shopperz and dnsapi.dll

[lemonypotato]

Hello,

 

I am fixing someone else's computer right now, and the problem seems to be linking to one thing: a corrupted dnsapi.dll file.

 

Here are the symptoms:

- No browsers besides Edge work (either they do not connect or do not initialize. One returns a "dnsapi.dll is missing" message)

- I am unable to install MalwareBytes Anti-Malware (Runtime Error at 97:137, could not call proc)

- I am plagued by popups and overlay ads as well as offers for antivirus removal whenever I use Edge to browse

 

This all started with Win64/Patched.AZ.gen!dll being detected by Defender. Removal led to no change in behavior.

 

I have tried:

- tdsskiller (with loaded modules): no scan results

- adwcleaner: picked up a lot of results on the first run, cleaned. Some results on the second scan, cleaned again. Third scan, shows corrupted dnsapi.dll. Restoration failed after reboot

- Defender does not return results

- Many programs such as Zemana will download and fail to install (presumably due to a corrupted dnsapi.dll)

 

I have attached the FRST.txt and Addition.txt. If it helps, I followed the instructions in a similar thread and added the Search.txt log for dnsapi.dll as well.

 

Thanks for the help!

Search.txt

FRST.txt

Addition.txt

[lemonypotato]

Oh, I forgot to add (sorry):

 

I did a SFC/SCANNOW command twice and both times it failed to restore dnsapi.dll.

 

[dbreeze]

Hello and
If you've not already done so please start here and post back the 2 log files FRST.txt and Addition.txt

P2P/Piracy Warning:
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

 

 

I will work on the logs but for now can you see if running Malwarebytes' Chameleon will install and run MBAM on the system?

[dbreeze]

Please try and run the Chameleon program first and post the log from that scan here.

 

Then download the attached fixlist.txt file and save it to the Desktop.  Fixlist.txt

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

[lemonypotato]

I have tried Chameleon but it does not seem to work. At first, it couldn't download mbam-setup, so I moved a copy of it into the same folder Chameleon was in. I tried all of the options in the html script, and they all failed at the same problem (97:137).

 

I have attached the fixlog. There do not seem to be any more popups or redirects in Edge, but I am still having the problem with missing dnsapi.dll.

 

Fixlog.txt

[dbreeze]

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as find.bat
 

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

 

Double click the Find.bat file to run it and attach the sfcdetails.txt file from your desktop in a reply post here.  Thanks.

[lemonypotato]

Here is the sfcdetails.txt file, attached.

 

sfcdetails.txt

[dbreeze]

Please run the following scan; I will be researching what to do about a corrupt Win 10 SFC repair (since this is supposed to be able to do so without a disk).

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
 

[lemonypotato]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by 764HP050111 (Administrator) on 01/13/2016 Wed at 13:05:05.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

File System: 124

 

