Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searchnet.blinkxcore.com


  • This topic is locked This topic is locked
46 replies to this topic

#1 okorn31

okorn31

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 01 February 2015 - 02:33 PM

Searchnet.blinkxcore.com usually gets activated when I download a file and then the CPU usage skyrockets to 90 to 100% while MBAM provides notifications that it is blocking malicious website searchnet.blinkxcore.com.  However, when I run MBAM or TDSSKiller, nothing is found.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Mark (administrator) on TARHEELSPRINGS on 01-02-2015 14:21:45
Running from C:\Users\Mark\Desktop\tools
Loaded Profiles: Mark (Available profiles: Mark & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Users\Mark\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-12-05] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-28] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-11-28] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-11] (Easybits)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-22] (TomTom)
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-16] (Google Inc.)
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Run: [Google Update] => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-30] (Google Inc.)
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Run: [MusicManager] => C:\Users\Mark\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 SE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.0 SE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {EFDD6219-A7E8-4854-A6E2-85508D4D877C} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.0.1.100&o=APN10614&tpid=ORJ-V7&apn_uid=9D89C9ED-65D0-4614-8113-EB7D7CF0D122&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_10.0.9200.16660&doi=2013-08-16&trgb=IE&q={searchTerms}&psv=
BHO: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\1yhgnh3z.default
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin -> C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2640326095-2718370319-2933557068-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2640326095-2718370319-2933557068-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-12-12]

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2012-07-15]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-11-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 14:21 - 2015-02-01 14:21 - 00000000 ____D () C:\FRST
2015-02-01 14:20 - 2015-02-01 14:20 - 00005798 _____ () C:\Windows\SysWOW64\Avira_1_Id.Avira.OE.Setup.Msi.log
2015-02-01 14:20 - 2015-02-01 14:20 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-01 14:13 - 2015-02-01 14:21 - 00000000 ____D () C:\Users\Mark\Desktop\tools
2015-01-17 11:16 - 2015-01-17 11:16 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2015-01-17 11:15 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Users\Mark\AppData\Local\{A3B842ED-535E-4943-9C9C-0558E60A352A}
2015-01-14 09:55 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:55 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:55 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:55 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:55 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:55 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:55 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:55 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:55 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:55 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:55 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:55 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:39 - 2015-01-14 09:39 - 00000000 ____D () C:\Users\Mark\AppData\Local\{7E73A9C5-6E14-4E74-A08D-C31C1BFC0225}
2015-01-13 20:45 - 2015-01-13 20:45 - 00000000 ____D () C:\Users\Mark\AppData\Local\{9C82149C-9595-4887-854E-3248370EA93E}
2015-01-13 07:58 - 2015-01-13 07:58 - 00000000 ____D () C:\Users\Mark\AppData\Local\{349D79C9-744C-4A30-94AB-EB70F3EF956A}
2015-01-12 12:54 - 2015-01-12 12:55 - 00000000 ____D () C:\Users\Mark\AppData\Local\{53B2584F-F3B1-49BB-9644-CD9F57BC2C1C}
2015-01-07 09:46 - 2015-01-07 09:46 - 00000000 ____D () C:\Users\Mark\AppData\Local\{9003FA25-2304-45A3-A2EA-351EF1EA05EE}
2015-01-03 22:21 - 2015-01-03 22:21 - 00065504 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 22:21 - 2015-01-03 22:21 - 00065504 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 22:21 - 2015-01-03 22:21 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Mozilla
2015-01-03 22:21 - 2015-01-03 22:21 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Macromedia
2015-01-03 22:21 - 2015-01-03 22:21 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Local\AskPartnerNetwork
2015-01-03 22:20 - 2015-01-03 22:21 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D5F6A43-452E-4725-B410-3117E5EA0869}
2015-01-03 22:20 - 2015-01-03 22:20 - 00065504 _____ () C:\Users\Administrator.tarheelsprings\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 22:20 - 2015-01-03 22:20 - 00001413 _____ () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 __SHD () C:\Users\Administrator.tarheelsprings\AppData\Local\EmieUserList
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 __SHD () C:\Users\Administrator.tarheelsprings\AppData\Local\EmieSiteList
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 __SHD () C:\Users\Administrator.tarheelsprings\AppData\Local\EmieBrowserModeList
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Synaptics
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Intel Corporation
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\hpqLog
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Apple Computer
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Adobe
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Local\Panasonic
2015-01-03 22:20 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Local\Google
2015-01-03 22:19 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings
2015-01-03 22:19 - 2015-01-03 22:19 - 00000020 ___SH () C:\Users\Administrator.tarheelsprings\ntuser.ini
2015-01-03 22:19 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 22:19 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 14:23 - 2011-09-23 00:59 - 02015928 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 14:21 - 2013-07-09 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 14:20 - 2013-08-06 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-01 14:20 - 2013-08-06 07:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-01 14:19 - 2014-12-15 23:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 14:19 - 2011-10-16 20:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 14:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 14:18 - 2009-07-13 23:51 - 00085189 _____ () C:\Windows\setupact.log
2015-02-01 14:15 - 2011-10-16 20:07 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEB72E9B-7F41-44B7-866B-50F9A7E6A280}
2015-02-01 13:45 - 2011-10-16 20:46 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 13:44 - 2014-12-30 12:23 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2640326095-2718370319-2933557068-1000UA.job
2015-02-01 13:44 - 2012-04-14 18:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 12:28 - 2014-12-30 12:23 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2640326095-2718370319-2933557068-1000Core.job
2015-02-01 09:20 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 09:20 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:48 - 2011-10-29 17:32 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2015-01-31 21:22 - 2010-11-20 22:47 - 00582036 _____ () C:\Windows\PFRO.log
2015-01-31 21:14 - 2014-04-09 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Spotify
2015-01-31 20:48 - 2012-07-15 15:48 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 17:53 - 2013-08-09 20:12 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Mark.job
2015-01-30 14:53 - 2014-01-29 12:31 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMark.job
2015-01-30 14:53 - 2013-12-17 10:07 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark
2015-01-28 19:58 - 2014-04-09 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Local\Spotify
2015-01-28 09:43 - 2013-06-17 10:53 - 00001127 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GP5.lnk
2015-01-28 09:43 - 2013-06-17 10:53 - 00001127 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\GP5.lnk
2015-01-28 09:43 - 2013-06-17 10:52 - 00001127 _____ () C:\Users\Mark\Desktop\GP5.lnk
2015-01-26 14:52 - 2011-11-08 06:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-26 14:52 - 2011-10-17 20:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-25 10:43 - 2012-04-14 18:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 10:43 - 2012-04-14 18:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 10:43 - 2011-10-18 18:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 20:13 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 19:12 - 2013-06-17 10:52 - 00000000 ____D () C:\Users\Mark\Documents\gp5
2015-01-15 15:13 - 2011-12-20 21:44 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Windows Live Writer
2015-01-15 09:23 - 2013-08-16 06:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:18 - 2012-04-11 18:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 22:21 - 2013-08-06 07:06 - 00000000 ____D () C:\ProgramData\Avira
2015-01-03 22:20 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

