Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS_PROBE_FINISHED_NXDOMAIN and dnsapi.dll issue


  • This topic is locked This topic is locked
21 replies to this topic

#1 oo_nrb

oo_nrb

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 12 December 2015 - 12:42 AM

Hello all!
 
A friend is having a very similar issue to the one presented in this thread: http://www.bleepingcomputer.com/forums/t/593591/dns-probe-finished-nxdomain-no-browers-work/ Specifically, no browsers will work despite the computer saying it is connected to the internet. I have also attempted all the fixes listed in the other thread, but have not yet resolved the issue. I discovered that dnsapi.dll was missing and I attempted to replace it with a clean copy, but no luck yet. Any help would be appreciated! Below is the FRST log and attached is the Addition log. Thanks all!
 
- Morgan
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Victoria (administrator) on ADORA (11-12-2015 21:24:13)
Running from C:\Users\Victoria\Desktop
Loaded Profiles: Victoria (Available Profiles: Victoria)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Flux Software LLC) C:\Users\Victoria\AppData\Local\FluxSoftware\Flux\flux.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862952 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1734544 2015-11-12] (APN)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Run: [SkyDrive] => C:\Users\Victoria\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251080 2014-06-20] (Microsoft Corporation)
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Run: [Google+ Auto Backup] => C:\Users\Victoria\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Run: [f.lux] => C:\Users\Victoria\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\MountPoints2: {cc6017de-11c0-11e5-bf06-c8f733a372e8} - "D:\HPLauncher.exe" 
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-05-08]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{313B4A57-DBAC-45C2-98B9-643CC508F162}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll No File
URLSearchHook: HKU\S-1-5-21-2244597984-4034010952-76280779-1001 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {1507BD6A-AA30-43EA-AD02-1CB646015E92} URL = 
SearchScopes: HKU\S-1-5-21-2244597984-4034010952-76280779-1001 -> {1507BD6A-AA30-43EA-AD02-1CB646015E92} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-11-03] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: MixiDJ V30 Toolbar -> {1122b43d-30ee-403f-9bfa-3cc99b0caddd} -> C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-11-03] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll No File
Toolbar: HKU\S-1-5-21-2244597984-4034010952-76280779-1001 -> No Name - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\chq7znx5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll [2014-06-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-06-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2244597984-4034010952-76280779-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Victoria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\chq7znx5.default\user.js [2014-06-21]
FF Extension: Webroot Password Manager - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\chq7znx5.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2013-12-11] [not signed]
FF Extension: Adblock Plus - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\chq7znx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
FF HKLM-x32\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com => not found
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-11-03]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=112050&tt=3012_3&babsrc=HP_ss&mntrId=9acf869c000000000000ac8112593383"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Missing e) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2014-08-20]
CHR Extension: (YouTube) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Stylish) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Ponify) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpjljegae [2014-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-11-13]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-11-13]
CHR HKU\S-1-5-21-2244597984-4034010952-76280779-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-11-13]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-11-13]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-05-08] (Adobe Systems) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198544 2015-11-12] (APN LLC.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-08] (Samsung Electronics CO., LTD.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-17] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [7369632 2012-08-27] (Wacom Technology, Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-01-29] (Windows ® 2003 DDK 3790 provider)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [43600 2015-11-03] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S1 ssnfd; system32\drivers\ssnfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 21:21 - 2015-12-11 21:21 - 00003167 _____ C:\Users\Victoria\Desktop\Search.txt
2015-12-11 21:16 - 2015-12-11 21:16 - 00000834 _____ C:\Users\Victoria\Desktop\Fixlog.txt
2015-12-11 20:59 - 2015-12-11 20:59 - 00026368 _____ C:\Users\Victoria\Desktop\Addition.txt
2015-12-11 20:58 - 2015-12-11 21:24 - 00033251 _____ C:\Users\Victoria\Desktop\FRST.txt
2015-12-11 20:58 - 2015-12-11 20:12 - 02369024 _____ (Farbar) C:\Users\Victoria\Desktop\FRST64.exe
2015-12-11 20:58 - 2015-07-10 03:00 - 00680256 _____ (Microsoft Corporation) C:\Users\Victoria\Desktop\dnsapi.dll
2015-12-11 20:57 - 2015-12-11 21:21 - 00000000 ____D C:\FRST
2015-12-11 20:50 - 2015-12-11 20:50 - 00072588 _____ C:\Users\Victoria\Desktop\sfcdetails.txt
2015-12-11 19:52 - 2015-12-11 19:52 - 00000000 ____D C:\WINDOWS\pss
2015-11-11 16:25 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 16:25 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 16:25 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 16:25 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 16:25 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 16:25 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 16:25 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 16:25 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 16:25 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 16:25 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 16:25 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 16:25 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 16:25 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 16:25 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 16:25 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 16:25 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 16:25 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 16:25 - 2015-09-12 05:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 16:25 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 16:25 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 16:25 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 16:25 - 2015-03-19 19:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-11-11 16:25 - 2015-01-28 17:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-11-11 16:23 - 2015-10-17 06:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 16:23 - 2015-10-14 15:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 16:23 - 2015-10-14 15:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 16:23 - 2015-10-14 15:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 16:23 - 2015-10-14 15:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 16:23 - 2015-10-14 15:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 16:22 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 16:22 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 16:22 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 16:22 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 16:22 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 16:22 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 16:22 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 16:22 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 16:22 - 2015-10-20 13:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 16:22 - 2015-10-20 06:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 16:22 - 2015-10-20 06:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 16:22 - 2015-10-20 06:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 16:22 - 2015-10-20 06:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 16:22 - 2015-10-20 06:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 16:22 - 2015-10-20 06:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 16:22 - 2015-10-20 06:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 16:22 - 2015-10-20 06:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 16:22 - 2015-10-20 06:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 16:22 - 2015-10-20 06:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 16:22 - 2015-10-20 06:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 16:21 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 16:21 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 16:21 - 2015-10-30 14:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 16:21 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 16:21 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 16:21 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 16:21 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 16:21 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 16:21 - 2015-10-30 14:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 16:21 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 16:21 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 16:21 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 16:21 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 16:21 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 16:21 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 16:20 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 16:20 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 16:05 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 16:05 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 16:05 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 16:05 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 16:05 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 16:05 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 16:05 - 2014-11-10 10:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 21:24 - 2013-09-29 20:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 21:24 - 2013-04-28 13:38 - 00000000 ___DO C:\Users\Victoria\SkyDrive
2015-12-11 21:21 - 2013-04-29 11:06 - 00000000 ____D C:\ProgramData\WRData
2015-12-11 21:20 - 2013-04-28 13:39 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 21:19 - 2013-10-18 12:49 - 00000766 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-12-11 21:19 - 2013-10-18 12:44 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2015-12-11 21:19 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 21:19 - 2013-04-28 14:49 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2015-12-11 20:59 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-11 19:59 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-11 19:55 - 2013-08-22 05:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-11 00:48 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-11 00:36 - 2013-08-24 23:14 - 00000000 ____D C:\Users\Victoria\AppData\Local\ElevatedDiagnostics
2015-12-11 00:35 - 2013-04-29 11:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2244597984-4034010952-76280779-1001
2015-12-11 00:35 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-11 00:30 - 2013-10-18 12:47 - 00000000 ____D C:\Users\Victoria
2015-12-11 00:28 - 2013-10-18 12:45 - 00017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2015-12-11 00:28 - 2013-10-18 12:44 - 00029304 _____ C:\WINDOWS\system32\wpbbin.exe
2015-12-11 00:28 - 2013-10-18 12:44 - 00017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2015-12-11 00:27 - 2013-08-22 07:36 - 00000000 __RSD C:\WINDOWS\Media
2015-12-11 00:27 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-11 00:27 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-11 00:27 - 2013-04-29 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-12-11 00:27 - 2013-04-29 11:06 - 00000000 ____D C:\Program Files\Webroot
2015-12-11 00:27 - 2013-04-28 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-11 00:27 - 2012-10-15 19:01 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2015-12-11 00:26 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\registration
2015-12-11 00:25 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-11 00:07 - 2013-08-15 08:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-05 23:32 - 2014-01-25 22:51 - 00000000 ____D C:\Users\Victoria\Documents\Outlook Files
2015-12-05 22:11 - 2013-04-28 13:39 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 22:06 - 2013-04-28 13:39 - 00003890 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 22:06 - 2013-04-28 13:39 - 00003654 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 07:10 - 2013-04-28 14:44 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-23 20:34 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-23 16:18 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-23 16:17 - 2013-04-28 14:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-20 06:43 - 2013-08-02 08:03 - 00170760 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-11-20 06:43 - 2013-08-02 08:03 - 00105888 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-11-20 06:34 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-20 06:29 - 2013-04-28 13:35 - 00000000 ____D C:\Users\Victoria\AppData\Local\Packages
2015-11-17 21:20 - 2013-11-07 21:22 - 00000000 ___RD C:\Users\Victoria\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2015-11-16 17:02 - 2013-04-30 12:51 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-14 14:55 - 2013-08-22 06:44 - 00482552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-14 14:54 - 2013-10-26 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-12 22:47 - 2013-08-22 07:36 - 00000000 ___RD C:\WINDOWS\ToastData
 