Successfully deleted: C:\ProgramData\12349964119428039215 (Folder)
Successfully deleted: C:\ProgramData\6e3df34f00003ed8 (Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{0073BF78-0D02-4FD4-9C8A-048FC735EC08} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{05A45AE5-43AB-407A-A139-5267EAFCFBDF} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{0632C3D1-DBBA-4F5D-AF01-C6E68F78585F} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{08C04FB6-D46B-4C9E-B431-9E6F1D159B33} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{0988EC36-265C-4A26-95AB-D3687630BA1B} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{0BC70C3A-1806-4728-9650-D84845E8D752} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{0CB04557-A17C-44D8-801A-684C67B4C74E} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{0F941F46-BAE9-4DD6-82E1-412F02C37164} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{10DC126A-F0B8-4BAF-83BE-E9333B5A6FBF} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{152FD463-00DD-4040-8853-802B494AA547} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{15C34879-EAFF-42EE-B2FC-6032A45D6154} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{16C193A0-B500-43D8-90B6-16EC07527FFE} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{17C2682B-F70B-42DA-B4B8-7A528C43F079} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{1924C3F2-0E9B-458B-A7F4-FF2F576A4F78} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{1B205C61-03C9-43F1-AF65-8CB3FEAA1272} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{242E9230-6FE2-4CE1-AE36-DFDA48456423} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{25345C87-A192-4EC9-B5D8-9D3B4A7A40D4} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{25B65C1B-19D0-40EB-9F36-BE9938C00C00} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{25C1988F-E107-4C70-9C05-E0EEF0E688A6} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{291212C2-FAB8-48D1-9167-9FDEBFAB9172} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{293D6FD7-C413-4C61-9D6C-4CA583E78600} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{2A4AD39A-F5DA-4291-838A-4C76195C61A1} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{2AE0E9E7-2668-4CAE-9A57-0E62F9D785CB} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{2AE1E25C-FA8D-4C80-8CB6-3CE68EF371A4} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{2BA07D4D-B513-440D-A7C4-A79A56D80EDF} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{2EE0FDEA-8C45-4D0C-BE35-73F78FE70B59} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{327DD985-7421-467B-A3AE-D4443570D475} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{38A9BECD-2E9A-4E2C-B9D7-6E95567D1451} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{3943EDCF-E635-488E-8B17-197CDDCBB427} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{39E8B4FA-6F15-42DA-962A-5ADC47ABED42} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{3B4B4AA5-CCB4-4F3E-B837-E2AD015F6FAA} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{3D6A77C1-18C4-4DE3-ABA7-21984C695EF2} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{3E1D7AF8-B33F-4551-9686-0079A575C819} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{3F285B11-2C7C-4FCB-954D-794472BF1D0E} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{4B7791D9-ED84-4ABD-A2E2-DBBA5C14F437} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{4CDA1BDA-048C-4B0E-840F-A467BFC604B1} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{4E413674-596A-4619-8B6D-7E1481E87541} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{4EDDAE94-4F87-4E94-811E-AE1E30195534} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{547AA042-C755-45BE-83C4-31CD875B81F9} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{57B71F82-C604-49A3-BA28-771112B3490C} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{57C476AF-7F1E-4DD1-B12E-93C6280E03DC} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{5BF4047B-0A69-463F-85B6-68DB8C5FB35E} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{5C1A3D80-D013-4A7A-9EEB-656F781EB438} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{5D40B75A-5202-4D9C-B7C5-C5455C4BBB00} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{5E55F96E-6C6F-42FE-A6CB-9E53861F7563} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{63834807-4359-48FD-BF62-7D8863F721BB} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{63E27D86-46B4-40F1-9A5A-9C1897214CAC} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{660E91B4-2302-415B-B47D-C8FAAC7DA131} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{6BDCF08E-A7C9-42E0-A377-26952BF2739C} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{6BFEC9EB-0C1B-4F81-B168-A56C29854521} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{6C19D0FF-C0AC-4E8F-9C4F-9D9B85E41BD6} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{6D2C0535-6561-41DD-9313-74D59E34E09A} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{6D2FA173-B1DD-43C0-8B19-83E70A2C5C81} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{6F334917-95F2-4502-A038-12C514FA6C57} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{733CC209-B7BE-4ECE-8124-FBA5CA0F3772} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{73C2931F-9F85-43A3-999D-CB2390FFFDA4} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{74A3D68E-68AA-4BFE-9F24-D336C50303C7} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{7C7734B3-BC8F-47D6-B669-F969CE3286B4} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{7FE44546-F2B0-4DF2-9AB4-1577714F2CC4} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{8043A4D5-D200-4ED7-8D1E-9A9816DB9CF1} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{80A15F33-F1C2-463D-8C0F-CC1525761707} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{8428F79C-3087-4525-B974-4C88B1F9AB3D} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{87075AE3-25A1-4ACC-B447-67569B909200} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{876656A9-7894-4987-AAB1-F0D82AC1F820} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{87DF514F-A8AF-4804-9215-237B925F3B79} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{8A41C6F7-C550-47C5-9FE5-BFAD0274A84C} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{8DDA546F-9F22-450D-9E5D-8D6B469AC0FF} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{903AD6A5-6A2F-4D15-9A66-4DF54C206684} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{90DD6BFB-D707-4623-88A2-513E08381A9B} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{916D75D9-74C1-46A3-A103-A23C4E953E90} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{91965170-27B0-4895-9826-9EF59C22685B} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{940B5243-2813-441C-81A0-F1C764AD24C1} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{94BD44C8-31C4-474B-9BFE-4E1D9387C496} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{94F3F350-B165-49DF-B8B3-3F355D497425} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{953A3482-2446-4E63-A9E3-F552DFD843AC} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{95883926-EE4C-48D8-93DA-56E2AAF8BD29} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{98FD6E81-17F1-4559-B3DE-1D3B5779FDF5} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{9A91C4A5-5A9A-4043-B09D-99ECE8A903A7} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{9F3DE277-2EA1-425E-82E3-472496989741} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{9F736CB5-0703-49B6-B9DE-A004672584BC} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{A0F5F901-6DB6-4FAB-AE32-2197CA9600D8} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{AFBD314B-20D7-488B-A353-F59ECE9A62AC} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{AFCA2F0E-0AF8-4963-9F39-1AD79CEC8CFA} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{B6E5D64A-1083-47A8-8D87-B30761349FF1} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{B92637C4-C1BA-402E-B487-07A9BC29860F} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{B9E9C7CC-CEE7-4E2A-8F60-3AA81310BBFC} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{BABE6F37-900C-4934-A814-039EE9B62A39} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{BB73F1A4-D15C-4566-9337-0D88DDC9CF15} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{C0EA003C-419B-410A-B629-B9E47B4A65A5} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{C2A76685-61A8-4962-A222-E5EF1515EDD1} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{C2E735D6-D21A-4DF1-9A65-993C6602CF6C} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{C45C5FEC-3A73-498F-B68F-B93550E1597D} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{D58F6674-D68F-4CA0-BEA2-C4BEC14B6C5D} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{D7380B94-1820-44EB-8087-DFAF47595E8A} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{D9193E20-DA21-4FB6-A97A-BDEE9EAC9CDC} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{D9EDD4EC-1D1D-44F2-AFEA-38A790E3865F} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{DB6A1EAE-ECE4-4B64-9CFE-2830D43EB927} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{DFC3440A-DBEA-4FA5-9CC1-95CB79FA28CB} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{E0D93CC8-3117-40B5-AFDE-51A287778DF4} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{E2D31C33-D5BF-4097-9706-E2420080FC96} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{E53A8245-BD3A-47DD-8644-C48DBD05062C} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{EA2E10F5-3371-4D05-AD2F-76B79C0B7ABB} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{EADF6051-73FA-4BA0-9FC6-AAB44EE38108} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{EB232FCD-8937-44EB-8F9E-DF197F3DF8DF} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F092559B-011C-4D8A-8D03-4944C20EA61A} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F093A463-BAB7-4F8A-AB71-29EFAC5BAFD4} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F19B1198-9DDC-4C6E-BD00-EA9F9C4EBBEB} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F22BDAC1-E5F4-466C-9009-1DC6B945856F} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F261E3AD-E7F1-4AD5-8FC2-89D5FFE7F481} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F2CA207B-55A7-4DF5-AB89-6FC4A2C05BC0} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F3FF1B14-2CE2-48DF-9ED4-8A33D7DBC34F} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{F7A9AC6F-C98D-424E-B43F-6D34735E96A9} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{FBC639CE-6CAA-4A63-9E49-C23F0DBBE644} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\{FD9F0D4C-0D4E-428F-AB84-B4245DFA589E} (Empty Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\wandoujia (Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Local\wandoujia2 (Folder)
Successfully deleted: C:\Users\764HP050111\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\764HP050111\AppData\Roaming\dg (Folder)
Successfully deleted: C:\Users\764HP050111\funshion.ini (File)
Successfully deleted: C:\WINDOWS\SysWOW64\funshion.ini (File)
Successfully deleted: C:\Program Files (x86)\mydrivers (Folder)
Successfully deleted: C:\Program Files (x86)\wandoujia (Folder)

