Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91698 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infected by Titanuimres in System Restore ? [Closed]

titanuimres system restore points deleted

  • This topic is locked This topic is locked
23 replies to this topic

#16 sunnynap

sunnynap

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 June 2014 - 03:56 PM

Todays scan

 

 

# AdwCleaner v3.212 - Report created 10/06/2014 at 09:44:28
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pushba - PUSHPA-PETAL
# Running from : C:\Users\Pushba\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-GB)

[ File : C:\Users\Pushba\AppData\Roaming\Mozilla\Firefox\Profiles

\lzv8eylf.default-1384023942729\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Pushba\AppData\Local\Google\Chrome\User Data\Default

\preferences ]


*************************

AdwCleaner[R0].txt - [1854 octets] - [07/06/2014 08:53:53]
AdwCleaner[R1].txt - [1040 octets] - [07/06/2014 09:54:49]
AdwCleaner[R2].txt - [902 octets] - [10/06/2014 09:44:28]
AdwCleaner[S0].txt - [1899 octets] - [07/06/2014 08:56:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1021 octets]

##########
 


    Advertisements

Register to Remove


#17 sunnynap

sunnynap

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 June 2014 - 04:02 PM

Made an attempt to get "Microsoft Outlook' back up and running and ran the microsoft diagnotics tool.This could be that otherwise, I am really not sure what it would be about. 

 

C:\MGADiagToolOutput

 

duckduckgo.com -   I don't use this.  Use Firefox.

 

Hot Lead Finder v3.0 - Yes, installed by us.

 

Thank you Adam, really appreciate your time and assistance.



#18 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 10 June 2014 - 01:04 PM

Hello Kushla,
 

Here is the original scan results

Thank you for both logs. 
 

Thank you Adam, really appreciate your time and assistance.

No problem at all.  :) Please proceed with the following instructions.
 

Made an attempt to get "Microsoft Outlook' back up and running

When was the last time you attempted to access Microsoft Outlook? Please do so now, and let me know if the programme functions correctly or not. 
 
 
STEP 1
nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 2
V5fS8AB.png Windows Explorer

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Explorer and click OK.
  • In the Search This PC bar, type 54723283.sys and allow the search to fully complete. 
  • If the file is found, please make a note of the file location. If not, please skip STEP 3 and let me know. 
     

STEP 3
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File. Navigate to the file location you noted down, and select the following file:
    • 54723283.sys
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM\...\Run: [] => [X]
    AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
    SearchScopes: HKCU - {D98844C8-7BB8-4C5C-A966-DC5B498ED808} URL = https://duckduckgo.c...q={searchTerms}
    CMD: ipconfig /flushdns 
    CMD: ipconfig /renew
    end 
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Does Outlook function correctly?
  • Could you find the file?
  • (VirusTotal Results)
  • Fixlist.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#19 sunnynap

sunnynap

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 10 June 2014 - 08:48 PM

1) When I try to open Outlook I get the Outlook start up wizard.  When trying to close it I get the message "Microsoft Outlook is not completely configured on your computer.  Are you sure you want to exit "  I ckicked yes

2)I couldn't find the file

3) didn't run the Virus total Results

4)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
Ran by Pushba at 2014-06-11 14:47:50 Run:1
Running from C:\Users\Pushba\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
SearchScopes: HKCU - {D98844C8-7BB8-4C5C-A966-DC5B498ED808} URL = https://duckduckgo.c...q={searchTerms}
CMD: ipconfig /flushdns
CMD: ipconfig /renew
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D98844C8-7BB8-4C5C-A966-DC5B498ED808}' => Key deleted successfully.
'HKCR\CLSID\{D98844C8-7BB8-4C5C-A966-DC5B498ED808}'=> Key not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : telecom

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::9bc:6f9c:aa3c:283%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.66
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter isatap.{FA8AACE5-A046-4E7C-8CC5-31D52BB03686}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{F9311AFF-86AD-4C8F-9CF7-B6F4714DB783}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:200b:2bc0:3f57:febd
   Link-local IPv6 Address . . . . . : fe80::200b:2bc0:3f57:febd%19
   Default Gateway . . . . . . . . . : ::

Tunnel adapter Reusable ISATAP Interface {95F7E712-8B15-4981-ABBC-3F1DC1B82D20}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.telecom:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


==== End of Fixlog ====



#20 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 11 June 2014 - 10:17 AM

Hello Kushla,
 
Rather than troubleshoot your Microsoft Outlook issue here, I would like to direct you to our Tech team once I am confident no malware remains on your computer. Please carry out the following steps, and let me know how your computer is performing (excluding the Outlook issue). 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54723283.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54723283.sys => ""="Driver"
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • Comments on how your computer is performing

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#21 sunnynap

sunnynap

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 12 June 2014 - 09:15 PM

Hi Adam,

Just to let you know that I have resolved my Outlook issue.  There are a couple of things that I noticed after the last scan attempt which I thought I should mention.  I noticed a folder called desktop.ini (on my desktop) and some files got changed and hence unreadable.  They were not important so I deletedthem.  I noticed a couple of other files in odd places.  I will try and locate them if needed.



#22 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 13 June 2014 - 10:33 AM

Hello Kushla,
 

Just to let you know that I have resolved my Outlook issue.

Very good, I'm glad to hear.  :) How did you resolve the issue? What was the problem?
 

There are a couple of things that I noticed after the last scan attempt which I thought I should mention.

In the last step I had you show hidden files and folders. Desktop.ini, and other files/folders you're noticing were previously hidden. At the end of this process I will instruct you on how to reverse the changes to the setting. Desktop.ini and other files/folders will then disappear. 
 

some files got changed and hence unreadable

Which files? Was this after running the FRST Script from my previous reply? 
 
Please include Fixlog.txtFRST.txt and Addition.txt in your next reply. I need to confirm there are no malware entries in your logs.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#23 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 16 June 2014 - 11:09 AM

Hello Kushla,
 
How are you getting on? Do you require additional time to complete my instructions? If no response is made after 48 hours this thread will have to be locked. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#24 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 18 June 2014 - 11:09 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users