Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Crashing after Cleaning a lot of Malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 Sitrucz

Sitrucz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Irwin, PA
  • Local time:01:15 PM

Posted 15 July 2015 - 08:02 PM

I ran frst64, rkill, mbam, tdskiller, Kaspersky kvrt, adswt, jrt.  Malware is gone but IE crashes periodically especially on www.msn.com.

 

My original scans are attached as well with the malware before cleaning.

Attached Files


Edited by Sitrucz, 15 July 2015 - 08:04 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 PM

Posted 17 July 2015 - 08:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

Task: {392B9F1B-9658-41F7-AFD1-307DB50259E3} - \WordSurfer Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
Task: {7E53D741-2CE4-4DD8-93AD-82091ACB0AD4} - System32\Tasks\STUAYCQHXY1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {B502AE21-BEB7-451A-8E28-4050B2B58EFB} - \WordSurfer Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: C:\Windows\Tasks\STUAYCQHXY1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#3 Sitrucz

Sitrucz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Irwin, PA
  • Local time:01:15 PM

Posted 17 July 2015 - 01:30 PM

Hi nasdaq, thanks for taking time to review my post.  I had previously did a fixlist on my own with anything that had attention next to it but here is the log after running your script.  I also reset IE and cleared my cache.  Please see below for additional questions that I have.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Alexander at 2015-07-17 14:09:46 Run:2
Running from C:\Users\Alexander\Desktop\Bleeping
Loaded Profiles: Alexander (Available Profiles: Alexander)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

EmptyTemp:
CloseProcesses:

Task: {392B9F1B-9658-41F7-AFD1-307DB50259E3} - \WordSurfer Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
Task: {7E53D741-2CE4-4DD8-93AD-82091ACB0AD4} - System32\Tasks\STUAYCQHXY1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {B502AE21-BEB7-451A-8E28-4050B2B58EFB} - \WordSurfer Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: C:\Windows\Tasks\STUAYCQHXY1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION

End

*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{392B9F1B-9658-41F7-AFD1-307DB50259E3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E53D741-2CE4-4DD8-93AD-82091ACB0AD4} => key not found.
C:\Windows\System32\Tasks\STUAYCQHXY1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\STUAYCQHXY1 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B502AE21-BEB7-451A-8E28-4050B2B58EFB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found.
C:\Windows\Tasks\STUAYCQHXY1.job not found.
EmptyTemp: => 620.1 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 14:10:02 ====

 

My pc is running great and I haven't had  crash since 7/15 but wanted to make sure the malware didn't replace mshtml.dll.  Can you review the crash logs below and advise on next steps?

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by Alexander (administrator) on 17-07-2015 at 14:22:44
Running from "C:\Users\Alexander\Desktop\Bleeping"
Microsoft Windows 8.1  (X64)
Model: HP ENVY 17 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/17/2015 08:27:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000409
Fault offset: 0x00093524
Faulting process id: 0xb78
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3
Faulting package full name: PSIA.exe4
Faulting package-relative application ID: PSIA.exe5

Error: (07/17/2015 08:06:13 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Apple Application Support -- A later version of Apple Application Support is already installed on this computer.

Error: (07/17/2015 08:05:13 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Apple Mobile Device Support -- This Apple Mobile Device Support installer is intended for 32-bit versions of Windows. Please download and install the 64-bit Apple Mobile Device Support installer instead.

Error: (07/17/2015 07:42:04 AM) (Source: Application Error) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000409
Fault offset: 0x00093524
Faulting process id: 0x1750
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3
Faulting package full name: PSIA.exe4
Faulting package-relative application ID: PSIA.exe5

Error: (07/16/2015 03:35:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (07/15/2015 09:19:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x320
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (07/15/2015 08:43:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25
Exception code: 0xc0000005
Fault offset: 0x002dcad5
Faulting process id: 0x1140
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/15/2015 05:02:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: OPBHOBrokerDsktop.exe, version: 8.0.1.27, time stamp: 0x542672b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1154
Faulting application start time: 0xOPBHOBrokerDsktop.exe0
Faulting application path: OPBHOBrokerDsktop.exe1
Faulting module path: OPBHOBrokerDsktop.exe2
Report Id: OPBHOBrokerDsktop.exe3
Faulting package full name: OPBHOBrokerDsktop.exe4
Faulting package-relative application ID: OPBHOBrokerDsktop.exe5

Error: (07/15/2015 04:51:37 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.

Program: Internet Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (07/15/2015 04:51:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25
Exception code: 0xc000001d
Fault offset: 0x004cf1d2
Faulting process id: 0x434
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (07/17/2015 02:10:30 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (07/17/2015 02:10:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/17/2015 02:10:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/17/2015 02:10:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/17/2015 02:10:18 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/17/2015 02:09:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/17/2015 02:09:48 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2015 02:09:48 PM) (Source: Service Control Manager) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2015 02:09:48 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/17/2015 02:09:48 PM) (Source: Service Control Manager) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (07/17/2015 08:27:34 AM) (Source: Application Error)(User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000040900093524b7801d0c08b69f01a04C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe3342a5b4-2c7f-11e5-8271-acfdce3e8374

Error: (07/17/2015 08:06:13 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Apple Application Support -- A later version of Apple Application Support is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/17/2015 08:05:13 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Apple Mobile Device Support -- This Apple Mobile Device Support installer is intended for 32-bit versions of Windows. Please download and install the 64-bit Apple Mobile Device Support installer instead.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/17/2015 07:42:04 AM) (Source: Application Error)(User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000040900093524175001d0c0855dd803adC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exed7a54322-2c78-11e5-8270-acfdce3e8374

