23 replies to this topic

[sunnynap]

Todays scan

 

 

# AdwCleaner v3.212 - Report created 10/06/2014 at 09:44:28
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pushba - PUSHPA-PETAL
# Running from : C:\Users\Pushba\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-GB)

[ File : C:\Users\Pushba\AppData\Roaming\Mozilla\Firefox\Profiles

\lzv8eylf.default-1384023942729\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Pushba\AppData\Local\Google\Chrome\User Data\Default

\preferences ]


*************************

AdwCleaner[R0].txt - [1854 octets] - [07/06/2014 08:53:53]
AdwCleaner[R1].txt - [1040 octets] - [07/06/2014 09:54:49]
AdwCleaner[R2].txt - [902 octets] - [10/06/2014 09:44:28]
AdwCleaner[S0].txt - [1899 octets] - [07/06/2014 08:56:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1021 octets]

##########
 

[sunnynap]

Made an attempt to get "Microsoft Outlook' back up and running and ran the microsoft diagnotics tool.This could be that otherwise, I am really not sure what it would be about. 

 

C:\MGADiagToolOutput

 

duckduckgo.com -   I don't use this.  Use Firefox.

 

Hot Lead Finder v3.0 - Yes, installed by us.

 

Thank you Adam, really appreciate your time and assistance.

[LiquidTension]

Hello Kushla,
 

Here is the original scan results

Thank you for both logs. 
 

Thank you Adam, really appreciate your time and assistance.

No problem at all.   Please proceed with the following instructions.
 

Made an attempt to get "Microsoft Outlook' back up and running

When was the last time you attempted to access Microsoft Outlook? Please do so now, and let me know if the programme functions correctly or not. 
 
 
STEP 1
 Folder Options 

• Press the Windows Key  + r on your keyboard at the same time. Type Control Folders and click OK.
• Click View. Under Hidden files and folders: 
• Place a checkmark next to Show hidden files, folders and drives.
• Remove the checkmark next to Hide extensions for known file types.
• Remove the checkmark next to Hide protected operating system Files (Recommended).
• Click Apply followed by OK.
   

STEP 2
 Windows Explorer

• Press the Windows Key  + r on your keyboard at the same time. Type Explorer and click OK.
• In the Search This PC bar, type 54723283.sys and allow the search to fully complete. 
• If the file is found, please make a note of the file location. If not, please skip STEP 3 and let me know. 
   

STEP 3
 VirusTotal Upload

• Please go to VirusTotal.com.
• Click Choose File. Navigate to the file location you noted down, and select the following file:
  • 54723283.sys
• ​Click Scan it!.
• If you receive the following notification: File already analysed click Reanalyse.
• Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
   

STEP 4
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.

  start
  HKLM\...\Run: [] => [X]
  AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
  SearchScopes: HKCU - {D98844C8-7BB8-4C5C-A966-DC5B498ED808} URL = https://duckduckgo.c...q={searchTerms}
  CMD: ipconfig /flushdns 
  CMD: ipconfig /renew
  end 

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 5
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Does Outlook function correctly?
• Could you find the file?
• (VirusTotal Results)
• Fixlist.txt

[sunnynap]

1) When I try to open Outlook I get the Outlook start up wizard.  When trying to close it I get the message "Microsoft Outlook is not completely configured on your computer.  Are you sure you want to exit "  I ckicked yes

2)I couldn't find the file

3) didn't run the Virus total Results

4)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
Ran by Pushba at 2014-06-11 14:47:50 Run:1
Running from C:\Users\Pushba\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
SearchScopes: HKCU - {D98844C8-7BB8-4C5C-A966-DC5B498ED808} URL = https://duckduckgo.c...q={searchTerms}
CMD: ipconfig /flushdns
CMD: ipconfig /renew
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D98844C8-7BB8-4C5C-A966-DC5B498ED808}' => Key deleted successfully.
'HKCR\CLSID\{D98844C8-7BB8-4C5C-A966-DC5B498ED808}'=> Key not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : telecom

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::9bc:6f9c:aa3c:283%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.66
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter isatap.{FA8AACE5-A046-4E7C-8CC5-31D52BB03686}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{F9311AFF-86AD-4C8F-9CF7-B6F4714DB783}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:200b:2bc0:3f57:febd
   Link-local IPv6 Address . . . . . : fe80::200b:2bc0:3f57:febd%19
   Default Gateway . . . . . . . . . : ::

Tunnel adapter Reusable ISATAP Interface {95F7E712-8B15-4981-ABBC-3F1DC1B82D20}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.telecom:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


==== End of Fixlog ====

[LiquidTension]

Hello Kushla,
 
Rather than troubleshoot your Microsoft Outlook issue here, I would like to direct you to our Tech team once I am confident no malware remains on your computer. Please carry out the following steps, and let me know how your computer is performing (excluding the Outlook issue). 

STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.

  start
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54723283.sys => ""="Driver"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54723283.sys => ""="Driver"
  end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 2
 Farbar Recovery Scan Tool (FRST) Scan

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
   

======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Fixlog.txt
• FRST.txt
• Addition.txt
• Comments on how your computer is performing

[sunnynap]

Hi Adam,

Just to let you know that I have resolved my Outlook issue.  There are a couple of things that I noticed after the last scan attempt which I thought I should mention.  I noticed a folder called desktop.ini (on my desktop) and some files got changed and hence unreadable.  They were not important so I deletedthem.  I noticed a couple of other files in odd places.  I will try and locate them if needed.

[LiquidTension]

Hello Kushla,
 

Just to let you know that I have resolved my Outlook issue.

Very good, I'm glad to hear.   How did you resolve the issue? What was the problem?
 

There are a couple of things that I noticed after the last scan attempt which I thought I should mention.

In the last step I had you show hidden files and folders. Desktop.ini, and other files/folders you're noticing were previously hidden. At the end of this process I will instruct you on how to reverse the changes to the setting. Desktop.ini and other files/folders will then disappear. 
 

some files got changed and hence unreadable

Which files? Was this after running the FRST Script from my previous reply? 
 
Please include Fixlog.txt, FRST.txt and Addition.txt in your next reply. I need to confirm there are no malware entries in your logs.

[LiquidTension]

Hello Kushla,
 
How are you getting on? Do you require additional time to complete my instructions? If no response is made after 48 hours this thread will have to be locked. 

[CatByte]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic