I have been locked out of two accounts online i use monthly. I though it was the web site after several unsuccessful attempts with new passwords and freezing the input box. But the same thing happen on a second account and their online support can not explain why. I input a new password and i get an error code saying the user and password do not match even after getting new ones for online support. Is this something new?
#1
Posted 08 January 2016 - 04:51 PM
#2
Posted 09 January 2016 - 05:37 AM
It might be worth removing the AVG toolbars http://arstechnica.c...ecurity-plugin/
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
#3
Posted 10 January 2016 - 04:56 PM
Let me know if this makes a difference, if not we will go deeper
It might be worth removing the AVG toolbars http://arstechnica.c...ecurity-plugin/
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
Got a error and needs to close boxes but here is the logfile
Attached Files
#4
Posted 10 January 2016 - 06:30 PM
Let me know if this makes a difference, if not we will go deeper
It might be worth removing the AVG toolbars http://arstechnica.c...ecurity-plugin/
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
Got a error and needs to close boxes but here is the logfile
got two files not sure if you need both
Attached Files
#5
Posted 11 January 2016 - 08:26 AM
Could you now retry those accounts and see if you can access them... There should be a fixlog generated by FRST could you post that
#6
Posted 11 January 2016 - 07:43 PM
still no luck on logging in to the accounts. Not acting the same in the password resets. But still can not access.
Attached Files
#7
Posted 12 January 2016 - 08:30 AM
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
#8
Posted 18 January 2016 - 08:32 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
Also tagged with one or more of these keywords: virus, malware, spyware
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users