Solved Dnsapi.dll trojan problems

All clean there :)

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 51
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.245
Adobe Reader XI
Google Chrome (46.0.2490.86)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 10-06-2014
Ran by User-PC (administrator) on 09-12-2015 at 17:47:44
Running from "C:\Users\User-PC\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
2015-12-10 01:02:31.059 Sophos Virus Removal Tool version 2.5.5
2015-12-10 01:02:31.059 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-12-10 01:02:31.059 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-12-10 01:02:31.059 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2015-12-10 01:02:31.059 Checking for updates...
2015-12-10 01:02:31.075 Update progress: proxy server not available
2015-12-10 01:02:37.091 Option all = no
2015-12-10 01:02:37.091 Option recurse = yes
2015-12-10 01:02:37.091 Option archive = no
2015-12-10 01:02:37.091 Option service = yes
2015-12-10 01:02:37.091 Option confirm = yes
2015-12-10 01:02:37.091 Option sxl = yes
2015-12-10 01:02:37.091 Option max-data-age = 35
2015-12-10 01:02:37.091 Option EnableSafeClean = yes
2015-12-10 01:02:38.753 Option vdl-logging = yes
2015-12-10 01:02:38.755 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-12-10 01:02:38.755 Machine ID: ece5e91afe134cd3b245d7e8f01c7295
2015-12-10 01:02:38.755 Component SVRTcli.exe version 2.5.5
2015-12-10 01:02:38.755 Component control.dll version 2.5.5
2015-12-10 01:02:38.755 Component SVRTservice.exe version 2.5.5
2015-12-10 01:02:38.755 Component engine\osdp.dll version 1.44.1.2230
2015-12-10 01:02:38.756 Component engine\veex.dll version 3.63.0.2230
2015-12-10 01:02:38.756 Component engine\savi.dll version 9.0.0.2230
2015-12-10 01:02:38.756 Component rkdisk.dll version 1.5.30.0
2015-12-10 01:02:38.756 Version info: Product version 2.5.5
2015-12-10 01:02:38.756 Version info: Detection engine 3.63.0
2015-12-10 01:02:38.756 Version info: Detection data 5.21
2015-12-10 01:02:38.756 Version info: Build date 11/10/2015
2015-12-10 01:02:38.756 Version info: Data files added 263
2015-12-10 01:02:38.756 Version info: Last successful update (not yet updated)
2015-12-10 01:03:01.458 Downloading updates...
2015-12-10 01:03:01.460 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE522 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE523 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE524 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE525 LATEST
2015-12-10 01:03:01.460 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-12-10 01:03:01.460 Update progress: [I19463] Syncing product SAVIW32 62
2015-12-10 01:03:03.411 Update progress: [I19463] Syncing product IDE522 134
2015-12-10 01:03:04.508 Installing updates...
2015-12-10 01:03:05.133 Error level 1
2015-12-10 01:03:05.133 Update progress: [I19463] Syncing product IDE523 121
2015-12-10 01:03:05.133 Update progress: [I19463] Syncing product IDE524 11
2015-12-10 01:03:05.133 Update progress: [I19463] Syncing product IDE525 1
2015-12-10 01:03:13.103 Update successful
2015-12-10 01:03:18.821 Option all = no
2015-12-10 01:03:18.821 Option recurse = yes
2015-12-10 01:03:18.821 Option archive = no
2015-12-10 01:03:18.821 Option service = yes
2015-12-10 01:03:18.821 Option confirm = yes
2015-12-10 01:03:18.821 Option sxl = yes
2015-12-10 01:03:18.821 Option max-data-age = 35
2015-12-10 01:03:18.821 Option EnableSafeClean = yes
2015-12-10 01:03:19.165 Option vdl-logging = yes
2015-12-10 01:03:19.165 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-12-10 01:03:19.165 Machine ID: ece5e91afe134cd3b245d7e8f01c7295
2015-12-10 01:03:19.165 Component SVRTcli.exe version 2.5.5
2015-12-10 01:03:19.165 Component control.dll version 2.5.5
2015-12-10 01:03:19.165 Component SVRTservice.exe version 2.5.5
2015-12-10 01:03:19.165 Component engine\osdp.dll version 1.44.1.2230
2015-12-10 01:03:19.165 Component engine\veex.dll version 3.63.0.2230
2015-12-10 01:03:19.165 Component engine\savi.dll version 9.0.0.2230
2015-12-10 01:03:19.165 Component rkdisk.dll version 1.5.30.0
2015-12-10 01:03:19.165 Version info: Product version 2.5.5
2015-12-10 01:03:19.165 Version info: Detection engine 3.63.0
2015-12-10 01:03:19.165 Version info: Detection data 5.21
2015-12-10 01:03:19.165 Version info: Build date 11/10/2015
2015-12-10 01:03:19.165 Version info: Data files added 263
2015-12-10 01:03:19.165 Version info: Last successful update 12/9/2015 6:03:13 PM

