Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

no access to online accounts [Closed]

virus malware spyware

  • This topic is locked This topic is locked

#1
tverrettsr

tverrettsr

    New Member

  • Member
  • Pip
  • 4 posts

I have been locked out of two accounts online i use monthly. I though it was the web site after several unsuccessful attempts with new passwords and freezing the input box. But the same thing happen on a second account and their online support can not explain why. I input a new password and i get an error code saying the user and password do not match even after getting new ones for online support. Is this something new?

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if this makes a difference, if not we will go deeper

It might be worth removing the AVG toolbars http://arstechnica.c...ecurity-plugin/

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
tverrettsr

tverrettsr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Let me know if this makes a difference, if not we will go deeper

It might be worth removing the AVG toolbars http://arstechnica.c...ecurity-plugin/

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

Got a error and needs to close boxes but here is the logfile

Attached Files


  • 0

#4
tverrettsr

tverrettsr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

 

Let me know if this makes a difference, if not we will go deeper

It might be worth removing the AVG toolbars http://arstechnica.c...ecurity-plugin/

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

Got a error and needs to close boxes but here is the logfile

 

got two files not sure if you need both

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you now retry those accounts and see if you can access them...  There should be a fixlog generated by FRST could you post that


  • 0

#6
tverrettsr

tverrettsr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

still no luck on logging in to the accounts. Not acting the same in the password resets. But still can not access.

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you rerun the fix please as it only appears to have partially run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File
BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File
Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION
CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14]
CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17]
S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] ()
S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X]
2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk -> C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe () -> "C:\Program Files\InstallConverter bundle uninstaller\uninstaller.exe" "/appName=InstallConverter bundle uninstaller" "/linkurl=hxxp://www.conduit.com/searchprotect" "/searchProviderApp=SearchProtect" "/searchProvider=a different"
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport
C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\drivers\ulbgjnsr.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, malware, spyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP