\mshtml.dll
[7] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16625] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_9487db06e70c8c0a\mshtml.dll
[7] 2010-06-30 . 25C1646ADC24C371B594544C3D530967 . 5972992 . . [8.00.7600.20745] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_94fbd7fa003a63b6\mshtml.dll
[7] 2010-05-06 . 1186C9E0759E0AC7CC6C9A0F66D003ED . 5972992 . . [8.00.7600.20708] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_952a188800173ff7\mshtml.dll
[7] 2010-05-06 . C5A57D9A8C055643BBB2E65D5E181D52 . 5970944 . . [8.00.7600.16588] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_9449fa76e73a828e\mshtml.dll
[7] 2010-02-23 . 49E3588AFD08BE40A9775BF3FB9D43F1 . 5964800 . . [8.00.7600.16535] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_947d0934e714aad4\mshtml.dll
[7] 2010-02-23 . DA9D73D95D2B74742D4936739B1D9669 . 5966336 . . [8.00.7600.20651] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_94ed050000461d24\mshtml.dll
[7] 2009-12-19 . 96990605689B601287D4A83DD2B05F0B . 5962240 . . [8.00.7600.20600] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_95221452001e7818\mshtml.dll
[7] 2009-12-19 . 6EE36579E69E37D2AB2926A40B16DBB3 . 5961728 . . [8.00.7600.16490] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_94372654e749d6a0\mshtml.dll
[7] 2009-11-19 . F8F43D14BA21CF92D16B3A16A958778B . 5958656 . . [8.00.7600.16466] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_945d97d4e72c1ad7\mshtml.dll
[7] 2009-11-19 . 31F80311F487ABA186A10E551B212573 . 5959168 . . [8.00.7600.20579] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_94df6592004f2297\mshtml.dll
[7] 2009-10-19 . 5F0851C767DE71C261283D423650FAC9 . 5958656 . . [8.00.7600.16444] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_94713718e71db047\mshtml.dll
[7] 2009-10-19 . FE1B4F611CFF0B442CEC979BE1CDDF77 . 5958656 . . [8.00.7600.20553] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_94ef03ae004452ab\mshtml.dll
[7] 2009-09-05 . 56F5053760581989A9BC7A47E916F661 . 5958656 . . [8.00.7600.16419] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16419_none_9496a84ee700db27\mshtml.dll
[7] 2009-09-05 . A89E3948B2EFC55F642FE1FE2CDA2D9E . 5958656 . . [8.00.7600.20521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20521_none_950d72de002dcc2a\mshtml.dll
[7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_9446f5cce73d3c3b\mshtml.dll
.
[-] 2013-06-12 . 24AE444B165D11835EF3D38CF3CC7FA4 . 1777664 . . [10.00.9200.20742] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_0cc294e6739f2259\wininet.dll
[-] 2013-06-11 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16521] .. c:\windows\SysWOW64\wininet.dll
[-] 2013-06-11 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16635] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_2399c6cc59f0da3f\wininet.dll
[7] 2013-05-17 . 425A20F1C6855222944BFD4FA9BE61A5 . 1777664 . . [10.00.9200.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_0cbef49073a289bb\wininet.dll
[7] 2013-05-17 . 2473CA6595A2659D7039A4A89FECA269 . 1767936 . . [10.00.9200.16611] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_2397dd0059f28df0\wininet.dll
[7] 2013-04-13 . CFE0CEE587F9CEA4C29DEEC6D85FC91C . 1766912 . . [10.00.9200.16540] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_23a608ea59e75780\wininet.dll
[7] 2013-04-05 . 5ABB3F36AF17007F33FA275E96A2C95E . 1767424 . . [10.00.9200.16576] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_23a8811859e53d4b\wininet.dll
[7] 2013-04-05 . 1D48B7F4618EE77430ACECCA1BCA88E1 . 1775616 . . [10.00.9200.20681] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223\wininet.dll
[7] 2013-03-04 . 109DD2D8F7A7A013C1A93CBA3138E532 . 982528 . . [8.00.7600.21484] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21484_none_1d02169193473fe8\wininet.dll
[7] 2013-03-02 . 6A02CB2EDC24630845D11B507952141A . 981504 . . [8.00.7600.17267] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17267_none_1c9118967a16b71a\wininet.dll
[7] 2013-03-02 . C3D43E21FA49657BC1645E9D745656C6 . 981504 . . [8.00.7601.18106] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18106_none_1eb756c0770d5f30\wininet.dll
[7] 2013-03-02 . 073488F3805ADC63DFFDDC6247DD9F4E . 982016 . . [8.00.7601.22272] .. c:\windows\SoftwareDistribution\Download\4f82ac1269400a200825300ee8b3d2c3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22272_none_1ef142ef90675d35\wininet.dll
[-] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16448] .. c:\windows\erdnt\cache86\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
[7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
[7] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