==================== Files in the root of some directories =======

2014-03-10 19:14 - 2014-03-10 19:14 - 0001540 _____ () C:\Users\Mark\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Administrator.tarheelsprings\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\APNSetup.exe
C:\Users\Mark\AppData\Local\Temp\AskSLib.dll
C:\Users\Mark\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\avguidx.dll
C:\Users\Mark\AppData\Local\Temp\burnsetup.exe
C:\Users\Mark\AppData\Local\Temp\EBU149C.exe
C:\Users\Mark\AppData\Local\Temp\EBU168F.DLL
C:\Users\Mark\AppData\Local\Temp\Extract.exe
C:\Users\Mark\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Mark\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mark\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mark\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mark\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Mark\AppData\Local\Temp\oi_{C724B347-9A3C-4765-84C8-398B76FC71DB}.exe
C:\Users\Mark\AppData\Local\Temp\Resource.exe
C:\Users\Mark\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Mark\AppData\Local\Temp\setup-gp5-updater.exe
C:\Users\Mark\AppData\Local\Temp\SP52615.exe
C:\Users\Mark\AppData\Local\Temp\SP53462.exe
C:\Users\Mark\AppData\Local\Temp\SP53794.exe
C:\Users\Mark\AppData\Local\Temp\sp54373.exe
C:\Users\Mark\AppData\Local\Temp\sp54620.exe
C:\Users\Mark\AppData\Local\Temp\SP54714.exe
C:\Users\Mark\AppData\Local\Temp\SP55092.exe
C:\Users\Mark\AppData\Local\Temp\SP55094.exe
C:\Users\Mark\AppData\Local\Temp\SP55101.exe
C:\Users\Mark\AppData\Local\Temp\SP55102.exe
C:\Users\Mark\AppData\Local\Temp\SP55104.exe
C:\Users\Mark\AppData\Local\Temp\SP55107.exe
C:\Users\Mark\AppData\Local\Temp\SP55109.exe
C:\Users\Mark\AppData\Local\Temp\SP55151.exe
C:\Users\Mark\AppData\Local\Temp\SP55152.exe
C:\Users\Mark\AppData\Local\Temp\sp58915.exe
C:\Users\Mark\AppData\Local\Temp\sp64126.exe
C:\Users\Mark\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Mark\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mark\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Mark\AppData\Local\Temp\_is65CB.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 16:33

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 01 February 2015 - 05:49 PM

Hello  okorn31  and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

---------------------------------------------------------------------------------------------------------------------

 

 I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

Regards

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 01 February 2015 - 07:04 PM

Hi okorn31,

 

Please do the following.

 

Please provide the protection log by MBAM.

 

Next >>>

 

Please download Farbar Recovery Scan Tool (64Bit)  and save it to your desktop.

Start FRST.
Enter searchnet;blinkxcore into the Search box.
Hit Search Registry.
When the scan has finished, a Search.txt log is saved at the same location that FRST.exe is located.
Please post it here.

 

Thanks.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 okorn31

okorn31
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 01 February 2015 - 08:44 PM

Hi...thanks in advance for your help.  Below are the MBAM protection log and the FRST search results.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 1/31/2015 10:05:44 AM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.30.8, 2015.1.31.3,
Protection, 1/31/2015 10:05:44 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 10:05:44 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 10:05:45 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 10:07:05 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 10:07:05 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 10:07:05 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Scan, 1/31/2015 10:42:13 AM, SYSTEM, TARHEELSPRINGS, Manual, Start:1/31/2015 10:07:28 AM, Duration:34 min 43 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.31.3, 2015.1.31.4,
Protection, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 11:03:07 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 11:03:07 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 11:03:07 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Update, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.31.4, 2015.1.31.5,
Protection, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 3:53:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 3:53:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 3:53:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Update, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.31.5, 2015.1.31.6,
Protection, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 5:12:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 5:12:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 5:12:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Update, 1/31/2015 6:07:20 PM, SYSTEM, TARHEELSPRINGS, Scheduler, Failed, Unable to access update server,
Detection, 1/31/2015 9:15:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57057, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:07 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57058, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:17 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57057, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57179, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57180, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57181, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57182, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57183, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57184, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57186, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57185, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57187, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57188, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57189, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57190, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57192, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57191, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57193, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57194, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57195, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57196, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57197, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57198, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57226, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57227, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57230, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57231, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:24 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57246, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57313, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 9:15:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57314, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 9:15:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57579, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 9:15:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57578, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 9:16:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57609, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:16:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57608, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57761, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57761, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57763, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57752, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 57750, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 57750, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57767, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57768, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57769, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57759, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:28 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Protection, 1/31/2015 9:22:42 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Starting,
Protection, 1/31/2015 9:22:42 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Started,
Protection, 1/31/2015 9:22:42 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 9:25:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Detection, 1/31/2015 10:57:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51437, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 10:57:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51437, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 10:57:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51438, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 10:57:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51512, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 10:57:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51513, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 10:57:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51526, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 10:57:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51527, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 10:57:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51528, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51635, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51636, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51653, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51652, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51660, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51659, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51687, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51688, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51691, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51692, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51693, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51695, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:58:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51798, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:58:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51799, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:58:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51813, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:58:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51814, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:58:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51855, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:58:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51856, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:58:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52333, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52334, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:13 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52480, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:14 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52481, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52733, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 10:58:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52734, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:01:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57429, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:01:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57430, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:03:10 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59354, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:03:10 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59358, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:03:10 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59363, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Protection, 1/31/2015 11:04:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Starting,
Protection, 1/31/2015 11:04:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Started,
Protection, 1/31/2015 11:04:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 11:06:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49635, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49635, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49634, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49639, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49638, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49640, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49641, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49643, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49644, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49645, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49646, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49652, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49653, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49654, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49655, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49656, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49657, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49679, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49678, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49683, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49682, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49686, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:32 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49687, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49731, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:22:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49732, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:22:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49739, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:22:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49738, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:22:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49790, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49791, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:46 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49810, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:46 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49809, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49832, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49833, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49834, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49835, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:53 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49860, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:22:53 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49861, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:22:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49925, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:22:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49926, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Protection, 1/31/2015 11:24:36 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Starting,
Protection, 1/31/2015 11:24:36 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Started,
Protection, 1/31/2015 11:24:36 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 11:25:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Detection, 1/31/2015 11:27:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49287, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:27:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49287, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:01 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49286, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:01 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49319, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:01 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49320, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49357, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49358, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49361, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49362, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:28:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49468, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49469, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50146, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:28:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50147, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:29:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50443, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:29:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50444, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:29:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50463, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:29:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50462, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:29:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50560, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:29:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50561, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:31:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 50958, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:31:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 50958, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:31:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 50959, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:32:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53770, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:32:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53771, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:33:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 54161, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:33:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 54160, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:35:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 55568, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:35:54 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57373, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:35:54 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57376, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:37:06 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 60562, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:37:06 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 60563, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:37:06 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 60562, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:37:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61179, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:37:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61178, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:38:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62221, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62222, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:15 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62271, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:38:15 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62272, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:38:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62686, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:38:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62687, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:38:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62754, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:38:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62755, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:38:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63060, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63061, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63140, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:38:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63139, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:39:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63706, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:39:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63707, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:39:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 63902, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:39:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 63902, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:40:14 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 62198, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:40:16 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 62198, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:40:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49479, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:40:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49480, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:41:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49649, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:41:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49650, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:41:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49765, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:41:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49766, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:43:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51663, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:43:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51662, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:43:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51705, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:43:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51706, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:46:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56292, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:46:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56291, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:46:19 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56474, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:46:19 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56475, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:46:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56490, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:46:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56491, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:47:35 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58311, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 11:47:35 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58312, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 11:48:24 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59060, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:48:24 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59061, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:48:56 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59624, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 11:48:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59623, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 11:49:50 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61046, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:49:50 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61045, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:49:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61168, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:49:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61169, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:52:00 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63715, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:52:00 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63716, Outbound, C:\Windows\SysWOW64\cmmon32.exe,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 1/31/2015 10:05:44 AM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.30.8, 2015.1.31.3,
Protection, 1/31/2015 10:05:44 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 10:05:44 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 10:05:45 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 10:07:05 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 10:07:05 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 10:07:05 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Scan, 1/31/2015 10:42:13 AM, SYSTEM, TARHEELSPRINGS, Manual, Start:1/31/2015 10:07:28 AM, Duration:34 min 43 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.31.3, 2015.1.31.4,
Protection, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 11:02:36 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 11:03:07 AM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 11:03:07 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 11:03:07 AM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Update, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.31.4, 2015.1.31.5,
Protection, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 3:53:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 3:53:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 3:53:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 3:53:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Update, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Scheduler, Malware Database, 2015.1.31.5, 2015.1.31.6,
Protection, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Starting,
Protection, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopping,
Protection, 1/31/2015 5:12:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Stopped,
Protection, 1/31/2015 5:12:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Refresh, Success,
Protection, 1/31/2015 5:12:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 5:12:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Update, 1/31/2015 6:07:20 PM, SYSTEM, TARHEELSPRINGS, Scheduler, Failed, Unable to access update server,
Detection, 1/31/2015 9:15:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57057, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:07 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57058, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:17 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57057, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57179, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57180, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57181, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57182, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57183, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57184, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57186, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57185, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57187, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57188, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57189, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57190, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57192, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57191, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:21 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57193, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57194, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57195, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57196, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57197, Outbound, C:\Windows\SysWOW64\svchost.exe,
Detection, 1/31/2015 9:15:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57198, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57226, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57227, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57230, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57231, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 9:15:24 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57246, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 9:15:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57313, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 9:15:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57314, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 9:15:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57579, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 9:15:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57578, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 9:16:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57609, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:16:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57608, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57761, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57761, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57763, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57752, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 57750, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 57750, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57767, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57768, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57769, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 57759, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:28 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 9:16:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 57756, Inbound, C:\Windows\System32\svchost.exe,
Protection, 1/31/2015 9:22:42 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Starting,
Protection, 1/31/2015 9:22:42 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Started,
Protection, 1/31/2015 9:22:42 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 9:25:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Detection, 1/31/2015 10:57:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51437, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 10:57:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51437, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 10:57:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51438, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 10:57:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51512, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 10:57:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51513, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 10:57:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51526, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 10:57:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51527, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 10:57:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51528, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51635, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51636, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51653, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51652, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51660, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 10:57:58 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51659, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51687, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51688, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51691, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51692, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51693, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:57:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51695, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:58:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51798, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:58:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51799, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 10:58:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51813, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:58:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51814, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 10:58:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51855, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:58:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51856, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 10:58:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52333, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52334, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:13 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52480, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:14 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52481, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 10:58:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52733, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 10:58:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52734, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:01:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57429, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:01:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57430, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:03:10 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59354, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:03:10 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59358, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:03:10 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59363, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Protection, 1/31/2015 11:04:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Starting,
Protection, 1/31/2015 11:04:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Started,
Protection, 1/31/2015 11:04:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 11:06:02 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49635, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49635, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49634, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49639, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49638, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49640, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49641, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49643, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49644, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49645, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:29 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49646, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49652, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49653, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49654, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49655, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49656, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:30 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49657, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49679, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49678, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49683, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49682, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49686, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:32 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49687, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:22:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49731, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:22:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49732, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:22:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49739, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:22:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49738, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:22:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49790, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49791, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:46 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49810, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:46 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49809, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49832, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49833, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49834, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49835, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:22:53 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49860, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:22:53 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49861, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:22:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49925, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:22:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49926, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Protection, 1/31/2015 11:24:36 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Starting,
Protection, 1/31/2015 11:24:36 PM, SYSTEM, TARHEELSPRINGS, Protection, Malware Protection, Started,
Protection, 1/31/2015 11:24:36 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Starting,
Protection, 1/31/2015 11:25:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, Started,
Detection, 1/31/2015 11:27:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49287, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:27:59 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49287, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:01 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49286, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:01 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49319, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:01 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49320, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49357, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49358, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49361, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:28:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49362, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:28:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49468, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:09 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49469, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:28:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50146, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:28:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50147, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:29:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50443, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:29:03 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50444, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:29:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50463, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:29:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50462, Outbound, C:\Windows\SysWOW64\dllhost.exe,
Detection, 1/31/2015 11:29:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50560, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:29:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50561, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:31:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 50958, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:31:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 50958, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:31:51 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 50959, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:32:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53770, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:32:48 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 53771, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:33:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 54161, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:33:25 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 54160, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:35:38 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.192.92, 55568, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:35:54 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57373, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:35:54 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57376, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:37:06 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 60562, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:37:06 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 60563, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:37:06 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.116, 60562, Outbound, C:\Windows\SysWOW64\ctfmon.exe,
Detection, 1/31/2015 11:37:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61179, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:37:33 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61178, Outbound, C:\Windows\SysWOW64\systray.exe,
Detection, 1/31/2015 11:38:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62221, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:12 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62222, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:15 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62271, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:38:15 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62272, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:38:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62686, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:38:31 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62687, Outbound, C:\Windows\SysWOW64\wiaacmgr.exe,
Detection, 1/31/2015 11:38:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62754, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:38:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62755, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:38:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63060, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:49 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63061, Outbound, C:\Windows\SysWOW64\rundll32.exe,
Detection, 1/31/2015 11:38:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63140, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:38:52 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63139, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:39:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63706, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:39:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63707, Outbound, C:\Windows\SysWOW64\fixmapi.exe,
Detection, 1/31/2015 11:39:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 63902, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:39:23 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 63902, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:40:14 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 62198, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:40:16 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 31.184.194.6, 62198, Inbound, C:\Windows\System32\svchost.exe,
Detection, 1/31/2015 11:40:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49479, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:40:41 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49480, Outbound, C:\Windows\SysWOW64\wextract.exe,
Detection, 1/31/2015 11:41:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49649, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:41:04 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49650, Outbound, C:\Windows\SysWOW64\dplaysvr.exe,
Detection, 1/31/2015 11:41:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49765, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:41:18 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49766, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:43:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51663, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:43:22 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51662, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:43:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51705, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:43:34 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51706, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:46:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56292, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:46:11 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56291, Outbound, C:\Windows\SysWOW64\regsvr32.exe,
Detection, 1/31/2015 11:46:19 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56474, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:46:19 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56475, Outbound, C:\Windows\SysWOW64\dllhst3g.exe,
Detection, 1/31/2015 11:46:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56490, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:46:20 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56491, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:47:35 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58311, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 11:47:35 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58312, Outbound, C:\Windows\SysWOW64\dpnsvr.exe,
Detection, 1/31/2015 11:48:24 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59060, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:48:24 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59061, Outbound, C:\Windows\SysWOW64\dvdupgrd.exe,
Detection, 1/31/2015 11:48:56 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59624, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 11:48:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 59623, Outbound, C:\Windows\SysWOW64\upnpcont.exe,
Detection, 1/31/2015 11:49:50 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61046, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:49:50 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61045, Outbound, C:\Windows\SysWOW64\msfeedssync.exe,
Detection, 1/31/2015 11:49:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61168, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:49:57 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 61169, Outbound, C:\Windows\SysWOW64\NAPSTAT.EXE,
Detection, 1/31/2015 11:52:00 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63715, Outbound, C:\Windows\SysWOW64\cmmon32.exe,
Detection, 1/31/2015 11:52:00 PM, SYSTEM, TARHEELSPRINGS, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63716, Outbound, C:\Windows\SysWOW64\cmmon32.exe,

(end)

 

 

Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Administrator at 2015-02-01 20:41:19
Running from C:\Users\Administrator.tarheelsprings\Desktop
Boot Mode: Normal

================== Search Registry: "searchnet;blinkxcore" ===========

====== End Of Search ======



#5 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 01 February 2015 - 09:19 PM

Hi okorn31,

 

Please do the following for me. You appear to have a nasty infection present at the moment. Poweliks virüs.!

--------------------

Please download Combofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

 

Have a nice day.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 okorn31

okorn31
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 01 February 2015 - 10:48 PM

Here you go:

 

ComboFix 15-02-02.01 - Administrator 02/01/2015  21:35:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.4026 [GMT -5:00]
Running from: c:\users\Administrator.tarheelsprings\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ADMINI~1.TAR\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Administrator.tarheelsprings\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-02 to 2015-02-02  )))))))))))))))))))))))))))))))
.
.
2015-02-02 03:25 . 2015-02-02 03:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-01 19:50 . 2015-02-01 19:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-01 19:50 . 2015-02-01 19:50 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-01 19:21 . 2015-02-02 01:41 -------- d-----w- C:\FRST
2015-01-30 20:42 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{878C470A-FC23-4413-85EF-486B975F5B7C}\mpengine.dll
2015-01-17 16:16 . 2015-01-17 16:16 -------- d-----w- c:\windows\SysWow64\Garmin
2015-01-17 16:15 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 14:55 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 14:55 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 14:55 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 14:55 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 14:55 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 14:55 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 14:55 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 14:55 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 14:55 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 14:55 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 14:55 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 14:55 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-04 03:19 . 2015-01-04 03:20 -------- d-----w- c:\users\Administrator.tarheelsprings
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-02 01:32 . 2014-12-16 04:04 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-01 19:50 . 2011-06-21 19:45 319912 ----a-w- c:\windows\system32\javaws.exe
2015-02-01 19:50 . 2011-06-21 19:45 191400 ----a-w- c:\windows\system32\javaw.exe
2015-02-01 19:50 . 2011-06-21 19:45 190888 ----a-w- c:\windows\system32\java.exe
2015-02-01 19:49 . 2014-12-28 14:13 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-25 15:43 . 2012-04-14 23:58 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-25 15:43 . 2011-10-18 23:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-15 14:18 . 2012-04-11 23:25 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-06 09:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 22:52 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 22:52 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 12:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 12:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 12:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 12:50 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 12:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 12:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 12:50 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 12:50 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 12:50 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 12:49 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 12:50 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 12:50 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 12:50 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 12:49 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 12:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 12:49 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 12:49 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 12:49 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 12:50 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 12:49 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 12:50 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 12:49 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 12:49 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 12:50 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 12:49 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 12:50 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 12:50 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 12:49 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 12:49 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 12:49 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 12:50 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 12:50 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 12:49 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 12:50 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 12:50 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 12:50 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 12:50 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 12:49 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 12:49 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 12:49 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 12:50 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 12:49 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 12:49 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 12:50 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 12:49 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 12:50 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 12:50 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 12:49 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 11:14 . 2014-12-16 04:04 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-12-16 04:04 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2011-10-17 02:16 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 03:09 . 2014-12-10 12:50 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 14:38 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 14:38 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 12:50 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 14:38 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 14:38 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 12:50 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 12:49 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 12:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}]
2014-10-30 17:24 12184 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5637-006A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll" [2014-10-30 12184]
.
[HKEY_CLASSES_ROOT\clsid\{4f524a2d-5637-006a-76a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-28 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-12-03 40336]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-11-24 2039192]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-11 1243656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 8.0 SE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 8.0 SE\PHOTOfunSTUDIO.exe" [2012-12-25 188600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-01 01:48 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 15:43]
.
2015-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:00]
.
2015-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:00]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2640326095-2718370319-2933557068-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-30 17:23]
.
2015-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2640326095-2718370319-2933557068-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-30 17:23]
.
2015-01-30 c:\windows\Tasks\HPCeeScheduleForMark.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2015-01-30 c:\windows\Tasks\Norton Security Scan for Mark.job
- c:\progra~2\NORTON~2\Engine\420~1.38\Nss.exe [2014-12-12 08:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}]
2014-10-30 17:24 13720 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5637-006A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll" [2014-10-30 13720]
.
[HKEY_CLASSES_ROOT\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-28 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Administrator.tarheelsprings\AppData\Roaming\Mozilla\Firefox\Profiles\IBwCWsrC.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2640326095-2718370319-2933557068-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,c3,af,45,4c,c9,21,44,9c,20,8c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,c3,af,45,4c,c9,21,44,9c,20,8c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\users\Administrator.tarheelsprings\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-02-01  22:45:16 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-02 03:45
.
Pre-Run: 435,807,088,640 bytes free
Post-Run: 457,002,921,984 bytes free
.
- - End Of File - - D2233363CEDC48FB54A459C94AEA993F
 



#7 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 02 February 2015 - 08:33 AM

Hi okorn31,

 

Step 1:

 

Start FRST.
Enter A8F59079A8D5 into the Search box.
Hit Search Registry.
When the scan has finished, a Search.txt log is saved at the same location that FRST.exe is located.
Please post it here.

 

Step 2:

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please attach this file to your next reply.