==================== Files in the root of some directories =======
 
2013-04-29 11:07 - 2013-12-11 10:07 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-06-21 11:54 - 2014-06-21 11:54 - 0005900 _____ () C:\Users\Victoria\AppData\Local\recently-used.xbel
2015-05-29 11:59 - 2015-05-29 11:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-03 22:09 - 2013-02-21 15:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-09-03 22:09 - 2013-01-12 22:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-07 17:21
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Victoria (2015-12-11 20:59:30)
Running from C:\Users\Victoria\Desktop
Windows 8.1 (X64) (2013-10-18 20:55:32)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2244597984-4034010952-76280779-500 - Administrator - Disabled)
Guest (S-1-5-21-2244597984-4034010952-76280779-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2244597984-4034010952-76280779-1003 - Limited - Enabled)
Victoria (S-1-5-21-2244597984-4034010952-76280779-1001 - Administrator - Enabled) => C:\Users\Victoria

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Location Sensor (HKLM\...\{65EF3DC4-4916-4BA7-BE43-DF85CD46E8C9}) (Version: 19.14.3352.4 - Broadcom Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare USB-X64 11.7.0.414_WHQL (HKLM\...\Elantech) (Version: 11.7.0.414 - ELAN Microelectronic Corp.)
f.lux (HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Flux) (Version: - )
Free Torrent Opener (HKLM-x32\...\Free Torrent Opener) (Version: 1.0.0.1 - Free Torrent Opener)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
ISD Tablet (HKLM\...\ISD Tablet Driver) (Version: 7.1.0-1 - Wacom Technology Corp.)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Mendeley Desktop 1.12.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.2 - Mendeley Ltd.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MixiDJ V30 Toolbar (HKLM-x32\...\MixiDJ_V30 Toolbar) (Version: 6.12.0.11 - MixiDJ V30) <==== ATTENTION
MKV File Player (HKLM-x32\...\{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1) (Version: - mkvfileplayer.com)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon: Deluxe (HKLM-x32\...\Steam App 285310) (Version: - Chris Sawyer Productions)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
Search Protect by conduit (HKLM-x32\...\SearchProtect) (Version: 1.5.0.71 - Conduit) <==== ATTENTION
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C2500}) (Version: 12.37.0.350 - APN, LLC)
Should I Remove It (HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2900 - DTS, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
User Guide (HKLM-x32\...\{9478AFCC-24F7-4C90-9B82-D1083226C73E}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.6.18 - Webroot)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (08/01/2012 6.5.6.0) (HKLM\...\56388900DF6ED8D371C914DF3F1452822BEF9160) (Version: 08/01/2012 6.5.6.0 - Silicon Laboratories)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-12-2015 22:38:02 Scheduled Checkpoint
10-12-2015 16:28:44 Windows Update
11-12-2015 00:23:51 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021A8E29-6AE7-42B7-9C46-32FEA7EE844F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
Task: {39E6A26A-AC05-4848-ADED-BC77AA0F8E43} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {C8689607-76F0-4043-A777-0AAE56B038FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D6AB3979-E50B-4A14-9C1F-D10F2D747A57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-16] (Microsoft Corporation)
Task: {D79CF71E-64EF-4DEC-AA87-69D71B092075} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {DED1AA01-B4E7-4C3A-834E-5439C6771E61} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {E1BD84E6-87F5-4B1A-A31B-B32C1304FDDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E71D574C-22D5-4E9A-A09E-C9DAA1895C39} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-08] (Samsung Electronics CO., LTD.)
Task: {F1233B8A-BCAC-4ECB-B7B8-795E4812C459} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {F5386AD8-33A3-4E95-B5D4-87D387DA4028} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2244597984-4034010952-76280779-1001 => C:\Users\Victoria\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [2014-06-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-28 21:54 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SearchProtectAll"
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\StartupApproved\Run: => "SearchProtect"
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\...\StartupApproved\Run: => "Google+ Auto Backup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{CEDA31B5-E4B8-430D-A2EF-41BA9F089391}C:\program files (x86)\free torrent opener\freetorrentopener.exe] => (Allow) C:\program files (x86)\free torrent opener\freetorrentopener.exe
FirewallRules: [TCP Query User{DCF6DF60-F411-4FF6-868A-3E44365B2B94}C:\program files (x86)\free torrent opener\freetorrentopener.exe] => (Allow) C:\program files (x86)\free torrent opener\freetorrentopener.exe
FirewallRules: [{135FB1C7-0D9C-49E2-A2DB-F17194ECCA5C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{93C5D9E6-F19B-4BBC-9F3B-F650B3A4C8A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9DBA425E-2CBE-45D0-BD38-D0CF84555BA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1A874FA-04B5-456A-B97B-D76110BF193B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FE76ED66-8884-4A42-B45E-66DA461E3EDC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0AFB1028-5FB3-46B7-A472-024E60DDFF18}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{0089C2E8-B879-41C0-9DE6-C10BFE83326A}C:\windiag\bcm47511_diag_x64_r03.exe] => (Block) C:\windiag\bcm47511_diag_x64_r03.exe
FirewallRules: [TCP Query User{E7047F99-51B5-49A6-8AD7-7438077D6FA5}C:\windiag\bcm47511_diag_x64_r03.exe] => (Block) C:\windiag\bcm47511_diag_x64_r03.exe
FirewallRules: [{EFAF48E8-43ED-4ECB-B8F1-7EEA0FBAEE23}] => (Allow) LPort=1900
FirewallRules: [{AAF1E3C9-72B8-4185-8C44-3906FC9E1510}] => (Allow) LPort=2869
FirewallRules: [{FEB87514-C990-4BDD-AC41-E08873021A50}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DBC019B7-CB35-4504-9827-73948273B0FD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{66A61151-DC15-4CEE-A558-635F4D0C0B47}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{BDE61976-A2A6-4602-B0B3-C676D51ADF47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D2530F1-A6B6-49E0-844C-5C3179AC1BF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4205F802-748A-4183-BF2F-933C5640B4B2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{27A7E163-8AD9-475E-BB09-A3CFD3F06C55}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{68D7E83D-6347-4B01-A692-E02C7A24108D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{25CAC210-6017-4A1F-A847-7D923558E8A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{941C6613-518A-486D-9D66-6512A98780E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F24F695-86A2-4BF2-BB83-F34D8C4A322F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BE1C4A47-A6B8-4FF9-98CA-C5EFAA91F156}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2B0E766C-9E3A-47D6-B3B5-15945FA793EA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{132764BD-E839-401C-8590-2160F4CB883F}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{C7018BE6-03C0-49FE-B8E0-69BDBCBF979F}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F172A982-54F9-4E81-B8CA-5CCC8353E393}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2F43C1F3-89F6-4AB9-BC38-C88F7509A826}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CEC8E18F-B926-458A-AB4C-3F736CE27E8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A609826B-D9CC-456A-8B4B-EC95F65FF64D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 06:21:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x80000003
Fault offset: 0x000b8ef2
Faulting process id: 0x904
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (12/11/2015 12:52:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipconfig.exe, version: 6.3.9600.17415, time stamp: 0x545040fd
Faulting module name: DNSAPI.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000135
Fault offset: 0x00000000000ec4e0
Faulting process id: 0xf58
Faulting application start time: 0xipconfig.exe0
Faulting application path: ipconfig.exe1
Faulting module path: ipconfig.exe2
Report Id: ipconfig.exe3
Faulting package full name: ipconfig.exe4
Faulting package-relative application ID: ipconfig.exe5

