Jump to content

Recommended Posts


The support forums have been under a DDoS attack, which has resulted in a delay in being able to respond to your support request.

First we need to make sure any malware that may be present is dealt with. Then we will see about replacing the DNSAPI.dll with a clean copy.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-21-796845957-823518204-725345543-2141\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-796845957-823518204-725345543-2141\...\MountPoints2: {b12916f5-d3b9-11e4-9259-4c80933d4130} - E:\SafeXs.exe
HKU\S-1-5-21-796845957-823518204-725345543-2141\...\MountPoints2: {e9ed8a3f-f8ed-11e2-9d82-180373a409ba} - E:\LaunchU3.exe
SearchScopes: HKU\S-1-5-21-796845957-823518204-725345543-2141 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
Task: {0FB71523-1E85-451C-9E71-D47BB366ACFE} - System32\Tasks\Gatfi => C:\PROGRA~1\ODEYGC~1\Pyopp.bat <==== ATTENTION
Task: {AB212115-BFD0-410A-962C-0EA403B676B1} - \{7D057D47-0C0E-0B0A-7811-0A0D7A041109} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\tjoyce\Documents\Archdeaconry of York:com.dropbox.attributes [168]
Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

I've followed your instructions up to pressing the 'Fix' button in the FRST programme. A message box comes up which says "No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located'. I have placed the fixlist.txt file in Computer/Local Disk/FRST/Hives and Computer/Local Disk/FRST/logs, as well as on the desktop where a FRST shortcut sits, but nothing changes. Am I missing something?

Link to post
Share on other sites

I am going to have you invoke Windows Files Protection by running the System File Checker.

System File Checker

  • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
  • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Attach sfcdetails.txt to your next post.
Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...