[7] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
[7] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
[7] 2010-06-30 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
[7] 2010-05-21 . ABE73A2F762A74B6AD2C9BE636915595 . 977920 . . [8.00.7600.16596] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll
[7] 2010-05-21 . 5FF3118C688D43ED77DEADC6F4895EF9 . 980480 . . [8.00.7600.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll
[7] 2010-02-23 . 99A6F1253A886C4A9C1F8E1822B10A80 . 977920 . . [8.00.7600.16535] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
[7] 2010-02-23 . 0962CB2A9E6B4363C74249A4A5CCDBBF . 980480 . . [8.00.7600.20651] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
[7] 2009-12-19 . 23587164011EC849E58E229ABC49E239 . 977920 . . [8.00.7600.20600] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll
[7] 2009-12-19 . F1C359CE656BD76F90E0E6C4BC04A4BE . 977920 . . [8.00.7600.16490] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AC02E217-6E13-4F14-9BAC-D7BA27C1E912}]
2013-06-19 21:53 1359672 ----a-w- c:\progra~2\STICKY~1\spIEBho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{AC02E217-6E13-4F14-9BAC-D7BA27C1E912}"= "c:\progra~2\STICKY~1\spIEBho.dll" [2013-06-19 1359672]
.
[HKEY_CLASSES_ROOT\clsid\{ac02e217-6e13-4f14-9bac-d7ba27c1e912}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-11-09 366576]
"StickyPassword"="c:\program files (x86)\Sticky Password\stpass.exe" [2013-06-19 8136504]
"xwidget"="c:\program files (x86)\XWidget\xwidget.exe" [2013-04-16 1799680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Sticker"="c:\program files (x86)\Sticker\Sticker.exe" [2010-10-04 139264]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2013-07-22 17289640]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Uninstall LastPass RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid [email protected] [2012-12-8 14794312]
.
c:\users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-2-18 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files (x86)\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RoxLiveShare10;LiveShare P2P Server 10; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 STGMFEngine64;Steganos RAM Disk Engine 64 Bit [Driver];c:\windows\system32\drivers\STGMFEngine64.sys;c:\windows\SYSNATIVE\drivers\STGMFEngine64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe;c:\windows\SYSNATIVE\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 SpotfluxUpdateService;Spotflux Update Service;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe [x]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler64.exe;c:\windows\SYSNATIVE\STGRAMDiskHandler64.exe [x]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant =
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-23 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-06-23 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-04 15:27; {E4091D66-127C-11DB-903A-DE80D2EFDFE8}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF - ExtSQL: 2013-07-04 17:38; {E10A6337-382E-4FE6-96DE-936ADC34DD04}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
FF - ExtSQL: 2013-07-04 21:45; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-04 22:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-13 14:34; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-07-25 22:04; {5B52016C-D097-4aec-BE61-9F129D8FDDBA}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
FF - ExtSQL: 2013-07-27 22:09; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-04 22:28; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-05 16:39; Stratifor[email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-07 20:01; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-08-07 20:01; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-08-07 20:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-07 20:01; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: 2013-08-09 13:46; [email protected]; c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-12-08 21:41; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\3d559b07-551d-406d-a932-1b54bc57da14]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"16vokl5vmx5vz"=hex:34,36,63,34,30,63,64,62,2d,34,63,31,62,2d,34,61,39,33,2d,
38,30,63,64,2d,62,61,64,39,31,37,33,65,65,34,32,63
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2013-08-22 13:30:57 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-22 18:30
ComboFix2.txt 2013-08-21 17:38
ComboFix3.txt 2013-08-20 18:07
ComboFix4.txt 2013-08-13 00:45
.
Pre-Run: 191,241,191,424 bytes free
Post-Run: 191,160,774,656 bytes free
.
- - End Of File - - C2B4DC7BBDC1290564B5D29B2536FF30
A36C5E4F47E84449FF07ED3517B43A31