Error: (12/11/2015 12:48:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ipconfig.exe, version: 6.3.9600.17415, time stamp: 0x545040fd
Faulting module name: DNSAPI.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000135
Fault offset: 0x00000000000ec4e0
Faulting process id: 0x1378
Faulting application start time: 0xipconfig.exe0
Faulting application path: ipconfig.exe1
Faulting module path: ipconfig.exe2
Report Id: ipconfig.exe3
Faulting package full name: ipconfig.exe4
Faulting package-relative application ID: ipconfig.exe5

Error: (12/11/2015 12:38:54 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (12/11/2015 12:38:54 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {734D86B6-6CA7-42CD-A814-64289EC3AA2E}

Error: (12/11/2015 12:38:54 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {734D86B6-6CA7-42CD-A814-64289EC3AA2E}

Error: (12/11/2015 12:32:40 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1524) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0345A.log.

Error: (12/11/2015 12:32:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.73, time stamp: 0x5653f7b4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x146c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (12/11/2015 12:31:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMS.exe, version: 8.1.0.1252, time stamp: 0x4fe8a1b7
Faulting module name: DNSAPI.dll, version: 6.3.9600.18007, time stamp: 0x55c4bc8e
Exception code: 0xc0000135
Fault offset: 0x0009d4f2
Faulting process id: 0x1588
Faulting application start time: 0xLMS.exe0
Faulting application path: LMS.exe1
Faulting module path: LMS.exe2
Report Id: LMS.exe3
Faulting package full name: LMS.exe4
Faulting package-relative application ID: LMS.exe5

Error: (12/11/2015 12:31:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMS.exe, version: 8.1.0.1252, time stamp: 0x4fe8a1b7
Faulting module name: DNSAPI.dll, version: 6.3.9600.18007, time stamp: 0x55c4bc8e
Exception code: 0xc0000135
Fault offset: 0x0009d4f2
Faulting process id: 0x14f4
Faulting application start time: 0xLMS.exe0
Faulting application path: LMS.exe1
Faulting module path: LMS.exe2
Report Id: LMS.exe3
Faulting package full name: LMS.exe4
Faulting package-relative application ID: LMS.exe5


