Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dnsapi.dll Missing Error - Need Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Andude2

Andude2

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 13 December 2015 - 06:01 PM

Helping a friend who is having problems with the missing dnsapi.dll error.  Can't connect to the internet on his computer (desktop, connected via CAT5 to router).  Searching through my google resources, I don't know how to fix this one!  Help!

 

I'm running Ubuntu 15.10, so that may put a wrinkle in what I can assist on his computer....been a while since I've played with Windows!  He is running Windows 8.1, 64 bit.

 

Farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by William (administrator) on BILL-CHARMED (13-12-2015 14:55:03)
Running from C:\Users\William\Desktop
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Akamai Technologies, Inc.) C:\Users\William\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\William\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(© 2015 Microsoft Corporation) C:\Users\William\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(MY.COM B.V.) C:\Users\William\AppData\Local\MyComGames\MyComGames.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\William\AppData\Roaming\Verizon\UA_ar\UA.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Users\William\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [976896 2012-12-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
HKLM-x32\...\Run: [PowerDVD13Agent] => "F:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [Akamai NetSession Interface] => C:\Users\William\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [Google Update] => C:\Users\William\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc.)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [BingSvc] => C:\Users\William\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Run: [MyComGames] => C:\Users\William\AppData\Local\MyComGames\MyComGames.exe [4650952 2015-11-27] (MY.COM B.V.)
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\MountPoints2: {3c1ef67a-aa9d-11e4-bec0-902b34da1623} - "H:\VZW_Software_upgrade_assistant.exe"  
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\MountPoints2: {a8e73683-71ab-11e4-beb8-902b34da1623} - "G:\VZW_Software_upgrade_assistant.exe"  
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\MountPoints2: {a9f551fd-1fd0-11e3-be7f-902b34da1623} - "G:\VZW_Software_upgrade_assistant.exe"  
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\...\MountPoints2: {ecca7698-9d24-11e4-bebf-902b34da1623} - "G:\iLinker.exe"  
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-10]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-10]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2013-12-11]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2013-12-11]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Envy 100 D410 series (Network).lnk [2013-10-17]
ShortcutTarget: Monitor Ink Alerts - HP Envy 100 D410 series (Network).lnk -> C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-06]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\William\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F01C417B-E4A9-4583-AEF6-70090CEC6C90}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3880208871-1114725882-94886571-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKU\S-1-5-21-3880208871-1114725882-94886571-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =  
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-10] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-11-03] (Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-02] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-05-19] (Perfect World Entertainment Inc)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-10] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-11-03] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-02] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-10] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-10] (Webroot)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\37f96orx.default
FF DefaultSearchEngine: Bing  
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://wisersearch.com/search.php?channel=en&q=
FF SelectedSearchEngine: Bing  
FF Homepage: hxxps://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2BDF&PC=SK2B&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-05-19] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3880208871-1114725882-94886571-1002: @my.com/Games -> C:\Users\William\AppData\Local\MyComGames\NPMyComDetector.dll [2015-08-27] (My.com, Inc)
FF Plugin HKU\S-1-5-21-3880208871-1114725882-94886571-1002: @tools.google.com/Google Update;version=3 -> C:\Users\William\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3880208871-1114725882-94886571-1002: @tools.google.com/Google Update;version=9 -> C:\Users\William\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3880208871-1114725882-94886571-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\William\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\37f96orx.default\user.js [2013-10-17]
FF SearchPlugin: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\37f96orx.default\searchplugins\search.xml [2013-12-27]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-08]
FF Extension: Bing Search - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\37f96orx.default\Extensions\bingsearch.full@microsoft.com [2015-07-15] [not signed]
FF Extension: Webroot Password Manager - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\37f96orx.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-12-10]
FF Extension: Adblock Plus - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\37f96orx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-11-03]
 