 

 

 

Registry: 0

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/13/2016 Wed at 13:05:59.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[dbreeze]

This should fix the dnsapi.dll / SFC issue.

 

Open a Administrator Command Prompt by pressing the Windows key and X, then click on Command Prompt (Admin).  (If that does not work see this site for additional directions.)

With the Windows Command Processor window open, copy and paste the following into the window:

DISM /Online /Cleanup-Image /RestoreHealth

 

Press enter and wait for the DISM command to finish processing (this should take about 5~10 minutes; it is normal for the progress to stay at 20% for sometime).  Once this is finished, if the DISM command made any changes, please reboot the system and try the SFC /SCANNOW utility again.  Let me know if there are any problems with these steps.

[lemonypotato]

DISM fails at 20% with error 1726. I have attached the dism.txt log file as well as cbs.txt, which seems to be helpful as I gleaned from another thread.

I have also tried to run Dism.exe /online /Cleanup-Image /StartComponentCleanup before running /RestoreHealth, which did complete but did not change the outcome.

dism.log

CBS.log

[dbreeze]

The repair options for the System Store gets a little limited.  You need to have an install ISO.  This article shows the steps and links the sources for the ISO (if you do not have one).  You would do Step 6 or Step 7 depending on what ISO (install disk) you have.

 

Other than these options, a Refresh Install or New Install would be in order.

[lemonypotato]

So, the methods above did not work and I kept getting the same error.

 

I managed to finally fix the system by downloading a Microsoft TechBench iso file, mounting that, and copying over the dnsapi.dll file from sysWOW64 in the image to my own sysWOW64. Doing a scan in adwcleaner helped me determine which exact dnsapi.dll was missing (it shows as the only result in the dll section). Who knew the fix was so simple?

 

Scanning now with malwarebytes anti-malware just to make sure nothing is left behind and installing Avira on the system for real-time protection. I've also got Malwarebytes anti-exploit running so hopefully this computer won't be affected again.

 

Thanks, dbreeze, for sticking through with me and helping me out! Without your help, I couldn't have done the malware removal part at all.

 

For all those following and viewing this thread (I notice shopperz has become quite a problem), I hope these forums have been a help to you.

[dbreeze]

Can you post the AdwCleaner log file for reference please?

 

Are all your scans coming up clean now?

[lemonypotato]

Yes, adwcleaner, malwarebytes, and avira scans are all coming up clear. Attached are the logs. Thanks again for the help!

AdwCleanerC4.txt

AdwCleanerS4.txt

[dbreeze]

Let's remove our tools and get you on your way!

 

All right!! Your logs are clean and you're good to go now!! We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks.


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here to your desktop and double click it to start the program
• Ensure Remove disinfection tools is ticked
  Also tick:
• Activate UAC
• Create registry backup
• Purge system restore
• Reset system settings
• 
• Click Run
• The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  

You can delete any log files left on your desktop as these are no longer needed.


Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :D :D

Now some information on programs to help keep you safe:

Along with Malwarebytes Antimalware, use the following as a base level security:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 or above is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!
 

[lemonypotato]

# DelFix v1.011 - Logfile created 15/01/2016 at 09:46:08
# Updated 18/08/2015 by Xplode
# Username : 764HP050111 - SUNRISEDRAGON
# Operating System : Windows 10 Home  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\TDSSKiller.3.1.0.9_11.01.2016_22.36.01_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_11.01.2016_22.39.23_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_12.01.2016_23.56.24_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_12.01.2016_23.56.59_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_12.01.2016_23.58.38_log.txt
Deleted : C:\TDSSKiller.3.1.0.9_13.01.2016_00.15.28_log.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

 

 

Heimdal checked, Avira installed, Firewall checked, and Unchecky installed!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!