System errors:
=============
Error: (12/11/2015 08:59:34 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:34 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:34 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:34 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:34 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:34 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:31 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:31 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:31 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/11/2015 08:59:31 PM) (Source: DCOM) (EventID: 10005) (User: ADORA)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 23%
Total physical RAM: 3981.54 MB
Available physical RAM: 3063.93 MB
Total Virtual: 5517.54 MB
Available Virtual: 4709.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100.99 GB) (Free:30.62 GB) NTFS
Drive d: (USB Disk) (Removable) (Total:1.87 GB) (Free:1.69 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 1DEDADFF)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 12 December 2015 - 04:27 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:43 AM

Posted 12 December 2015 - 04:36 PM

Greetings Morgan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this after booting into Safe Mode.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Search Protect by conduit
Shopping App by Ask

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Program Files (x86)\AskPartnerNetwork
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1734544 2015-11-12] (APN)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {1507BD6A-AA30-43EA-AD02-1CB646015E92} URL = 
SearchScopes: HKU\S-1-5-21-2244597984-4034010952-76280779-1001 -> {1507BD6A-AA30-43EA-AD02-1CB646015E92} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO-x32: MixiDJ V30 Toolbar -> {1122b43d-30ee-403f-9bfa-3cc99b0caddd} -> C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll => No File
Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll No File
Toolbar: HKU\S-1-5-21-2244597984-4034010952-76280779-1001 -> No Name - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} -  No File
FF user.js: detected! => C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\chq7znx5.default\user.js [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com => not found
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=112050&tt=3012_3&babsrc=HP_ss&mntrId=9acf869c000000000000ac8112593383"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-11-13]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-11-13]
CHR HKU\S-1-5-21-2244597984-4034010952-76280779-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-11-13]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-11-13]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-04-23]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198544 2015-11-12] (APN LLC.)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S1 ssnfd; system32\drivers\ssnfd.sys [X]
2015-11-11 16:25 - 2015-09-12 05:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • MiniToolBox report
  • System Summary Information
  • Update on computer performance

Edited by Oh My!, 12 December 2015 - 10:03 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 oo_nrb

oo_nrb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 13 December 2015 - 08:54 PM

Hello, thank you for your reply! I have passed along your warning about P2P programs to the computer owner. Here is the information you requested:

 

  • Did the programs uninstall?
    • Shopping App by Ask uninstalled successfully
    • Search Protect by conduit could not be uninstalled, the program may have already been uninstalled, and its entry was removed from the Add/Remove programs window.
  • Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-12-2015

Ran by Victoria (2015-12-13 16:42:54) Run:3
Running from C:\Users\Victoria\Desktop
Loaded Profiles: Victoria (Available Profiles: Victoria)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Program Files (x86)\AskPartnerNetwork
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1734544 2015-11-12] (APN)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
URLSearchHook: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {1507BD6A-AA30-43EA-AD02-1CB646015E92} URL = 
SearchScopes: HKU\S-1-5-21-2244597984-4034010952-76280779-1001 -> {1507BD6A-AA30-43EA-AD02-1CB646015E92} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO-x32: MixiDJ V30 Toolbar -> {1122b43d-30ee-403f-9bfa-3cc99b0caddd} -> C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll => No File
Toolbar: HKLM-x32 - MixiDJ V30 Toolbar - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll No File
Toolbar: HKU\S-1-5-21-2244597984-4034010952-76280779-1001 -> No Name - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} -  No File
FF user.js: detected! => C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\chq7znx5.default\user.js [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com => not found
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=112050&tt=3012_3&babsrc=HP_ss&mntrId=9acf869c000000000000ac8112593383"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-11-13]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-11-13]
CHR HKU\S-1-5-21-2244597984-4034010952-76280779-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-11-13]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-11-13]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-04-23]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198544 2015-11-12] (APN LLC.)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S1 ssnfd; system32\drivers\ssnfd.sys [X]
2015-11-11 16:25 - 2015-09-12 05:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
*****************
 
"C:\Program Files (x86)\AskPartnerNetwork" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => value removed successfully
"HKCR\Wow6432Node\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2244597984-4034010952-76280779-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1507BD6A-AA30-43EA-AD02-1CB646015E92}" => key removed successfully
HKCR\CLSID\{1507BD6A-AA30-43EA-AD02-1CB646015E92} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}" => key removed successfully
HKCR\Wow6432Node\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => value removed successfully
HKCR\Wow6432Node\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => key not found. 
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD} => value removed successfully
HKCR\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD} => key not found. 
C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\chq7znx5.default\user.js => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\search-snacks@search-snacks.com => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep => key not found. 
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx" => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca" => key removed successfully
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx" => not found.
"HKU\S-1-5-21-2244597984-4034010952-76280779-1001\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => key removed successfully
C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep => key not found. 
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx" => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca" => key removed successfully
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx" => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen" => key removed successfully
"C:\Users\Victoria\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx" => not found.
APNMCP => service not found.
SR => service removed successfully
srservice => service removed successfully
ssnfd => service removed successfully
C:\WINDOWS\system32\ApnDatabase.xml => moved successfully
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
"HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-2244597984-4034010952-76280779-1001\Software\Classes\exefile => key not found. 
 