Chrome:  
=======
CHR StartupUrls: Default -> "hxxp://wisersearch.com/?channel=en"
CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bing) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-09-27]
CHR Extension: (Google Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (Any New Tab) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo [2013-10-15]
CHR Extension: (Webroot Filtering Extension) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-09-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]
CHR Extension: (Skype Click to Call) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27]
CHR Extension: (Webroot Password Manager) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-06-23]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKU\S-1-5-21-3880208871-1114725882-94886571-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-06-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-05-19] (Perfect World Entertainment Inc)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-24] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-25] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-09-13] (Creative Technology Ltd)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-15] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-15] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-18] (Electronic Arts)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-07-31] (BitRaider)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1049880 2013-09-13] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [28440 2013-09-13] (Creative Technology Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-15] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-10-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [43600 2015-11-03] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 14:55 - 2015-12-13 14:55 - 00034402 _____ C:\Users\William\Desktop\FRST.txt
2015-12-13 14:19 - 2015-12-13 14:55 - 00000000 ____D C:\FRST
2015-12-13 14:19 - 2015-12-13 14:18 - 02369536 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
2015-12-10 09:40 - 2015-12-10 09:41 - 00000000 ____D C:\Users\William\AppData\Local\lptmp
2015-11-30 08:09 - 2015-11-30 08:09 - 00023363 _____ C:\Users\William\Fit test part 2.odt
2015-11-30 08:08 - 2015-11-30 08:08 - 00018879 _____ C:\Users\William\Fit test part 1.odt
2015-11-29 16:46 - 2015-11-29 17:09 - 00001740 _____ C:\Users\William\Desktop\DragomonHunter-US.lnk
2015-11-29 16:41 - 2015-11-29 16:41 - 00000000 ____D C:\AeriaGames
2015-11-29 16:40 - 2015-11-29 16:46 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2015-11-29 16:40 - 2015-11-29 16:46 - 00000000 ____D C:\ProgramData\HappyCloud
2015-11-21 20:54 - 2015-11-21 20:54 - 00000000 ____D C:\Users\William\AppData\LocalLow\Unity
2015-11-21 20:54 - 2015-11-21 20:54 - 00000000 ____D C:\Users\William\AppData\Local\Unity
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 14:54 - 2015-06-18 12:12 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B3C78BB-CA04-4CE9-8A07-53DCEF7CBCF1}
2015-12-13 14:51 - 2013-06-25 17:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-13 14:47 - 2013-06-24 15:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3880208871-1114725882-94886571-1002
2015-12-13 14:43 - 2013-09-29 20:04 - 00876144 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 14:43 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-13 14:42 - 2014-03-10 19:13 - 00000000 ____D C:\Users\William\AppData\Local\Akamai
2015-12-13 14:36 - 2015-07-26 20:51 - 00000000 ____D C:\Users\William\AppData\Local\MyComGames
2015-12-13 14:36 - 2013-10-15 09:42 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-13 14:35 - 2013-10-17 17:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-13 14:35 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-13 14:35 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-13 14:30 - 2013-09-18 21:15 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3880208871-1114725882-94886571-1002UA.job
2015-12-13 14:20 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-13 14:20 - 2013-06-25 20:30 - 00000000 ____D C:\ProgramData\WRData
2015-12-10 23:03 - 2014-05-28 18:27 - 00000000 ____D C:\Users\William\AppData\Local\Battle.net
2015-12-10 22:58 - 2013-10-15 09:42 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 20:42 - 2015-04-11 21:05 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-12-10 20:42 - 2014-05-28 18:27 - 00000000 ____D C:\Users\William\AppData\Roaming\Battle.net
2015-12-10 20:42 - 2013-09-21 09:16 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-10 16:14 - 2015-06-16 17:02 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-10 09:41 - 2013-10-15 09:44 - 00000000 ____D C:\Users\William\AppData\LocalLow\LastPass
2015-12-09 13:51 - 2013-06-25 17:35 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-09 09:30 - 2013-09-18 21:15 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3880208871-1114725882-94886571-1002Core.job
2015-12-09 08:39 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-06 03:49 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-04 10:48 - 2013-10-17 17:56 - 00000000 ____D C:\Users\William
2015-12-04 09:25 - 2013-09-18 21:15 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3880208871-1114725882-94886571-1002UA
2015-12-04 09:25 - 2013-09-18 21:15 - 00003516 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3880208871-1114725882-94886571-1002Core
2015-12-01 21:53 - 2013-10-15 09:42 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 21:53 - 2013-10-15 09:42 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 08:10 - 2015-07-14 18:50 - 00000000 ____D C:\Users\William\Desktop\Excel at Yourself
2015-11-25 20:54 - 2015-06-23 06:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 09:18 - 2015-10-10 07:42 - 00000000 ____D C:\Users\William\Desktop\DesktopIcons
2015-11-20 10:15 - 2013-06-25 20:31 - 00170760 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-11-20 10:15 - 2013-06-25 20:31 - 00105888 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-11-16 09:58 - 2015-11-12 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-16 09:58 - 2013-06-24 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2013-06-25 20:31 - 2015-12-10 09:41 - 12891272 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-10-13 19:36 - 2015-10-13 19:55 - 0007618 _____ () C:\Users\William\AppData\Local\Resmon.ResmonCfg
2013-09-20 21:15 - 2013-09-20 21:15 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\William\AppData\Local\Temp\BingSvc.exe
C:\Users\William\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\William\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\William\AppData\Local\Temp\LiveUpdater.exe
C:\Users\William\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\William\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\William\AppData\Local\Temp\nvStInst.exe
C:\Users\William\AppData\Local\Temp\sfamcc00001.dll
C:\Users\William\AppData\Local\Temp\sfareca00001.dll
C:\Users\William\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-13 14:48
 
==================== End of FRST.txt ============================


Edited by Chris Cosgrove, 13 December 2015 - 06:12 PM.
Moved from Win 8/8.1 to 'Virus, trojan, etc. logs'


BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 14 December 2015 - 11:46 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello Andude2,

Welcome to Bleeping Computer!  My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".


While I review the log you provided please do the following..



  • Please rerun FRST as you did before, make sure to check the Addition.txt box before clicking Scan.  Once the scan is over, a window entitled "Addition.txt" will open.  Please post the contents of Addition.txt in your next reply.

 

 

Next..

 

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

dnsapi.dll

  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Addition.txt
  • Search.txt
    Please post everything in the order given.

Edited by mAL_rEm018, 15 December 2015 - 02:22 AM.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 19 December 2015 - 01:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users