2015-12-10 01:16:26.291 Could not open C:\hiberfil.sys
2015-12-10 01:16:26.947 Could not open C:\pagefile.sys
2015-12-10 01:21:00.928 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\Dynasty Warriors 8 Xtreme Legends\steamclient.dll
2015-12-10 01:23:47.354 >>> Virus 'Troj/Patched-BM' found in file C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{26F9EDAB-27DC-9A54-4BFE-3E21BE0E1283}-dnsapi.dll
2015-12-10 01:23:47.354 Disinfection not offered
2015-12-10 01:24:23.858 Could not open C:\swapfile.sys
2015-12-10 01:24:24.016 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 01:24:24.016 Could not open C:\System Volume Information\{586ce887-9e0c-11e5-8286-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 01:24:24.016 Could not open C:\System Volume Information\{c4a9e43f-9e29-11e5-8288-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 01:24:34.057 Could not open C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-12-10 01:24:34.217 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK (virus scan failed)
2015-12-10 01:24:34.221 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-12-10 01:24:35.224 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOCK (virus scan failed)
2015-12-10 01:24:36.737 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
2015-12-10 01:24:36.798 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-12-10 01:39:18.181 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-12-10 01:39:18.182 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-12-10 01:39:22.331 Could not open C:\Windows\System32\config\BBI
2015-12-10 01:39:22.495 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-12-10 01:39:22.511 Could not open C:\Windows\System32\config\RegBack\SAM
2015-12-10 01:39:22.533 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-12-10 01:39:22.539 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-12-10 01:39:22.540 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-12-10 02:28:40.205 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Final Fantasy XIII-2\steam_api.dll
2015-12-10 02:30:13.371 >>> Virus 'Mal/VMProtBad-A' found in file D:\Program Files (x86)\Dynasty Warriors 8 Empires\steam_api.dll
2015-12-10 02:33:40.832 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 02:33:40.832 Could not open D:\System Volume Information\{586ce883-9e0c-11e5-8286-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 02:33:40.832 Could not open D:\System Volume Information\{c4a9e43d-9e29-11e5-8288-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 02:33:57.412 >>> Virus 'Mal/Generic-L' found in file D:\VNs\Little Busters! -English-\REALLIVE.exe
2015-12-10 02:34:17.942 The following items will be cleaned up:
2015-12-10 02:34:17.942 Mal/VMProtBad-A
2015-12-10 02:34:17.942 Mal/Generic-L
2015-12-10 02:34:17.942 Troj/Patched-BM
 
Here's the log for after the cleanup. One item couldn't be cleaned up.

2015-12-10 01:02:31.059 Sophos Virus Removal Tool version 2.5.5
2015-12-10 01:02:31.059 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-12-10 01:02:31.059 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-12-10 01:02:31.059 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2015-12-10 01:02:31.059 Checking for updates...
2015-12-10 01:02:31.075 Update progress: proxy server not available
2015-12-10 01:02:37.091 Option all = no
2015-12-10 01:02:37.091 Option recurse = yes
2015-12-10 01:02:37.091 Option archive = no
2015-12-10 01:02:37.091 Option service = yes
2015-12-10 01:02:37.091 Option confirm = yes
2015-12-10 01:02:37.091 Option sxl = yes
2015-12-10 01:02:37.091 Option max-data-age = 35
2015-12-10 01:02:37.091 Option EnableSafeClean = yes
2015-12-10 01:02:38.753 Option vdl-logging = yes
2015-12-10 01:02:38.755 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-12-10 01:02:38.755 Machine ID: ece5e91afe134cd3b245d7e8f01c7295
2015-12-10 01:02:38.755 Component SVRTcli.exe version 2.5.5
2015-12-10 01:02:38.755 Component control.dll version 2.5.5
2015-12-10 01:02:38.755 Component SVRTservice.exe version 2.5.5
2015-12-10 01:02:38.755 Component engine\osdp.dll version 1.44.1.2230
2015-12-10 01:02:38.756 Component engine\veex.dll version 3.63.0.2230
2015-12-10 01:02:38.756 Component engine\savi.dll version 9.0.0.2230
2015-12-10 01:02:38.756 Component rkdisk.dll version 1.5.30.0
2015-12-10 01:02:38.756 Version info: Product version 2.5.5
2015-12-10 01:02:38.756 Version info: Detection engine 3.63.0
2015-12-10 01:02:38.756 Version info: Detection data 5.21
2015-12-10 01:02:38.756 Version info: Build date 11/10/2015
2015-12-10 01:02:38.756 Version info: Data files added 263
2015-12-10 01:02:38.756 Version info: Last successful update (not yet updated)
2015-12-10 01:03:01.458 Downloading updates...
2015-12-10 01:03:01.460 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE522 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE523 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE524 LATEST
2015-12-10 01:03:01.460 Update progress: [I49502] Found supplement IDE525 LATEST
2015-12-10 01:03:01.460 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-12-10 01:03:01.460 Update progress: [I19463] Syncing product SAVIW32 62
2015-12-10 01:03:03.411 Update progress: [I19463] Syncing product IDE522 134
2015-12-10 01:03:04.508 Installing updates...
2015-12-10 01:03:05.133 Error level 1
2015-12-10 01:03:05.133 Update progress: [I19463] Syncing product IDE523 121
2015-12-10 01:03:05.133 Update progress: [I19463] Syncing product IDE524 11
2015-12-10 01:03:05.133 Update progress: [I19463] Syncing product IDE525 1
2015-12-10 01:03:13.103 Update successful
2015-12-10 01:03:18.821 Option all = no
2015-12-10 01:03:18.821 Option recurse = yes
2015-12-10 01:03:18.821 Option archive = no
2015-12-10 01:03:18.821 Option service = yes
2015-12-10 01:03:18.821 Option confirm = yes
2015-12-10 01:03:18.821 Option sxl = yes
2015-12-10 01:03:18.821 Option max-data-age = 35
2015-12-10 01:03:18.821 Option EnableSafeClean = yes
2015-12-10 01:03:19.165 Option vdl-logging = yes
2015-12-10 01:03:19.165 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-12-10 01:03:19.165 Machine ID: ece5e91afe134cd3b245d7e8f01c7295
2015-12-10 01:03:19.165 Component SVRTcli.exe version 2.5.5
2015-12-10 01:03:19.165 Component control.dll version 2.5.5
2015-12-10 01:03:19.165 Component SVRTservice.exe version 2.5.5
2015-12-10 01:03:19.165 Component engine\osdp.dll version 1.44.1.2230
2015-12-10 01:03:19.165 Component engine\veex.dll version 3.63.0.2230
2015-12-10 01:03:19.165 Component engine\savi.dll version 9.0.0.2230
2015-12-10 01:03:19.165 Component rkdisk.dll version 1.5.30.0
2015-12-10 01:03:19.165 Version info: Product version 2.5.5
2015-12-10 01:03:19.165 Version info: Detection engine 3.63.0
2015-12-10 01:03:19.165 Version info: Detection data 5.21
2015-12-10 01:03:19.165 Version info: Build date 11/10/2015
2015-12-10 01:03:19.165 Version info: Data files added 263
2015-12-10 01:03:19.165 Version info: Last successful update 12/9/2015 6:03:13 PM

2015-12-10 01:16:26.291 Could not open C:\hiberfil.sys
2015-12-10 01:16:26.947 Could not open C:\pagefile.sys
2015-12-10 01:21:00.928 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\Dynasty Warriors 8 Xtreme Legends\steamclient.dll
2015-12-10 01:23:47.354 >>> Virus 'Troj/Patched-BM' found in file C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{26F9EDAB-27DC-9A54-4BFE-3E21BE0E1283}-dnsapi.dll
2015-12-10 01:23:47.354 Disinfection not offered
2015-12-10 01:24:23.858 Could not open C:\swapfile.sys
2015-12-10 01:24:24.016 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 01:24:24.016 Could not open C:\System Volume Information\{586ce887-9e0c-11e5-8286-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 01:24:24.016 Could not open C:\System Volume Information\{c4a9e43f-9e29-11e5-8288-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 01:24:34.057 Could not open C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-12-10 01:24:34.217 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK (virus scan failed)
2015-12-10 01:24:34.221 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-12-10 01:24:35.224 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOCK (virus scan failed)
2015-12-10 01:24:36.737 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
2015-12-10 01:24:36.798 Could not check C:\Users\User-PC\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-12-10 01:39:18.181 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-12-10 01:39:18.182 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-12-10 01:39:22.331 Could not open C:\Windows\System32\config\BBI
2015-12-10 01:39:22.495 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-12-10 01:39:22.511 Could not open C:\Windows\System32\config\RegBack\SAM
2015-12-10 01:39:22.533 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-12-10 01:39:22.539 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-12-10 01:39:22.540 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-12-10 02:28:40.205 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Final Fantasy XIII-2\steam_api.dll
2015-12-10 02:30:13.371 >>> Virus 'Mal/VMProtBad-A' found in file D:\Program Files (x86)\Dynasty Warriors 8 Empires\steam_api.dll
2015-12-10 02:33:40.832 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 02:33:40.832 Could not open D:\System Volume Information\{586ce883-9e0c-11e5-8286-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 02:33:40.832 Could not open D:\System Volume Information\{c4a9e43d-9e29-11e5-8288-28c2dd1ab9b4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-10 02:33:57.412 >>> Virus 'Mal/Generic-L' found in file D:\VNs\Little Busters! -English-\REALLIVE.exe
2015-12-10 02:34:17.942 The following items will be cleaned up:
2015-12-10 02:34:17.942 Mal/VMProtBad-A
2015-12-10 02:34:17.942 Mal/Generic-L
2015-12-10 02:34:17.942 Troj/Patched-BM
2015-12-10 03:09:04.783 Threat 'Mal/VMProtBad-A' has been cleaned up.
2015-12-10 03:09:04.788 File "C:\Program Files (x86)\Dynasty Warriors 8 Xtreme Legends\steamclient.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-12-10 03:09:04.788 File "C:\Program Files (x86)\Dynasty Warriors 8 Xtreme Legends\steamclient.dll" has been cleaned up.
2015-12-10 03:09:04.788 File "D:\Games\Final Fantasy XIII-2\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-12-10 03:09:04.788 File "D:\Games\Final Fantasy XIII-2\steam_api.dll" has been cleaned up.
2015-12-10 03:09:04.822 File "D:\Program Files (x86)\Dynasty Warriors 8 Empires\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-12-10 03:09:04.822 File "D:\Program Files (x86)\Dynasty Warriors 8 Empires\steam_api.dll" has been cleaned up.
2015-12-10 03:09:04.822 Removal successful
2015-12-10 03:09:09.694 Threat 'Mal/Generic-L' has been cleaned up.
2015-12-10 03:09:09.694 File "D:\VNs\Little Busters! -English-\REALLIVE.exe" belongs to malware 'Mal/Generic-L'.
2015-12-10 03:09:09.694 File "D:\VNs\Little Busters! -English-\REALLIVE.exe" has been cleaned up.
2015-12-10 03:09:09.694 Removal successful
2015-12-10 03:09:10.619 >>> Virus 'Troj/Patched-BM' found in file C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{26F9EDAB-27DC-9A54-4BFE-3E21BE0E1283}-dnsapi.dll
2015-12-10 03:09:10.619 Disinfection not offered
2015-12-10 03:09:10.619 Disinfection failed [0xa0040208]
2015-12-10 03:09:10.646 Error: cleanup failed.
2015-12-10 03:09:10.876 Contents of SafeClean bin directory:
2015-12-10 03:09:10.885 {
2015-12-10 03:09:10.885 RecordID : "0000000000000001",
2015-12-10 03:09:10.885 ItemType : "1",
2015-12-10 03:09:10.885 Location : "C:\Program Files (x86)\Dynasty Warriors 8 Xtreme Legends\",
2015-12-10 03:09:10.885 FileName : "steamclient.dll",
2015-12-10 03:09:10.885 ThreatName : "Mal/VMProtBad-A",
2015-12-10 03:09:10.885 Checksum : "c939c9dc01f932827260298a609dd2c06d97b3155828045eddc4c1078c15ee0c",
2015-12-10 03:09:10.885 TimeStamp : "Wed Dec 09 20:08:52 2015"
2015-12-10 03:09:10.886 }
2015-12-10 03:09:10.886 {
2015-12-10 03:09:10.886 RecordID : "0000000000000002",
2015-12-10 03:09:10.886 ItemType : "1",
2015-12-10 03:09:10.886 Location : "D:\Games\Final Fantasy XIII-2\",
2015-12-10 03:09:10.886 FileName : "steam_api.dll",
2015-12-10 03:09:10.886 ThreatName : "Mal/VMProtBad-A",
2015-12-10 03:09:10.886 Checksum : "2e5807db6ef28be7291b89aa4f1b32db2e6cb23496409d4c70babb300984da31",
2015-12-10 03:09:10.886 TimeStamp : "Wed Dec 09 20:08:52 2015"
2015-12-10 03:09:10.886 }
2015-12-10 03:09:10.886 {
2015-12-10 03:09:10.886 RecordID : "0000000000000003",
2015-12-10 03:09:10.886 ItemType : "1",
2015-12-10 03:09:10.886 Location : "D:\Program Files (x86)\Dynasty Warriors 8 Empires\",
2015-12-10 03:09:10.886 FileName : "steam_api.dll",
2015-12-10 03:09:10.886 ThreatName : "Mal/VMProtBad-A",
2015-12-10 03:09:10.886 Checksum : "d88f99d5dc898fd295821332d792398a96c98ba66e12b92113c0642324f6cb39",
2015-12-10 03:09:10.886 TimeStamp : "Wed Dec 09 20:08:52 2015"
2015-12-10 03:09:10.886 }
2015-12-10 03:09:10.886 {
2015-12-10 03:09:10.886 RecordID : "0000000000000004",
2015-12-10 03:09:10.886 ItemType : "1",
2015-12-10 03:09:10.886 Location : "D:\VNs\Little Busters! -English-\",
2015-12-10 03:09:10.886 FileName : "REALLIVE.exe",
2015-12-10 03:09:10.886 ThreatName : "Mal/Generic-L",
2015-12-10 03:09:10.886 Checksum : "f48c5466f35e8b2b5e52fb16711d0271ceebf3ccad710c7c3fb85ac909e5212d",
2015-12-10 03:09:10.886 TimeStamp : "Wed Dec 09 20:09:04 2015"
2015-12-10 03:09:10.886 }
2015-12-10 03:09:11.843 Error level 0
 
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
file:C:\FRST\Quarantine\C\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_a7e0cfc0f233a685\dnsapi.dll.xBAD
 
That file was already quarantined by FRST fix and DelFix should removed that file and FRST itself so nothing to worry about.
That was the file your whole issue started with.
 
DelFix should take care of it.
If it didn't you can remove FRST folder manually:
C:\FRST
 
I'm guessing Defender found it before it could be deleted since the folder isn't there anymore. I just read through the articles you linked to and I'm fairly sure I know how I got the virus now. I just need to talk to my daughter and have her read the same articles to prevent it from happening again.

Thank you for all your help. I'll let you know in a day or two if anything changes but so far everything seems to be working fine and the programs I need for work are working again. Thanks again. I really appreciate all this.
 
By the way, with regards to Secunia, do you recommend just letting it automatically update any out-of-date programs or should I do it myself whenever it alerts me to one?
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back