==== End of Fixlog 16:43:07 ====

 

  • AdwCleaner log

 

 

# AdwCleaner v5.025 - Logfile created 13/12/2015 at 16:49:33

# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Victoria - ADORA
# Running from : C:\Users\Victoria\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : ssnfd
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\MixiDJ_V30
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Trymedia
[-] Folder Deleted : C:\Users\Victoria\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
[-] Folder Deleted : C:\Users\Victoria\AppData\Local\Temp\apn
[-] Folder Deleted : C:\Users\Victoria\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Victoria\AppData\LocalLow\MixiDJ_V30
[-] Folder Deleted : C:\Users\Victoria\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Victoria\AppData\Roaming\SearchProtect
[-] Folder Deleted : C:\Users\Victoria\Documents\Updater
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bcjbagclppcgdbpobcpoojdjdmcjhpid_0.localstorage
[-] File Deleted : C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bcjbagclppcgdbpobcpoojdjdmcjhpid_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\SearchProtect
[-] Key Deleted : HKCU\Software\WEDLMNGR
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.com
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : disneystore.com
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : flightaware.com
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaahaeginbdcckocjkhbciadcafnep
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaahlfahldnilidgnlikdckbfehhca
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bcjbagclppcgdbpobcpoojdjdmcjhpid
[-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fdkednngfjmpnljkolbapdednncafhen
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5609 bytes] ##########
 

 

  • Junkware log
    • The Junkware Removal Tool would not complete. It hung on "Browsers" for approx 40 min before I terminated the program.
  • MiniToolBox Report

 

MiniToolBox by Farbar  Version: 02-11-2015

Ran by Victoria (administrator) on 13-12-2015 at 17:37:45
Running from "C:\Users\Victoria\Desktop"
Microsoft Windows 8.1  (X64)
Model: 700T1C Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Centrino® Advanced-N 6235 = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
The following helper DLL cannot be loaded: NETIOHLP.DLL.
The following helper DLL cannot be loaded: NSHIPSEC.DLL.
The following command was not found: int ip dump.
Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...ca f7 33 a3 72 e4 ......Microsoft Hosted Network Virtual Adapter
  7...c8 f7 33 a3 72 e5 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...c8 f7 33 a3 72 e8 ......Bluetooth Device (Personal Area Network)
  3...c8 f7 33 a3 72 e4 ......Intel® Centrino® Advanced-N 6235
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.7     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.7    281
      192.168.0.7  255.255.255.255         On-link       192.168.0.7    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.7    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.7    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.7    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    281 ::/0                     fe80::3668:95ff:fef8:cb50
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:5ef5:79fb:3433:215a:3f57:fff8/128
                                    On-link
  3    281 2605:e000:8850:300::/56  fe80::3668:95ff:fef8:cb50
  3    281 2605:e000:8850:300::/64  On-link
  3    281 2605:e000:8850:300::1/128
                                    On-link
  3    281 2605:e000:8850:300:1d4e:b83e:baec:4756/128
                                    On-link
  3    281 2605:e000:8850:300:e435:1f5:e554:63d6/128
                                    On-link
  3    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::3433:215a:3f57:fff8/128
                                    On-link
  3    281 fe80::e435:1f5:e554:63d6/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
**** End of log ****
 

 

  • System summary information
    • Attached as requested.
  • Update on computer performance
    • Still does not access internet from browsers, same error code ("DNS_PROBE_FINISHED_NXDOMAIN")

 

Thank you for all of your assistance!

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:43 AM

Posted 13 December 2015 - 09:20 PM

Thank you, please do this.

===================================================

Running sfc /scannow in Elevated Command

--------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Windows 8/10: Press the Windows key + X at the same time, then click Command Prompt (Admin)
  • Type the following at the Command Prompt and press Enter

sfc /scannow

  • If Windows did not find any integrity violations please let me know
  • If errors were found click copy and past the following after the command prompt then press Enter

copy %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

  • A sfcdetails.txt document will be placed on your Desktop
  • Copy and paste or attach the file to your reply if too large. If it is too large to attach let me know
  • Reboot your computer and check your internet access
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • sfc /scannow results
  • $Do you have Internet access?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 oo_nrb

oo_nrb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 13 December 2015 - 11:12 PM

Thank you for your continued help!

 

Running sfc /scannow halted at the end of the verification phase, stating that Windows found corrupt files but could not repair them, and stored details are in the CBS.log file. I have the CBS.log file but it is 111 MB (too big to upload here). After attempting to restart and run sfc /scannow again, the cmd prompt window says that "there is a system repair pending which requires reboot to complete. Restart Windows and run sfc again". I have rebooted multiple times to resolve this issue and it will not go past this screen again. cmd has not generated a sfcdetails.txt file.

