Fix result of Farbar Recovery Scan Tool (x86) Version:07-01-2015 Ran by Travis P. Verrett (2016-01-10 16:40:19) Run:1 Running from C:\Documents and Settings\Travis P. Verrett\Desktop Loaded Profiles: Travis P. Verrett & Tesha M. Verrett (Available Profiles: Travis P. Verrett & Tesha M. Verrett) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] () Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] () HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14] CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07] CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09] CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17] S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] () S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X] 2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job 2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job 2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different" C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport C:\WINDOWS\system32\dmwu.exe C:\WINDOWS\system32\drivers\ulbgjnsr.sys Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: ***************** Restore point was successfully created. HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => value removed successfully. Could not move "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled" => Scheduled to move on reboot. C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled => moved successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} => value removed successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}" => key removed successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}" => key removed successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => key not found. "HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE9C612-31B1-4E7D-9196-8807A2FFF513}" => key removed successfully. HKCR\CLSID\{EEE9C612-31B1-4E7D-9196-8807A2FFF513} => key not found. "HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}" => key removed successfully. HKCR\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}" => key removed successfully.