geekbytes
-
Posts
59 -
Joined
-
Last visited
-
Well, here's a screen shot of the log from the server, it's all back in those desknowdata files, which are email locations for users. Short of having them delete the entire inbox, (which they can't do, they have to keep their emails) I don't know how i'm going to track this bugger down and stop it. I could only do a screen shot but it goes on for quite a bit.
-
I believe I found the mailbox that's generating all this crap. I'll report in the morninig.
-
I'm ready to scream. Did a full system scan with symantec...it starts going NUTS again. I'll export as soon as it's done.
-
I have another one! Trojan.downloader.ic
geekbytes replied to geekbytes's topic in Resolved Malware Removal Logs
I have indeed purchased Pro licenses... -
Thanks very much Psychotic, i think we can put this one to bed.
-
Here you go 2014/03/17 10:29:07 -0400 VRTWEBSVR administrator MESSAGE Starting protection 2014/03/17 10:29:07 -0400 VRTWEBSVR administrator MESSAGE Protection started successfully 2014/03/17 10:29:07 -0400 VRTWEBSVR administrator MESSAGE Starting IP protection 2014/03/17 10:29:11 -0400 VRTWEBSVR administrator MESSAGE IP Protection started successfully 2014/03/17 10:29:27 -0400 VRTWEBSVR administrator MESSAGE Starting database refresh 2014/03/17 10:29:27 -0400 VRTWEBSVR administrator MESSAGE Stopping IP protection 2014/03/17 10:29:27 -0400 VRTWEBSVR administrator MESSAGE IP Protection stopped successfully 2014/03/17 10:29:37 -0400 VRTWEBSVR administrator MESSAGE Database refreshed successfully 2014/03/17 10:29:37 -0400 VRTWEBSVR administrator MESSAGE Starting IP protection 2014/03/17 10:29:41 -0400 VRTWEBSVR administrator MESSAGE IP Protection started successfully 2014/03/17 10:34:27 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 10:34:30 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 10:34:36 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 10:40:36 -0400 VRTWEBSVR administrator MESSAGE Executing scheduled update: Daily 2014/03/17 10:40:42 -0400 VRTWEBSVR administrator MESSAGE Database already up-to-date 2014/03/17 11:51:21 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 11:51:24 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 11:51:30 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 11:55:51 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 11:55:54 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 11:56:00 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:10:46 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:10:49 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:10:55 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:55:17 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:55:20 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:55:26 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:58:17 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:58:20 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 12:58:26 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:10:24 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:10:27 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:10:33 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:12:45 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:12:48 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:12:54 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:52:59 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:53:02 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 13:53:08 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 14:48:03 -0400 VRTWEBSVR (null) IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 14:48:05 -0400 VRTWEBSVR (null) IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 14:48:12 -0400 VRTWEBSVR (null) IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 15:02:41 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 15:02:44 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing) 2014/03/17 15:02:50 -0400 VRTWEBSVR administrator IP-BLOCK 66.196.118.37 (Type: outgoing)
-
I have another one! Trojan.downloader.ic
geekbytes replied to geekbytes's topic in Resolved Malware Removal Logs
here's the addition and frst files after i cleaned with MWB Addition1.txt FRST1.txt -
Security check won't run. Says Operating system unsupported. I've been watching it, and malwarebytes pro keeps popping up with a ip address it keeps blocking
-
Here's the JRT file Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Microsoft Windows Server 2003 R2 x86 Ran by administrator on Mon 03/17/2014 at 15:28:42.78 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 03/17/2014 at 15:32:15.83 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
I have another one! Trojan.downloader.ic
geekbytes replied to geekbytes's topic in Resolved Malware Removal Logs
This is a different pc, btw. -
It seems as though the security was not kept in this environment: here's the Malwarebytes log: MBAM-log-2014-03-17 (13-45-52).txt
-
Here are the frst.txt and addition files Addition.txt FRST.txt
-
Friends PC, has stuff everywhere .... Scaned with malwarbytes, removed the 911 PUP entries. Ran Adwcleaner below's the log # AdwCleaner v3.022 - Report created 15/03/2014 at 23:13:04 # Updated 13/03/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Paula - PAULA # Running from : C:\Users\Paula\AppData\Local\Temp\dlmA2AA.tmp\adwcleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : Application Updater Service Found : FromDocToPDF_65Service ***** [ Files / Folders ] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk File Found : C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\gvq9lnsp.default\user.js Folder Found : C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj Folder Found : C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb Folder Found C:\AI_RecycleBin Folder Found C:\Program Files (x86)\albrechto Folder Found C:\Program Files (x86)\Application Updater Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found C:\Program Files (x86)\Common Files\Spigot Folder Found C:\Program Files (x86)\FromDocToPDF_65 Folder Found C:\Program Files (x86)\HiDefMedia Folder Found C:\Program Files (x86)\IObit Apps Toolbar Folder Found C:\Program Files\Level Quality Watcher Folder Found C:\ProgramData\AVG SafeGuard toolbar Folder Found C:\ProgramData\Conduit Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2 Folder Found C:\ProgramData\ParetoLogic Folder Found C:\ProgramData\VisualBee Folder Found C:\Users\Paula\AppData\Local\AVG SafeGuard toolbar Folder Found C:\Users\Paula\AppData\Local\FromDocToPDF_65 Folder Found C:\Users\Paula\AppData\Local\iWin Folder Found C:\Users\Paula\AppData\Local\NativeMessaging Folder Found C:\Users\Paula\AppData\Local\Temp\AirInstaller Folder Found C:\Users\Paula\AppData\Local\Temp\NativeMessaging Folder Found C:\Users\Paula\AppData\LocalLow\AVG SafeGuard toolbar Folder Found C:\Users\Paula\AppData\LocalLow\Conduit Folder Found C:\Users\Paula\AppData\LocalLow\FromDocToPDF_65 Folder Found C:\Users\Paula\AppData\LocalLow\iac Folder Found C:\Users\Paula\AppData\LocalLow\Search Settings Folder Found C:\Users\Paula\AppData\Roaming\DriverCure Folder Found C:\Users\Paula\AppData\Roaming\ParetoLogic Folder Found C:\Windows\SysWOW64\AI_RecycleBin Folder Found C:\Windows\SysWOW64\SearchProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\FromDocToPDF_65 Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\FromDocToPDF_65 Key Found : HKCU\Software\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2BD4465D-669A-42E6-B449-636B0B10EBB8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKCU\Software\Search Settings Key Found : HKCU\Software\SoftwareUpdater Key Found : HKCU\Software\wecarereminder Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\FromDocToPDF_65 Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Found : [x64] HKCU\Software\Search Settings Key Found : [x64] HKCU\Software\SoftwareUpdater Key Found : [x64] HKCU\Software\wecarereminder Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\Software\Application Updater Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B} Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1 Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Key Found : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\FromDocToPDF_65 Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Key Found : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin Key Found : HKLM\Software\Search Settings Key Found : HKLM\Software\SearchProtect Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader 64] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\gvq9lnsp.default\prefs.js ] -\\ Google Chrome v33.0.1750.117 [ File : C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [16120 octets] - [15/03/2014 23:13:04] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16181 octets] ##########
-
Here we go...am I FINALLY good? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-03-2014 02 Ran by administrator at 2014-03-13 12:15:50 Run:2 Running from C:\Documents and Settings\Administrator.VRTECH\Desktop\Jamie's Files Boot Mode: Normal ============================================== Content of fixlist: ***************** D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1b4e1-0.eml D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1c2c4-0.eml D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1c393-0.eml D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1d85c-0.eml D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1ef2f-0.eml ***************** D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1b4e1-0.eml => Moved successfully. D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1c2c4-0.eml => Moved successfully. D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1c393-0.eml => Moved successfully. D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1d85c-0.eml => Moved successfully. D:\desknowdata\usermail\vr-tech.org\les\Inbox\12a5eca22c7_A3XC_1ef2f-0.eml => Moved successfully. ==== End of Fixlog ====
-
My backups just started running, as soon as they finish, I'll run this. Thanks so much