Error: (07/16/2015 03:35:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Alexander\AppData\Local\Temp\IDC2.tmp\ESETSmartInstaller.exe

Error: (07/15/2015 09:19:16 PM) (Source: Application Error)(User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f32001d0bf656c9817c7C:\Windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dllac4d1bb9-2b58-11e5-826e-acfdce3e8374WAGmob.KeyboardShortcutsforMSOffice2013-simpleNeas_1.5.0.0_neutral__cjas0z9z8ytxmApp

Error: (07/15/2015 08:43:08 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.179245595ab25c0000005002dcad5114001d0bf60586e369bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dlla0843169-2b53-11e5-826e-acfdce3e8374

Error: (07/15/2015 05:02:21 PM) (Source: Application Error)(User: )
Description: OPBHOBrokerDsktop.exe8.0.1.27542672b7unknown0.0.0.000000000c00000050000000000000000115401d0bf3e7fde8469C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exeunknownc83324a1-2b34-11e5-826e-acfdce3e8374

Error: (07/15/2015 04:51:37 PM) (Source: Application Error)(User: )
Description: Internet Explorer000000000

Error: (07/15/2015 04:51:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.179245595ab25c000001d004cf1d243401d0bf4001f9058cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dll489f1b4b-2b33-11e5-826e-acfdce3e8374

**** End of log ****

 

I look forward to your response.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 PM

Posted 18 July 2015 - 07:08 AM

Lets check your mshtml.dll version being used.

Please run the Farbar Recovery Scan Tool. Enter mshtml.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#5 Sitrucz

Sitrucz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Irwin, PA
  • Local time:01:15 PM

Posted 18 July 2015 - 07:48 AM

Here are the search results as requested.

 

 

Farbar Recovery Scan Tool (x64) Version:18-07-2015
Ran by Alexander at 2015-07-18 08:45:59
Running from C:\Users\Alexander\Desktop\Bleeping
Boot Mode: Normal

================== Search Files: "mshtml.dll" =============

C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17924_none_21163f9d39b4ddc7\mshtml.dll
[2015-07-15 11:58][2015-07-02 17:21] 19877376 ____A (Microsoft Corporation) 116F506573B59B85CD0DC18527E9951A [File is signed]

C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17905_none_2114284139b6c4ba\mshtml.dll
[2015-07-15 11:58][2015-07-17 05:47] 3776477 ____A () 30F0A1A3419A7DDAB86CEE5699D6B08A

C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17842_none_21233dad39aac142\mshtml.dll
[2015-06-27 07:34][2015-07-17 05:46] 3800675 ____A () DD422F2F1099C2BE90680B75EF932560

C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17416_none_214b215f398d6bfd\mshtml.dll
[2015-06-27 08:05][2015-07-09 09:35] 3396381 ____A () 0BCF6BD583DC2CBBCDF6597C7265FF67

C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17351_none_215a645b39813543\mshtml.dll
[2014-11-12 04:16][2015-07-08 18:13] 4750628 ____A () 77AE346B3B217BE4429E1650DDBC5C4F

C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17924_none_16c1954b05541bcc\mshtml.dll
[2015-07-15 11:58][2015-07-02 16:49] 25193984 ____A (Microsoft Corporation) D74E2BE157B8A2A9CF29BEBB052B8A42 [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17905_none_16bf7def055602bf\mshtml.dll
[2015-07-15 11:58][2015-07-17 05:38] 4641315 ____A () 77E47A0E5933F2EBAD9A40326F1615B9

C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17842_none_16ce935b0549ff47\mshtml.dll
[2015-06-27 07:34][2015-07-17 05:38] 4696350 ____A () DC617B76D845547B8A5301E9A78DBDD6

C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17416_none_16f6770d052caa02\mshtml.dll
[2015-06-27 08:05][2015-07-02 08:39] 4183005 ____A () 218CF496840E857396657A87FA1D0D37

C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17351_none_1705ba0905207348\mshtml.dll
[2014-11-12 04:16][2015-07-02 08:38] 5794340 ____A () EE68A7204DBDFF82DA23EDBFFC6DFBC3

C:\Windows\SysWOW64\mshtml.dll
[2015-07-15 11:58][2015-07-02 17:21] 19877376 ____A (Microsoft Corporation) 116F506573B59B85CD0DC18527E9951A [File is signed]

C:\Windows\System32\mshtml.dll
[2015-07-15 11:58][2015-07-02 16:49] 25193984 ____A (Microsoft Corporation) D74E2BE157B8A2A9CF29BEBB052B8A42 [File is signed]

====== End of Search ======

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 PM

Posted 18 July 2015 - 01:47 PM

C:\Windows\SysWOW64\mshtml.dll
[2015-07-15 11:58][2015-07-02 17:21] 19877376 ____A (Microsoft Corporation) 116F506573B59B85CD0DC18527E9951A [File is signed]
C:\Windows\System32\mshtml.dll
[2015-07-15 11:58][2015-07-02 16:49] 25193984 ____A (Microsoft Corporation) D74E2BE157B8A2A9CF29BEBB052B8A42 [File is signed]


The file ins service look good.

I do not have a windows 8 to check the files.

You can always check in the Windows 8 forurm if you have any difficulties.

http://www.bleepingcomputer.com/forums/f/209/windows-8-and-windows-81/

#7 Sitrucz

Sitrucz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Irwin, PA
  • Local time:01:15 PM

Posted 18 July 2015 - 03:55 PM

Thanks for your help my issue is now solved.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 PM

Posted 19 July 2015 - 07:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users