kevinf80 Posted January 6, 2016 ID:1011140 Share Posted January 6, 2016 Switch off then switch back on... Link to post Share on other sites More sharing options...
Zeal2001 Posted January 6, 2016 Author ID:1011142 Share Posted January 6, 2016 Clicked DNS Client service status was stopped so I started it and that went fine. Tried the same for DHCP Client and I get a message that says Windows could not start the DHCP Client service on Local Computer. Error 5: Access is denied. Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2016 ID:1011151 Share Posted January 6, 2016 Is possible dependencies are maybe needing to be started before DHCP client is running... Ok try these commands from elevated command prompt: Select enter after each one.. net start nsinet start tdxnet start afdFinally net start dhcp Do those command work ok, or do you get any errors? Link to post Share on other sites More sharing options...
Zeal2001 Posted January 6, 2016 Author ID:1011153 Share Posted January 6, 2016 Entered Command Prompt tried entering first command. Said System error 5 has occurred. Access is denied. Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2016 ID:1011156 Share Posted January 6, 2016 Maybe there is a permissions problem, are you ok with the registry? if so do the following: Select the widows key and the R key together, The RUN box will open type regedit click ok, accept UAC if offered Regedit should open.Expand the following reg keys:HKEY_local_machine > System > CurrentControlSet > Services > right click direct onto this folder Dhcp then select Permissions in the new window make sure Full control is checked for "System" and "Administrator" groups. Link to post Share on other sites More sharing options...
Zeal2001 Posted January 6, 2016 Author ID:1011159 Share Posted January 6, 2016 I should be able to do this soon, but out of curiosity do you think if I took my laptop to a professional they'd be able to fix the problem? Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2016 ID:1011165 Share Posted January 6, 2016 100% yes on the professional question, if I could see the logs from FRST i`d probably have you up and running too.... i was hoping the LastRegBack: yyyy:mm:dd time would have predated your issue even by one day, with that available we could have used that line in FRST fix to restore your registry hives... ah well, if only never gets us anywhere... let me know if the pro route is what you intend.. Link to post Share on other sites More sharing options...
Zeal2001 Posted January 9, 2016 Author ID:1011625 Share Posted January 9, 2016 Full control has allow checked for both System and Administrators Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011676 Share Posted January 9, 2016 Thank you for that confirmation, in that case it would seem to indicate when you run the provided commands "cmd.exe" is not running with administartor status... Did the prompt look like this C:\windows\system>32_ or this C:\users\your name>_ Link to post Share on other sites More sharing options...
Zeal2001 Posted January 9, 2016 Author ID:1011701 Share Posted January 9, 2016 Second one Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011705 Share Posted January 9, 2016 Yes that means cmd.exe was not opened with Administrator status, hence the commands fail... can you try that one again Link to post Share on other sites More sharing options...
Zeal2001 Posted January 9, 2016 Author ID:1011709 Share Posted January 9, 2016 Can you tell me which commands you want me to retry into cms.exe Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011710 Share Posted January 9, 2016 Do you have Malwarebytes installed? Link to post Share on other sites More sharing options...
Zeal2001 Posted January 9, 2016 Author ID:1011714 Share Posted January 9, 2016 Yes, but it won't open. Link to post Share on other sites More sharing options...
Zeal2001 Posted January 9, 2016 Author ID:1011715 Share Posted January 9, 2016 Scratch that it is opening now, it wasn't before though. Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011718 Share Posted January 9, 2016 Can you open the FRST log and copy the line that starts LastRegBack/date/time exactly as it appears into you reply, Link to post Share on other sites More sharing options...
Zeal2001 Posted January 9, 2016 Author ID:1011719 Share Posted January 9, 2016 LastRegBack: 2016-01-01 4:17 Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011720 Share Posted January 9, 2016 Thanks for that, in reply 22 I asked that you run "LastKnownGoodConfiguration" can you recall if that was successful? Link to post Share on other sites More sharing options...
Zeal2001 Posted January 9, 2016 Author ID:1011723 Share Posted January 9, 2016 Regarding the internet no it wasn't. Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011725 Share Posted January 9, 2016 No not the internet, did it actually work and re-boot? One other question, do you have a flash drive (usb memory stick) Link to post Share on other sites More sharing options...
Zeal2001 Posted January 10, 2016 Author ID:1011726 Share Posted January 10, 2016 I believe it did, and no I don't have a flash drive. Link to post Share on other sites More sharing options...
kevinf80 Posted January 10, 2016 ID:1011728 Share Posted January 10, 2016 Ok give this a try with Malwarebytes... Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits" <<<--- This setting is very important and must be selected.... Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, click Apply Actions. if applicable Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. check MB log, were any changes made? Link to post Share on other sites More sharing options...
Zeal2001 Posted January 10, 2016 Author ID:1011730 Share Posted January 10, 2016 Finished the scans and received 4 threats. 2 day pup.optional.amazingtab and 2 say pup.optional.amonetize should I remove these? Will this fix the problem? Link to post Share on other sites More sharing options...
kevinf80 Posted January 10, 2016 ID:1011734 Share Posted January 10, 2016 Yes you can remove them, but no fix for internet...... I`m really struggling with no logs, no way to get them either... The issue is the infection and the changes that were made, two files were altered C:\Windows\System32\dnsapi.dllC:\Windows\SysWOW64\dnsapi.dll Other changes were made to permissions etc.... without logs to look at from FRST it really is like being stuck between a rock and a hard place.... Can you navigate to C:\Windows\System32\dnsapi.dll right click direct onto dnsapi.dll select "Properties" then select the "Security" Tab. Highlite "System" do the settings look anything like the attached image? Do the same for C:\Windows\SysWOW64\dnsapi.dll Link to post Share on other sites More sharing options...
Zeal2001 Posted January 10, 2016 Author ID:1011736 Share Posted January 10, 2016 For system32 read and read & execute don't have checkmarks, but special permissions doesIt's the same for SysWOW64 Link to post Share on other sites More sharing options...
Recommended Posts