Farbar Service Scanner Version: 18-08-2013
Ran by RIGO (administrator) on 22-08-2013 at 13:53:01
Running from "C:\Users\RIGO\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



MiniToolBox by Farbar Version: 13-07-2013
Ran by RIGO (administrator) on 22-08-2013 at 14:02:42
Running from "C:\Users\RIGO\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=;ftp=;https=;

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type",

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Disconnected)
Spotflux Virtual Network Device Driver = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/22/2013 01:14:24 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/22/2013 00:21:04 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/21/2013 00:58:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (08/21/2013 00:56:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (08/21/2013 00:22:00 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/21/2013 00:09:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (08/21/2013 11:45:58 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/20/2013 00:50:28 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/20/2013 00:02:51 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/19/2013 01:01:39 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/22/2013 01:33:38 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/22/2013 01:12:46 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2

Error: (08/22/2013 01:11:59 PM) (Source: Service Control Manager) (User: )
Description: The Steganos Volatile Disk service did not shut down properly after receiving a preshutdown control.

Error: (08/22/2013 01:11:27 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/22/2013 01:07:14 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/22/2013 01:02:40 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/22/2013 01:02:40 PM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (08/22/2013 00:19:27 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2

Error: (08/21/2013 01:06:41 PM) (Source: Service Control Manager) (User: )
Description: The Steganos Volatile Disk service did not shut down properly after receiving a preshutdown control.

Error: (08/21/2013 00:20:21 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/22/2013 01:14:24 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2013 00:21:04 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:58:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.

Error: (08/21/2013 00:56:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.

Error: (08/21/2013 00:22:00 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:09:04 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.

