WARNING! Your flash player may be out of date. Please update to continue. "flashplayerpro"

[vibha]

WARNING! Your flash player may be out of date. Please update to continue. "flashplayerpro"
My system has slowed down a lot. A lot of ads coming just on a single click. DNS redirection problem in all the phones and mobiles connected to the router at home. Unable to access facebook and gmail everytime. I have to use the ipconfig /flushdns but that is just a temporary solution cause the problem reappears. Also have TubaeAdblocker stuck in extensions.

 

[TwinHeadedEagle]

Hi,



Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file

and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.

• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.


> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.

 

[vibha]

Thanks for responding so quickly.I had some work so could get back to doing the repair earlier. I tried downloading both the Malwarebytes Anti-Malware and Malware Anti-Rootkit. I thought I would run Anti-Malware first and then go for Anti-Rootkit since it requires DDA driver download for which it restarts the system. After running Anti-Malware I clicked yes to download DDA driver and restarting the PC. Now its showing Startup Repair window and after trying for a few minutes its showing the message "Windows cannot repair the computer automatically".Before the FRST.txt file was from my laptop. Today I was trying to fix problems on my PC. My laptop still has problems but for it I read somewhere that my host file must have been corrupted and that was the case. My file contained a line
127.0.0.1 something.adobe.com
don't remember the something.
I ran the file as administrator and removed that statement.
Anyway now the problem on my PC is more serious what should I do?

 

[TwinHeadedEagle]

Do not select Repair option, select Start Windows normally.

 

[vibha]

I ran Farbar Recovery Scan on my PC(Windows 7). I have attached the output file below.
Problems with my PC were.
1)Conduit search was present. Tried once or twice but couldn't remove it.
2)Redirect virus is present. Shows unable to load or Update adobe flash player.
3)Eventhough the Windows 7 installed is authentic it was showing Windows copy is not genuine.

 

[vibha]

I did not get that option it automatically starts startup repair.

 

[vibha]

intel
(pressed F8 selected Start Windows Normally)
Starting Windows
Windows is loading files
copyright Microsoft Corprotion
Startup Repair
Startup Repair cannot repair this computer automatically.

 

[TwinHeadedEagle]

Very good

You have very serious infection present. We will try to remove it in the next step:



Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your USB flashdrive.

>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

 

[vibha]

The first FRST.txt was from my laptop the next FRST.txt is from my PC.
Currently I am trying to fix my PC. Just wanted to clear up whether this fixlist.txt is for the PC or laptop?

 

[TwinHeadedEagle]

Please choose which machine would you like to fix first. Don't do anything on other one while we fixing the current one. Fixlist I provided is for second FRST.txt report you attached.

 

[vibha]

For the second machine. I ran the fix.
---The windows did start.
-- Again it showed the windows copy is not genuine.
--RunDLL error is displayed. The message is "There was a problem starting C:\User\Admin\AppData\Local\Conduit\BackgroundContainer\BakgroundContainer.dll The specified module could not be found".
--System Restore Error "System Restore did not complete successfully. Your computer's systems files and settings were not changed.
Details: System Restore is still in progress or did not complete.
You can try System Restore again and chose a different restore point. If you continue to see this error you can try advanced recovery method.
Two buttons are shown RUN SYSTEM RESTORE and CLOSE."

The windows copy is not genuine error is still displayed. Should I try SLMGR -REARM command.

 

[TwinHeadedEagle]

Very good

The windows copy is not genuine error is still displayed. Should I try SLMGR -REARM command.

You can type slmgr /rearm in Run dialog.

***** NEXT *****​

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***** NEXT *****​

Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file

and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.

• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.


> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.

 

[vibha]

These are the files generated.

 

[TwinHeadedEagle]

We still need more work on this PC, so please take your time and do it one by one:


First, go to Control Panel and uninstall following:
- Adobe Reader 8.1.1
- Mobogenie
- J2SE Runtime Environment 5.0
- Java 7 Update 17
- McAfee Security Scan Plus
- Search Protect
- uTorrentControl_v2 Toolbar
- WPM17.8.0.3297

Latest versions of Java and Adobe Reader available here --> http://www.java.com/en/ and here http://get.adobe.com/uk/reader/
Make sure to uncheck optional offers.

***** NEXT *****​

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  emptyfolderscheck;delete
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns;b

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

***** NEXT *****​

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

***** NEXT *****​

==========================================================================================================
Things I need you to do:
- fixlog.txt
- Zoek report
- FSS.txt
=======================================================================================================================

 

[vibha]

I am doing the following steps on my PC. But I am unable to access the internet, could it possibly be affected by the scan. Its connected through a LAN. I tried working with a wireless network too but its not working. I tried connection the LAN with my laptop and its detecting the LAN and working fine. What should I do?

 

[TwinHeadedEagle]

Try to restart your PC. If it doesn't help, can you transfer required tools via USB on this PC?

 

[vibha]

Yeah I am using my laptop to download FSS and zoek.I followed all the steps except for installing java and adobe reader. On my laptop even flushdns is not working now. Yet I tried to download the java and adobe files. But for these websites its redirecting to absurd addresses. I have taken a screen shot.I tried restarting the PC but it wasn't helpful. Its showing Enabled in the Local Area Connection.(Its detecting the presence of the RJ-45 cable connected) but not connection to the internet.While the same LAN is working fine with my laptop.

 

[TwinHeadedEagle]

Download this software --> http://www.majorgeeks.com/files/details/complete_internet_repair.html

Check all boxes and press Go. Tell me is internet fixed after this.

 

[vibha]

No that didn't help. The same connection looks like this in PC and Laptop. My guess is that the Enabled should automatically change to Sapana .
This is how the connection looks on PC.



This is how it looks for Laptop

 

[TwinHeadedEagle]

Very, very strange. Did you try to reset your router? I don't know how this could happen. Tools we used don't have nothing with this.