 

Attempts to access the internet are still unsuccessful, with the error message "DNS_PROBE_FINISHED_NO_INTERNET"



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:43 AM

Posted 14 December 2015 - 10:07 AM

Thanks for the explanation. Please do this. You can simply copy/paste the report in your reply rather than use a quote box.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
NETIOHLP.DLL;pending.xml
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 oo_nrb

oo_nrb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 15 December 2015 - 04:55 AM

Hello! Here is the search.txt result:

 

Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by Victoria (2015-12-15 01:52:58)
Running from C:\Users\Victoria\Desktop
Boot Mode: Normal
 
================== Search Files: "NETIOHLP.DLL;pending.xml" =============
 
C:\Windows\WinSxS\pending.xml
[2015-12-13 19:33][2015-12-13 19:34] 14274131 ____A () 23BBE982AD825C20099FE22EA0932DC1 [File not signed]
 
C:\Windows\WinSxS\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.3.9600.17415_none_c7b3530d6a3e2479\netiohlp.dll
[2015-04-21 15:05][2014-10-28 16:51] 0169472 ____A (Microsoft Corporation) 1E0F8253B63D4022F46DBF5EB41D71FD [File is digitally signed]
 
C:\Windows\WinSxS\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.3.9600.16477_none_c7748ae16a6ce52c\netiohlp.dll
[2014-05-15 22:23][2015-08-22 19:00] 0029033 ____A () C400471BDF06B10D5CB51AE900D8B04E [File not signed]
 
C:\Windows\WinSxS\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.3.9600.16384_none_c766b8316a77b7f1\netiohlp.dll
[2013-08-21 18:32][2015-01-08 16:19] 0013251 ____A () 43FA936F05B306EA03AF88A811175E06 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.3.9600.17415_none_23d1ee91229b95af\netiohlp.dll
[2015-04-21 15:05][2014-10-28 17:06] 0204288 ____A (Microsoft Corporation) 3C55C979841661F1350F21C135D35172 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.3.9600.16477_none_2393266522ca5662\netiohlp.dll
[2014-05-15 22:23][2015-05-04 16:25] 0021583 ____A () 251DB675E70B4493B69E32438F70C79B [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.3.9600.16384_none_238553b522d52927\netiohlp.dll
[2013-08-22 01:33][2014-06-15 11:13] 0012746 ____A () FEE17831DA00FB4A9F1C21D5F7CF0BEF [File not signed]
 
C:\Windows\Temp\141ba898-21c8-4304-86b3-891a8cada02c\Windows\WinSxS\pending.xml
[2013-08-22 05:47][2013-09-29 19:49] 1111570 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\Windows\Temp\141ba898-21c8-4304-86b3-891a8cada02c\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.3.9600.16384_none_238553b522d52927\netiohlp.dll
[2013-08-22 05:45][2013-08-22 05:45] 0202752 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\Windows\Temp\141ba898-21c8-4304-86b3-891a8cada02c\Windows\System32\netiohlp.dll
[2013-08-22 05:45][2013-08-22 05:45] 0202752 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\Windows\SysWOW64\netiohlp.dll
[2015-04-21 15:05][2014-10-28 16:51] 0169472 ____A (Microsoft Corporation) 1E0F8253B63D4022F46DBF5EB41D71FD [File is digitally signed]
 
C:\Windows\System32\netiohlp.dll
[2015-04-21 15:05][2014-10-28 17:06] 0204288 ____A (Microsoft Corporation) 3C55C979841661F1350F21C135D35172 [File is digitally signed]
 
====== End of Search ======


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:43 AM

Posted 15 December 2015 - 09:53 AM

Thank you for the information. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Windows\WinSxS\pending.xml
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun the sfc /scannow steps
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • sfc /scannow results
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 oo_nrb

oo_nrb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 15 December 2015 - 05:54 PM

Hello! Here is fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by Victoria (2015-12-15 13:18:41) Run:4
Running from C:\Users\Victoria\Desktop
Loaded Profiles: Victoria (Available Profiles: Victoria)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Windows\WinSxS\pending.xml
*****************
 
Could not move "C:\Windows\WinSxS\pending.xml" => Scheduled to move on reboot.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-15 13:19:43)
 
C:\Windows\WinSxS\pending.xml => Is moved successfully
 
==== End of Fixlog 13:19:43 ====

 

 

 

sfc /scanow finishes verification phase, and then gives this message: "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.log windir\Logs\CBS\CBS.log. For example, C:\Windows\Logs\CBS\CBS.log. Note that logging is not currently supported in offline servicing scenarios."

 

 

 

Here is FSS.txt

 

Farbar Service Scanner Version: 10-06-2014
Ran by Victoria (administrator) on 15-12-2015 at 14:51:47
Running from "C:\Users\Victoria\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:43 AM

Posted 15 December 2015 - 06:52 PM

Thanks, please do this.

===================================================

Complete Internet Repair

--------------------
  • Please download comintrep.zip and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache
Reset Windows Firewall Configuration
Restore the default hosts file

  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 oo_nrb

oo_nrb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 December 2015 - 04:42 AM

Hello,

This tool unfortunately did not do the trick. Multiple error messages popped up during all phases of repair about dnsapi.dll missing from the computer, and attempting to access the Internet after a reboot results in the same error code DNS_PROBE_FINISHED_NO_INTERNET.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:43 AM

Posted 16 December 2015 - 11:43 AM

This is really odd because of this:
 

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed


May I ask you what this is about? Did you pull that file from another computer?
 

2015-12-11 20:58 - 2015-07-10 03:00 - 00680256 _____ (Microsoft Corporation) C:\Users\Victoria\Desktop\dnsapi.dll


Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
dnsapi.dll
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Information about the file
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 oo_nrb

oo_nrb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 December 2015 - 11:54 PM

May I ask you what this is about? Did you pull that file from another computer?

 

When attempting to do things by myself, I copied the dnsapi.dll from my own computer and transferred it to my friends', hoping that it would help. I didn't want to download the file from a possibly untrustworthy DLL website. Apparently it didn't do what I thought it would  :unsure:

 

Here is search.txt:

 

Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by Victoria (2015-12-16 20:49:03)
Running from C:\Users\Victoria\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll
[2015-04-21 15:07][2014-10-28 17:06] 0498688 ____N (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB [File is digitally signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_90d9b2b12b50777f\dnsapi.dll
[2014-05-15 22:28][2015-05-04 16:35] 0106819 ____A () 8352637D2731E59DD15E7D8DA9E2A1A0 [File not signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_90de9f412b4d9e7f\dnsapi.dll
[2013-11-16 00:12][2014-11-24 09:38] 0084987 ____A () 86CAF33E26CDDF3A2AC01D99456BD74C [File not signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_909ebe1d2b7d6255\dnsapi.dll
[2013-08-21 18:55][2014-01-09 17:54] 0061968 ____A () 42E7FABF030EFA296B4C82EE05C648B2 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll
[2015-04-21 15:08][2014-10-28 17:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_8685085ef6efb584\dnsapi.dll
[2014-05-15 22:28][2015-05-04 16:03] 0150063 ____A () 317AD768649A884ADF8325B18CD77A15 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16423_none_8689f4eef6ecdc84\dnsapi.dll
[2013-11-16 00:12][2014-06-02 22:58] 0116405 ____A () D97A9913EAA1898611CF0DEFDED34FD4 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_864a13caf71ca05a\dnsapi.dll
[2013-08-22 02:06][2014-01-06 20:19] 0091548 ____A () 2956F80086062F7A8F2DC51BB5B07A71 [File not signed]
 
C:\Windows\Temp\141ba898-21c8-4304-86b3-891a8cada02c\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.16384_none_864a13caf71ca05a\dnsapi.dll
[2013-08-22 05:45][2013-08-22 05:45] 0655872 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\Windows\Temp\141ba898-21c8-4304-86b3-891a8cada02c\Windows\System32\dnsapi.dll
[2013-08-22 05:45][2013-08-22 05:45] 0655872 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\Users\Victoria\Desktop\dnsapi.dll
[2015-12-11 20:58][2015-07-10 03:00] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]
 
====== End of Search ======
 
Thank you for your continued help!


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:43 AM

Posted 17 December 2015 - 10:26 AM

Thank you.

For some reason earlier reports are showing the 2 files that should exist are there and are valid files. However, this Search report is indicating otherwise.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
cmd: copy /y C:\Users\Victoria\Desktop\dnsapi.dll C:\Windows\System32
cmd: copy /y C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll C:\Windows\SysWOW64
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer and check your Internet
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Do you have Internet?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 oo_nrb

oo_nrb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 17 December 2015 - 03:15 PM

YES! The internet appears to be functioning normally now. Thank you!

 

Here is fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by Victoria (2015-12-17 12:12:49) Run:5
Running from C:\Users\Victoria\Desktop
Loaded Profiles: Victoria (Available Profiles: Victoria)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: copy /y C:\Users\Victoria\Desktop\dnsapi.dll C:\Windows\System32
cmd: copy /y C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll C:\Windows\SysWOW64
*****************
 
 
=========  copy /y C:\Users\Victoria\Desktop\dnsapi.dll C:\Windows\System32 =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
=========  copy /y C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll C:\Windows\SysWOW64 =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
==== End of Fixlog 12:12:49 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users