canonterry

DNSAPI.dll problem

Recommended Posts

Hello,

The support forums have been under a DDoS attack, which has resulted in a delay in being able to respond to your support request.

First we need to make sure any malware that may be present is dealt with. Then we will see about replacing the DNSAPI.dll with a clean copy.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-21-796845957-823518204-725345543-2141\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-796845957-823518204-725345543-2141\...\MountPoints2: {b12916f5-d3b9-11e4-9259-4c80933d4130} - E:\SafeXs.exe
HKU\S-1-5-21-796845957-823518204-725345543-2141\...\MountPoints2: {e9ed8a3f-f8ed-11e2-9d82-180373a409ba} - E:\LaunchU3.exe
SearchScopes: HKU\S-1-5-21-796845957-823518204-725345543-2141 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
Task: {0FB71523-1E85-451C-9E71-D47BB366ACFE} - System32\Tasks\Gatfi => C:\PROGRA~1\ODEYGC~1\Pyopp.bat <==== ATTENTION
Task: {AB212115-BFD0-410A-962C-0EA403B676B1} - \{7D057D47-0C0E-0B0A-7811-0A0D7A041109} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\tjoyce\Documents\Archdeaconry of York:com.dropbox.attributes [168]
C:\PROGRA~1\ODEYGC~1\Pyopp.bat
Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

I've followed your instructions up to pressing the 'Fix' button in the FRST programme. A message box comes up which says "No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located'. I have placed the fixlist.txt file in Computer/Local Disk/FRST/Hives and Computer/Local Disk/FRST/logs, as well as on the desktop where a FRST shortcut sits, but nothing changes. Am I missing something?

Share this post


Link to post
Share on other sites

FIxlist.txt and FRST must be in the same folder with each other, both should be on your Desktop. A shortcut to FRST will not work, the actual program must be on the Desktop.

Share this post


Link to post
Share on other sites

I am going to have you invoke Windows Files Protection by running the System File Checker.

System File Checker

  • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
  • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Attach sfcdetails.txt to your next post.

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.