Error: (08/21/2013 11:45:58 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 00:50:28 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 00:02:51 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:01:39 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-08-12 19:30:05.476
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-12 19:30:05.323
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-11 17:29:41.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 17:29:41.342
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 17:29:15.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 17:29:15.222
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 17:29:09.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 17:29:09.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 17:29:04.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 17:29:03.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 1.2.0)
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AC3Filter 2.5b (Version: 2.5b)
AccuWeather.com Stratus (Version: 1.1)
Adobe AIR (Version: 3.6.0.6090)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Stock Photos 1.0 (Version: 001.000.000)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Aiseesoft Media Converter Ultimate 6.3.58 (Version: 6.3.58)
AntiLogger
AntiLogger (Version: 1.9.3.500)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATT-PRT22
AVS Audio Recorder version 4.0 (Version: 4.0.1.21)
Bass Audio Decoder (remove only)
Blaine's Bloom/Negative Effects (Version: 1.0.0)
Blaine's Bubble Warp Effect (Version: 1.0.0)
Blaine's Custom Blends (Translucency and Compositing) (Version: 1.0.0)
Blaine's Letterbox Effects (Version: 1.0.3)
Blaine's Paint Splat Titles (Version: 1.0)
Blaine's Transition Pack 1 (Circle Stretch, Push, Zoom Blur) (Version: 1.0.3)
Blaine's Transition Pack 2 (MultiSlide) (Version: 1.0.1)
Blaine's Transition Pack 3 (Paper Fold) (Version: 1.0.2)
Blaine's Transition Pack 4 (Twist) (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 4.04)
CD Audio Reader Filter (remove only)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertHelper 2.2
Copy (Version: 130.0.428.000)
D3DX10 (Version: 15.4.2368.0902)
DCoder Image Source (remove only)
Dell Dock (Version: 1.0.0)
Dell Driver Download Manager - 1 (Version: 3.0.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
DELL0604 (Version: 1.0.0)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
Digital Photo Software FotoMix 8.0 (Version: 8.0)
DirectVobSub (remove only)
DocProc (Version: 13.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DPL 2D Geometrical Deformation Effects for Vista MM
DPL 3D Cube RotateB Transitions for Vista MM
DPL Flashing TFX for Vista MM
DPL Whirl Pinch TFX for Vista MM
Dream Aquarium 1.234 (Version: 1.234)
DScaler 5 Mpeg Decoders
EDocs
F300 (Version: 130.0.365.000)
F300_Help (Version: 82.0.242.000)
F300Trb (Version: 82.0.242.000)
Facebook Plug-In
FastStone Image Viewer 4.6 (Version: 4.6)
Fax (Version: 130.0.418.000)
ffdshow v1.2.4453 [2012-05-21] (Version: 1.2.4453.0)
FFMPEG Core Files (remove only)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Fix-It (Version: 11.2.24.1)
FlashPeak SlimBoat (Version: 1.1.29)
Free Studio version 2013 (Version: 6.1.8.725)
Freemake Music Box (Version: 1.0.0)
GOM Player (Version: 2.1.50.5145)
Google Gmail Notifier
Google Talk Plugin (Version: 2.8.7.6830)
GPBaseService2 (Version: 130.0.371.000)
GPL Ghostscript (Version: 9.06)
Hanso Recorder (Version: 2.5.0.0)
Hardwipe 2.0.0 (Version: 2.0.0)
honestech VHS to DVD 3.0 SE (Version: 3.0)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Print Diagnostic Utility (Version: 1.51.0000)
HP Product Detection (Version: 9.7.2)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.006.003)
HPPhotoGadget (Version: 130.0.282.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
IncrediMail (Version: 6.3.9.5245)
IncrediMail 2.0 (Version: 6.3.9.5245)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Internet Explorer (Enable DEP)
Junk Mail filter update (Version: 15.4.3502.0922)
KC Softwares KCleaner
Keyboard Image Viewer 1.5.3
K-Lite Mega Codec Pack 8.0.0 (Version: 8.0.0)
LAV Filters (remove only)
LAV Filters 0.53.2 (Version: 0.53.2)
LightScribe Applications (Version: 1.18.15.1)
LightScribe System Software (Version: 1.18.19.1)
LightScribe Template Designs - Athletic Pack 1 (Version: 1.15.0.0)
LightScribe Template Designs - Bonus Pack 1 (Version: 1.17.0.0)
LightScribe Template Designs - Celebration Pack 1 (Version: 1.17.0.0)
LightScribe Template Designs - Floral Pack 1 (Version: 1.15.0.0)
LightScribe Template Designs - Kickin It Pack 1 (Version: 1.17.0.0)
LightScribe Template Designs - Life Events Pack 1 (Version: 1.17.146.0)