 

Step 3:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

 

Thanks.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 okorn31

okorn31
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 02 February 2015 - 06:50 PM

Here you go.  Note I did not see a MBAR file that was formatted YYYY-MM-dd.txt but did see the system-log.txt file (attached).  The scan found no issues

 

Step 1

Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Administrator at 2015-02-02 18:03:07
Running from C:\Users\Administrator.tarheelsprings\Desktop
Boot Mode: Normal

================== Search Registry: "A8F59079A8D5" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
"AppID"="{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
"AppID"="{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
"AppID"="{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]

====== End Of Search ======

 

Step 2

 

 

Attached Files



#9 okorn31

okorn31
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 02 February 2015 - 08:30 PM

Here is the additional mbar file I did not see at first.

Attached Files



#10 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 03 February 2015 - 05:49 PM

Hi okorn31,

Thanks for the Logs.

Please do the following.
 
Step 1:
 
Please download this attached txt.gif fixlist.txt 7.18KB 0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow the reboot.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

Step 2:

 

Please now start FRST with administator privileges.

  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 okorn31

okorn31
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 03 February 2015 - 09:05 PM

Here you go:

 

Step 1

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Administrator at 2015-02-03 20:54:50 Run:1
Running from C:\Users\Administrator.tarheelsprings\Desktop
Loaded Profiles: Administrator &  (Available profiles: Mark & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...\Policies\system: [DisableChangePassword] 0
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {EFDD6219-A7E8-4854-A6E2-85508D4D877C} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.0.1.100&o=APN10614&tpid=ORJ-V7&apn_uid=9D89C9ED-65D0-4614-8113-EB7D7CF0D122&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_10.0.9200.16660&doi=2013-08-16&trgb=IE&q={searchTerms}&psv=
Task: {9B385A09-EA67-4428-A386-825B866D2665} - System32\Tasks\Norton Security Scan for Mark => C:\Program Files (x86)\Norton Security Scan\Engine\4.2.0.38\Nss.exe [2014-11-25] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\1yhgnh3z.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
2015-01-30 17:53 - 2013-08-09 20:12 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Mark.job
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
REG: reg query "HKU\S-1-5-21-2640326095-2718370319-2933557068-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s
REG: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s
REG: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s
REG: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s
REG: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s
REG: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s
REG: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5 /s
C:\Users\Administrator.tarheelsprings\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\APNSetup.exe
C:\Users\Mark\AppData\Local\Temp\AskSLib.dll
C:\Users\Mark\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\avguidx.dll
C:\Users\Mark\AppData\Local\Temp\burnsetup.exe
C:\Users\Mark\AppData\Local\Temp\EBU149C.exe
C:\Users\Mark\AppData\Local\Temp\EBU168F.DLL
C:\Users\Mark\AppData\Local\Temp\Extract.exe
C:\Users\Mark\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Mark\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mark\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mark\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mark\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Mark\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Mark\AppData\Local\Temp\oi_{C724B347-9A3C-4765-84C8-398B76FC71DB}.exe
C:\Users\Mark\AppData\Local\Temp\Resource.exe
C:\Users\Mark\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Mark\AppData\Local\Temp\setup-gp5-updater.exe
C:\Users\Mark\AppData\Local\Temp\SP52615.exe
C:\Users\Mark\AppData\Local\Temp\SP53462.exe
C:\Users\Mark\AppData\Local\Temp\SP53794.exe
C:\Users\Mark\AppData\Local\Temp\sp54373.exe
C:\Users\Mark\AppData\Local\Temp\sp54620.exe
C:\Users\Mark\AppData\Local\Temp\SP54714.exe
C:\Users\Mark\AppData\Local\Temp\SP55092.exe
C:\Users\Mark\AppData\Local\Temp\SP55094.exe
C:\Users\Mark\AppData\Local\Temp\SP55101.exe
C:\Users\Mark\AppData\Local\Temp\SP55102.exe
C:\Users\Mark\AppData\Local\Temp\SP55104.exe
C:\Users\Mark\AppData\Local\Temp\SP55107.exe
C:\Users\Mark\AppData\Local\Temp\SP55109.exe
C:\Users\Mark\AppData\Local\Temp\SP55151.exe
C:\Users\Mark\AppData\Local\Temp\SP55152.exe
C:\Users\Mark\AppData\Local\Temp\sp58915.exe
C:\Users\Mark\AppData\Local\Temp\sp64126.exe
C:\Users\Mark\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Mark\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mark\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Mark\AppData\Local\Temp\_is65CB.exe
Task: C:\Windows\Tasks\Norton Security Scan for Mark.job => C:\PROGRA~2\NORTON~2\Engine\420~1.38\Nss.exe
Reboot:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 => Value not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Value not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL => Value not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFDD6219-A7E8-4854-A6E2-85508D4D877C} => Key not found.
HKCR\CLSID\{EFDD6219-A7E8-4854-A6E2-85508D4D877C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B385A09-EA67-4428-A386-825B866D2665}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B385A09-EA67-4428-A386-825B866D2665}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Security Scan for Mark => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for Mark" => Key deleted successfully.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Windows\System32\Tasks\Norton Security Scan for Mark => Should not be moved.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
eeCtrl => Service stopped successfully.
eeCtrl => Service deleted successfully.
C:\Windows\Tasks\Norton Security Scan for Mark.job => Moved successfully.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
HKU\S-1-5-21-2640326095-2718370319-2933557068-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.

========= reg query "HKU\S-1-5-21-2640326095-2718370319-2933557068-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Out of Proc Server
    DllSurrogate    REG_SZ   

 

========= End of Reg: =========

========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    C:\Windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment

 

========= End of Reg: =========

========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    C:\Windows\SysWOW64\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment

 

========= End of Reg: =========

========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Out of Proc Server
    DllSurrogate    REG_SZ   

 

========= End of Reg: =========

========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    C:\Windows\SysWOW64\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment

 

========= End of Reg: =========

========= reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5 /s =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

C:\Users\Administrator.tarheelsprings\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Mark\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\AskSLib.dll" => File/Directory not found.
C:\Users\Mark\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Mark\AppData\Local\Temp\avguidx.dll" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\burnsetup.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\EBU149C.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\EBU168F.DLL" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\Extract.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\GenericWndApi.dll" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\HPHelpUpdater.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\MachineIdCreator.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\oi_{C724B347-9A3C-4765-84C8-398B76FC71DB}.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\Resource.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SearchWithGoogleUpdate.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\setup-gp5-updater.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP52615.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP53462.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP53794.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\sp54373.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\sp54620.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP54714.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55092.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55094.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55101.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55102.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55104.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55107.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55109.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55151.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SP55152.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\sp58915.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\sp64126.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\UNINSTALL.EXE" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\UninstallHPSA.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\UninstallHPTCA.exe" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\_is65CB.exe" => File/Directory not found.
C:\Windows\Tasks\Norton Security Scan for Mark.job not found.

The system needed a reboot.

==== End of Fixlog 20:54:50 ====

 

 

 

Step 2:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Administrator (administrator) on TARHEELSPRINGS on 03-02-2015 20:59:40
Running from C:\Users\Administrator.tarheelsprings\Desktop
Loaded Profiles: Administrator (Available profiles: Mark & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(APN LLC.) C:\Users\Administrator.tarheelsprings\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
(APN LLC.) C:\Users\Administrator.tarheelsprings\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-12-05] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-28] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-11-28] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-11] (Easybits)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 SE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.0 SE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2640326095-2718370319-2933557068-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-2640326095-2718370319-2933557068-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {7805F1E5-D425-4353-849F-0EC235557D3A} URL = http://www.search.ask.com/web?tpid=ORJ-V7&o=APN10614&pf=&p2=^ADM^OSJ000^YY^US&gct=&itbv=12.0.1.100&apn_uid=9D89C9ED-65D0-4614-8113-EB7D7CF0D122&apn_ptnrs=ADM&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_10.0.9200.16660&doi=2013-08-16&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {DD065C6A-C257-4F8A-B51E-6FB5B03F698F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator.tarheelsprings\AppData\Roaming\Mozilla\Firefox\Profiles\IBwCWsrC.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin -> C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Administrator.tarheelsprings\AppData\Roaming\Mozilla\Firefox\Profiles\IBwCWsrC.default\Extensions\abs@avira.com [2015-01-03]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-12-12]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-11-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 20:59 - 2015-02-03 21:00 - 00023532 _____ () C:\Users\Administrator.tarheelsprings\Desktop\FRST.txt
2015-02-03 19:14 - 2015-02-03 19:14 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-02-02 18:11 - 2015-02-02 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 18:10 - 2015-02-02 20:26 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\Desktop\mbar
2015-02-02 18:09 - 2015-02-02 18:09 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Administrator.tarheelsprings\Desktop\mbar-1.08.3.1004.exe
2015-02-02 18:05 - 2015-02-02 18:05 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\Desktop\tdsskiller
2015-02-02 18:05 - 2015-02-02 18:05 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Local\WinZip
2015-02-02 18:04 - 2015-02-02 18:04 - 04176437 _____ () C:\Users\Administrator.tarheelsprings\Desktop\tdsskiller.zip
2015-02-01 22:45 - 2015-02-01 22:45 - 00028752 _____ () C:\ComboFix.txt
2015-02-01 21:31 - 2015-02-01 22:46 - 00000000 ____D () C:\Qoobox
2015-02-01 21:31 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-01 21:31 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-01 21:31 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-01 21:31 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-01 21:31 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-01 21:31 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-01 21:31 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-01 21:31 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-01 21:30 - 2015-02-01 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 21:28 - 2015-02-01 21:28 - 05611380 ____R (Swearware) C:\Users\Administrator.tarheelsprings\Desktop\ComboFix.exe
2015-02-01 20:41 - 2015-02-02 18:03 - 00001255 _____ () C:\Users\Administrator.tarheelsprings\Desktop\Search.txt
2015-02-01 20:39 - 2015-02-01 20:39 - 02131456 _____ (Farbar) C:\Users\Administrator.tarheelsprings\Desktop\FRST64.exe
2015-02-01 20:37 - 2015-02-01 20:37 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Avira
2015-02-01 20:30 - 2015-02-01 20:30 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Hewlett-Packard
2015-02-01 20:27 - 2015-02-01 20:27 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Local\Mozilla
2015-02-01 20:09 - 2015-02-01 20:09 - 02131456 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2015-02-01 17:44 - 2015-02-01 18:21 - 00001420 _____ () C:\Users\Mark\Desktop\Rkill.txt
2015-02-01 14:50 - 2015-02-01 14:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-01 14:21 - 2015-02-03 20:59 - 00000000 ____D () C:\FRST
2015-02-01 14:20 - 2015-02-01 14:20 - 00005798 _____ () C:\Windows\SysWOW64\Avira_1_Id.Avira.OE.Setup.Msi.log
2015-02-01 14:20 - 2015-02-01 14:20 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-01 14:13 - 2015-02-01 20:06 - 00000000 ____D () C:\Users\Mark\Desktop\tools
2015-01-17 11:16 - 2015-01-17 11:16 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2015-01-17 11:15 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 15:11 - 2015-01-15 15:11 - 00000000 ____D () C:\Users\Mark\AppData\Local\{A3B842ED-535E-4943-9C9C-0558E60A352A}
2015-01-14 09:55 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:55 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:55 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:55 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:55 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:55 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:55 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:55 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:55 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:55 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:55 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:55 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:39 - 2015-01-14 09:39 - 00000000 ____D () C:\Users\Mark\AppData\Local\{7E73A9C5-6E14-4E74-A08D-C31C1BFC0225}
2015-01-13 20:45 - 2015-01-13 20:45 - 00000000 ____D () C:\Users\Mark\AppData\Local\{9C82149C-9595-4887-854E-3248370EA93E}
2015-01-13 07:58 - 2015-01-13 07:58 - 00000000 ____D () C:\Users\Mark\AppData\Local\{349D79C9-744C-4A30-94AB-EB70F3EF956A}
2015-01-12 12:54 - 2015-01-12 12:55 - 00000000 ____D () C:\Users\Mark\AppData\Local\{53B2584F-F3B1-49BB-9644-CD9F57BC2C1C}
2015-01-07 09:46 - 2015-01-07 09:46 - 00000000 ____D () C:\Users\Mark\AppData\Local\{9003FA25-2304-45A3-A2EA-351EF1EA05EE}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 20:57 - 2014-12-15 23:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 20:56 - 2011-10-16 20:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 20:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 20:55 - 2011-09-23 00:59 - 01125524 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 20:55 - 2009-07-13 23:51 - 00085525 _____ () C:\Windows\setupact.log
2015-02-03 20:52 - 2014-12-30 12:23 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2640326095-2718370319-2933557068-1000UA.job
2015-02-03 20:52 - 2012-04-14 18:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 20:52 - 2011-10-16 20:46 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 20:52 - 2011-09-23 01:08 - 00000000 ____D () C:\ProgramData\Norton
2015-02-03 18:44 - 2014-12-30 12:23 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2640326095-2718370319-2933557068-1000Core.job
2015-02-03 18:44 - 2014-01-29 12:31 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMark.job
2015-02-03 18:44 - 2013-12-17 10:07 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark
2015-02-03 07:58 - 2013-06-17 10:53 - 00001127 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GP5.lnk
2015-02-03 07:58 - 2013-06-17 10:53 - 00001127 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\GP5.lnk
2015-02-03 07:58 - 2013-06-17 10:52 - 00001127 _____ () C:\Users\Mark\Desktop\GP5.lnk
2015-02-03 07:23 - 2015-01-03 22:20 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D5F6A43-452E-4725-B410-3117E5EA0869}
2015-02-02 21:56 - 2011-10-16 20:07 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\hpqlog
2015-02-02 18:11 - 2014-12-15 23:04 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 22:45 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-01 22:35 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 22:35 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 22:30 - 2015-01-03 22:20 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\hpqLog
2015-02-01 22:29 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 22:27 - 2010-11-20 22:47 - 00582576 _____ () C:\Windows\PFRO.log
2015-02-01 20:27 - 2015-01-03 22:21 - 00000000 ____D () C:\Users\Administrator.tarheelsprings\AppData\Roaming\Mozilla
2015-02-01 20:17 - 2011-10-16 20:07 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEB72E9B-7F41-44B7-866B-50F9A7E6A280}
2015-02-01 15:15 - 2014-04-09 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Spotify
2015-02-01 14:53 - 2013-11-28 10:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-01 14:52 - 2012-03-04 14:52 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-01 14:50 - 2011-06-21 14:45 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-01 14:50 - 2011-06-21 14:45 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-01 14:50 - 2011-06-21 14:45 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-01 14:50 - 2011-06-21 14:45 - 00000000 ____D () C:\Program Files\Java
2015-02-01 14:49 - 2014-12-28 09:13 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-01 14:49 - 2014-12-28 09:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-01 14:49 - 2014-08-13 19:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-01 14:49 - 2014-08-13 19:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-01 14:21 - 2013-07-09 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 14:20 - 2013-08-06 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-01 14:20 - 2013-08-06 07:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 23:48 - 2011-10-29 17:32 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2015-01-31 20:48 - 2012-07-15 15:48 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-28 19:58 - 2014-04-09 17:04 - 00000000 ____D () C:\Users\Mark\AppData\Local\Spotify
2015-01-26 14:52 - 2011-11-08 06:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-26 14:52 - 2011-10-17 20:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-25 10:43 - 2012-04-14 18:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 10:43 - 2012-04-14 18:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 10:43 - 2011-10-18 18:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 20:13 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 19:12 - 2013-06-17 10:52 - 00000000 ____D () C:\Users\Mark\Documents\gp5
2015-01-15 15:13 - 2011-12-20 21:44 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Windows Live Writer
2015-01-15 09:23 - 2013-08-16 06:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:18 - 2012-04-11 18:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Administrator.tarheelsprings\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 10:07

==================== End Of Log ============================

Attached Files



#12 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 04 February 2015 - 12:58 PM

Hi okorn31,
 
Thanks for the Logs. Please do the following.

 

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

 

AVG Secure Search
Norton Security Scan

 

----------------------------------------------------------
 
Step 1:
 
Please download this attached txt.gif  fixlist.txt   2.14KB   0 downloadsand save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow the reboot.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

 

Please download AdwCleaner from here and save it on your Desktop.

 

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.

 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

 

  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

 

Step 3:

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Regards

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 okorn31

okorn31
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 04 February 2015 - 10:53 PM

Hi olgun52,

 

Thanks for your continued help.  Here are the logs:

 

Step 1

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Administrator at 2015-02-04 22:10:05 Run:2
Running from C:\Users\Administrator.tarheelsprings\Desktop
Loaded Profiles: Mark & Administrator &  (Available profiles: Mark & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {7805F1E5-D425-4353-849F-0EC235557D3A} URL = http://www.search.ask.com/web?tpid=ORJ-V7&o=APN10614&pf=&p2=^ADM^OSJ000^YY^US&gct=&itbv=12.0.1.100&apn_uid=9D89C9ED-65D0-4614-8113-EB7D7CF0D122&apn_ptnrs=ADM&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_10.0.9200.16660&doi=2013-08-16&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2640326095-2718370319-2933557068-500 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-02-03 19:14 - 2015-02-03 19:14 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-02-03 20:52 - 2011-09-23 01:08 - 00000000 ____D () C:\ProgramData\Norton
Task: {911BC3A5-AF32-44F8-A670-316BCB1B5797} - System32\Tasks\{C9B71B9E-45BE-4A37-93E0-154037FD89B7} => pcalua.exe -a "C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAXY9TN9\jre-6u27-windows-i586-iftw.exe" -d C:\Users\Mark\Desktop
cmd: Dir /b /a:l "C:\Program Files" /s
CMD: del c:\windows\prefetch\*.* /f /s /q
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
End

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7805F1E5-D425-4353-849F-0EC235557D3A}" => Key deleted successfully.
HKCR\CLSID\{7805F1E5-D425-4353-849F-0EC235557D3A} => Key not found.
"HKU\S-1-5-21-2640326095-2718370319-2933557068-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
catchme => Service deleted successfully.
C:\Users\Public\Downloads\Norton => Moved successfully.
C:\ProgramData\Norton => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{911BC3A5-AF32-44F8-A670-316BCB1B5797}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{911BC3A5-AF32-44F8-A670-316BCB1B5797}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C9B71B9E-45BE-4A37-93E0-154037FD89B7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9B71B9E-45BE-4A37-93E0-154037FD89B7}" => Key deleted successfully.

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========

=========  del c:\windows\prefetch\*.* /f /s /q =========

Deleted file - c:\windows\prefetch\ADOBEARM.EXE-7105D3A2.pf
Deleted file - c:\windows\prefetch\AgAppLaunch.db
Deleted file - c:\windows\prefetch\AgCx_S1_S-1-5-21-2640326095-2718370319-2933557068-1000.snp.db
Deleted file - c:\windows\prefetch\AgCx_S1_S-1-5-21-2640326095-2718370319-2933557068-500.snp.db
Deleted file - c:\windows\prefetch\AgCx_S2_S-1-5-21-2640326095-2718370319-2933557068-1000.snp.db
Deleted file - c:\windows\prefetch\AgCx_SC1.db
Deleted file - c:\windows\prefetch\AgCx_SC1.db.trx
Deleted file - c:\windows\prefetch\AgCx_SC2.db
Deleted file - c:\windows\prefetch\AgCx_SC3_015AE00C3C240EAC.db
Deleted file - c:\windows\prefetch\AgCx_SC3_0F505D2B4C4FD5CE.db
Deleted file - c:\windows\prefetch\AgCx_SC4.db
Deleted file - c:\windows\prefetch\AgGlFaultHistory.db
Deleted file - c:\windows\prefetch\AgGlFgAppHistory.db
Deleted file - c:\windows\prefetch\AgGlGlobalHistory.db
Deleted file - c:\windows\prefetch\AgGlUAD_P_S-1-5-21-2640326095-2718370319-2933557068-1000.db
Deleted file - c:\windows\prefetch\AgGlUAD_P_S-1-5-21-2640326095-2718370319-2933557068-500.db
Deleted file - c:\windows\prefetch\AgGlUAD_S-1-5-21-2640326095-2718370319-2933557068-1000.db
Deleted file - c:\windows\prefetch\AgGlUAD_S-1-5-21-2640326095-2718370319-2933557068-500.db
Deleted file - c:\windows\prefetch\AgRobust.db
Deleted file - c:\windows\prefetch\AITAGENT.EXE-DA3E7689.pf
Deleted file - c:\windows\prefetch\AUDIODG.EXE-BDFD3029.pf
Deleted file - c:\windows\prefetch\AVIRA.OE.MESSENGER.EXE-532F4EF5.pf
Deleted file - c:\windows\prefetch\AVSCAN.EXE-EDA6668B.pf
Deleted file - c:\windows\prefetch\AVWSC.EXE-9DE67EBB.pf
Deleted file - c:\windows\prefetch\BIOMONITOR.EXE-32C6AD44.pf
Deleted file - c:\windows\prefetch\CMD.EXE-4A81B364.pf
Deleted file - c:\windows\prefetch\CONHOST.EXE-1F3E9D7E.pf
Deleted file - c:\windows\prefetch\CSRSS.EXE-3FE41F7E.pf
Deleted file - c:\windows\prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-17410B90.pf
Deleted file - c:\windows\prefetch\DISMHOST.EXE-AF8053C7.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-5E46FA0D.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-766398D2.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-97F6A314.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-A8DE6D5B.pf
Deleted file - c:\windows\prefetch\DLLHOST.EXE-ECB71776.pf
Deleted file - c:\windows\prefetch\DWM.EXE-6FFD3DA8.pf
Deleted file - c:\windows\prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf
Deleted file - c:\windows\prefetch\FRST64.EXE-7EF9A6BE.pf
Deleted file - c:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Deleted file - c:\windows\prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
Deleted file - c:\windows\prefetch\GOOGLEUPDATE.EXE-BF050F1E.pf
Deleted file - c:\windows\prefetch\GOOGLEUPDATERSERVICE.EXE-F11F9E20.pf
Deleted file - c:\windows\prefetch\HPCASLNOTIFICATION.EXE-F1274B82.pf
Deleted file - c:\windows\prefetch\IELOWUTIL.EXE-3885C25E.pf
Deleted file - c:\windows\prefetch\IEXPLORE.EXE-4B6C9213.pf
Deleted file - c:\windows\prefetch\IEXPLORE.EXE-908C99F8.pf
Deleted file - c:\windows\prefetch\IGFXSRVC.EXE-96A493A4.pf
Deleted file - c:\windows\prefetch\INSTSTUB.EXE-EC21CBC9.pf
Deleted file - c:\windows\prefetch\INSTWRAP.EXE-CD77040F.pf
Deleted file - c:\windows\prefetch\IPMGUI.EXE-F9CAB886.pf
Deleted file - c:\windows\prefetch\Layout.ini
Deleted file - c:\windows\prefetch\LOGONUI.EXE-09140401.pf
Deleted file - c:\windows\prefetch\MPCMDRUN.EXE-F401FBB4.pf
Deleted file - c:\windows\prefetch\MSFEEDSSYNC.EXE-6E6FBDF4.pf
Deleted file - c:\windows\prefetch\NSS.EXE-B80FD95B.pf
Deleted file - c:\windows\prefetch\NTOSBOOT-B00DFAAD.pf
Deleted file - c:\windows\prefetch\PfSvPerfStats.bin
Deleted file - c:\windows\prefetch\READER_SL.EXE-B1C62096.pf
Deleted file - c:\windows\prefetch\RUNDLL32.EXE-230FC512.pf
Deleted file - c:\windows\prefetch\RUNDLL32.EXE-411A328D.pf
Deleted file - c:\windows\prefetch\RUNDLL32.EXE-C8265B23.pf
Deleted file - c:\windows\prefetch\RUNDLL32.EXE-DE9673F9.pf
Deleted file - c:\windows\prefetch\SEARCHFILTERHOST.EXE-77482212.pf
Deleted file - c:\windows\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
Deleted file - c:\windows\prefetch\SMSS.EXE-E9C28FC6.pf
Deleted file - c:\windows\prefetch\SVCHOST.EXE-7AC6742A.pf
Deleted file - c:\windows\prefetch\SVCHOST.EXE-7CFEDEA3.pf
Deleted file - c:\windows\prefetch\TASKENG.EXE-48D4E289.pf
Deleted file - c:\windows\prefetch\TASKHOST.EXE-7238F31D.pf
Deleted file - c:\windows\prefetch\TASKMGR.EXE-5F5F473D.pf
Deleted file - c:\windows\prefetch\TOUCHCONTROL.EXE-F1C761E6.pf
Deleted file - c:\windows\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
Deleted file - c:\windows\prefetch\UPDATE.EXE-0D8A637E.pf
Deleted file - c:\windows\prefetch\UPDRGUI.EXE-D0FBFF97.pf
Deleted file - c:\windows\prefetch\USERINIT.EXE-2257A3E7.pf
Deleted file - c:\windows\prefetch\VSSVC.EXE-B8AFC319.pf
Deleted file - c:\windows\prefetch\WINLOGON.EXE-B020DC41.pf
Deleted file - c:\windows\prefetch\WMIPRVSE.EXE-1628051C.pf
Deleted file - c:\windows\prefetch\WMPNSCFG.EXE-FC0D39BF.pf
Deleted file - c:\windows\prefetch\{397E31AA-0D78-4649-A01C-339D-F7703533.pf
Deleted file - c:\windows\prefetch\ReadyBoot\Trace1.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace10.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace2.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace3.fx
Deleted file - c:\windows\prefetch\ReadyBoot\Trace4.fx

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 782.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog 22:10:53 ====

 

Step 2

I have no questions about the items that were removed.  There were two logs so I'm posting both:

 

# AdwCleaner v4.109 - Report created 04/02/2015 at 22:20:10
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator - TARHEELSPRINGS
# Running from : C:\Users\Administrator.tarheelsprings\Desktop\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\Users\ADMINI~1.TAR\AppData\Local\Temp\apn

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v40.0.2214.94

*************************

AdwCleaner[R0].txt - [5295 octets] - [04/02/2015 22:20:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5355 octets] ##########

 

 

# AdwCleaner v4.109 - Report created 04/02/2015 at 22:24:18
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator - TARHEELSPRINGS
# Running from : C:\Users\Administrator.tarheelsprings\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\ADMINI~1.TAR\AppData\Local\Temp\apn

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v40.0.2214.94

*************************

AdwCleaner[R0].txt - [5487 octets] - [04/02/2015 22:20:10]
AdwCleaner[S0].txt - [5415 octets] - [04/02/2015 22:24:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5475 octets] ##########

 

Step 3

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on Wed 02/04/2015 at 22:38:07.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/04/2015 at 22:41:24.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#14 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 05 February 2015 - 04:45 AM

Hi okorn31, thanks.
 
Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

--------------------------------------

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.00 (XI) to your PC's desktop.
 

  • Uninstall Adobe Reader X via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg

---------------------------------------------------------------------------------------------------------------------------------------------------

 

Step 1:

 

I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a threat scan for me now

1.On the Dashboard, click the 'Update Now >>' link
2.After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
3.If an update is available, click the Update Now button.
4.A Threat Scan will begin.
5.When the scan is complete, if there have been detections, click "Quarantine all" to allow MBAM to clean what was detected.
6.In most cases, a restart will be required.
7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.

 

Step 2:

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 okorn31

okorn31
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 05 February 2015 - 09:56 PM

Olgun52,

 

I forgot to clear out the Java cache and update Acrobat Reader before doing Step 1 and 2 so hopefully that does not cause a problem.

 

Here are the logs:

 

Step 1

Attached

 

Step 2

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.66.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribe.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.55.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Mark\Desktop\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Mark\Downloads\essetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Windows\Installer\117dd633.msi a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users