LightScribe Template Designs - Nature Pack 1 (Version: 1.17.0.0)
LightScribe Template Designs - Seasonal Pack 1 (Version: 1.15.0.0)
LightScribe Template Designs - Special Occasion Pack 1 (Version: 1.10.19.1)
LightScribe Template Designs - Tattoo Pack 1 (Version: 1.13.0.0)
LightScribe Template Designs - Tribal Pack 1 (Version: 1.15.0.0)
LightScribe Template Labeler (Version: 1.18.15.1)
LiveReg (Symantec Corporation) (Version: 2.0.0.963)
LiveUpdate 1.6 (Symantec Corporation)
LiveUpload to Facebook (Version: 3.2.3.0)
MadVR (remove only)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Windows Media Video 9 VCM
Microsoft Works (Version: 08.05.0818)
Microsoft Works (Version: 9.7.0621)
Microsoft Works Suite Add-in for Microsoft Word (Version: 8.0.0.0000)
Modem Diagnostic Tool (Version: 1.0.24.0)
Move Media Player
Movie Maker 6.0 for Windows 7 (64-bit) (Version: 6.0.0)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 21.0)
MPEG2 Codec(libmpeg2/mad)
MS Access 97 SP2
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NetWaiting (Version: 2.5.53)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
Next Generation Visualisations (Version: 1.0.0)
Nitro Reader 3 (Version: 3.5.2.10)
novaPDF Standard Desktop 7.4 printer
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Octoshape add-in for Adobe Flash Player
OpenOffice 4.0.0 (Version: 4.00.9702)
OpenOffice.org 3.4.1 Language Pack (Spanish) (Version: 3.41.9593)
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only) (Version: 1.0.0.5)
PhoneTray Free (Version: 1.34)
Photo Story 3 for Windows (Version: 3.0.1115.11)
PhotoScape
Pixpedia Publisher 3.6.2
Premiumplay Codec-C (Version: 1.6.146.147)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0175)
RehanFX Shader Transitions and Effects (ShaderTFX) (Version: 1.0.34)
Revo Uninstaller 1.95 (Version: 1.95)
Scan (Version: 140.0.77.000)
Scanitto (Version: 1.22.0.0)
ShaderTFX version 1.1
Shark Water World 3D Screensaver (Version: 1.5.3.3)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.6 (Version: 6.6.106)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotflux (Version: 2.9.11)
Status (Version: 130.0.469.000)
Sticker version 1.0 (Version: 1.0)
Sticky Password 6.0.11.449 (Version: 6.0)
Streaming Video Downloader 6.0 (Version: 6.0)
Surf Anonymous Free (Version: 2.3.1.6)
Swifturn Free Audio Editor 8.2.1
swMSM (Version: 12.0.0.1)
Talking Desktop Clock 1.2 (Version: 1.2.1.97)
TBS WMP Plug-in (Version: 1.00.676)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV (Version: 0.9.19)
WebM Project Directshow Filters
WebReg (Version: 130.0.132.017)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPcap 4.1.2 (Version: 4.1.0.2001)
Works Upgrade (Version: 8.0.0.0000)
XML Adder (Version: 1.0.0)
XnView 2.00 (Version: 2.00)
XWidget Ver1.83

========================= Devices: ================================

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 4085.18 MB
Available physical RAM: 2867.12 MB
Total Pagefile: 8168.54 MB
Available Pagefile: 7057.76 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.07 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:178.12 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.15 GB) NTFS
8 Drive j: (UNTITLED) (Removable) (Total:7.4 GB) (Free:7.36 GB) FAT32

========================= Users: ========================================

User accounts for \\PC

Administrator Guest PrivacyOptimizerFP
RIGO

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

#27
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

ok, here the first three logs. I have a quesrion on the last scanning. When the black command promp window comes up. the promp is on c:\users\rigo and not on c:\windows\system32 like in your postin #23. does it matter where do I run it from? now the logs..........


If you right-click the Command Prompt icon and select Run As Administrator it should come up as shown.
  • 0

#28
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
I right clicked command promp three times and still opens on c:\users\rigo. can I just change it manually? I'll have to do it tomorrow........

thank you
  • 0

#29
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
As long as it's opened as administrator you should be able to just type "sfc /scannow" at the prompt

If you'd like you can manually change by typing "cd\windows\system32" and "sfc /scannow"
  • 0

#30
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, I had to change directories manually, as administrator. do you need the log? I found a log on the second link provided in the result. here it is....



"Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP