PDA

View Full Version : Safesearch infection


Et Cetera
2014-09-09, 16:08
Hello,

I got the Safesearch virus/toolbar annoyance on my computer yesterday (Windows 8). I did a system restore (sorry) that went back to a point four days ago. Then I followed instructions on a page from MalwareTips.com that had me run Adwcleaner, Malwarebytes Anti-malware, and lastly Hitman Pro. None of it worked, so I'm here before tinkering around any more on my own.

Thanks ahead for your help.



FRST, Addition.txt, and aswMBR logs:


FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Allen (administrator) on ALLENTRANSIER on 09-09-2014 08:44:03
Running from C:\Users\Allen\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-24] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20140908-135-ie-sm
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default
FF Homepage: hxxp://www.safesear.ch/?type=20140908-135-ff
FF NewTab: hxxp://www.safesear.ch/?type=20140908-135-ff-nt
FF SelectedSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF DefaultSearchEngine: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default\Extensions\abs@avira.com [2014-08-24]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20140908-135-ff-sm

Chrome:
=======
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140908-135-ch"
CHR DefaultSearchKeyword: Default -> safesear.ch
CHR DefaultSearchProvider: Default -> SafeSearch
CHR DefaultSearchURL: Default -> http://www.safesear.ch/web/?type=ss-ch-ds&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-25]
CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-25]
CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Avira SafeSearch) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-24]
CHR Extension: (Services) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-08]
CHR Extension: (Tab) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-25]
CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-01] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-09] (SurfRight B.V.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-04-08] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-26] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 08:44 - 2014-09-09 08:44 - 00020636 _____ () C:\Users\Allen\Desktop\FRST.txt
2014-09-09 08:43 - 2014-09-09 08:44 - 00000000 ____D () C:\FRST
2014-09-09 08:42 - 2014-09-09 08:42 - 02105344 _____ (Farbar) C:\Users\Allen\Desktop\FRST64.exe
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 07:01 - 2014-09-09 07:01 - 00001911 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-09 07:01 - 2014-09-09 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-09 07:01 - 2014-09-09 07:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 07:00 - 2014-09-09 07:00 - 11194928 _____ (SurfRight B.V.) C:\Users\Allen\Desktop\HitmanPro_x64.exe
2014-09-09 06:59 - 2014-09-09 07:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:46 - 2014-09-09 08:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 06:45 - 2014-09-09 08:31 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 06:45 - 2014-09-09 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 06:45 - 2014-09-09 08:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 06:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 06:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 06:12 - 2014-09-09 07:49 - 00000000 ____D () C:\AdwCleaner
2014-09-09 06:06 - 2014-09-09 06:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 06:05 - 2014-09-09 06:05 - 10280824 _____ (SurfRight B.V.) C:\Users\Allen\Desktop\HitmanPro.exe
2014-09-09 06:04 - 2014-09-09 06:04 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-09 06:02 - 2014-09-09 06:02 - 00000336 _____ () C:\Users\Allen\Desktop\CPU.txt
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:03 - 2014-09-08 21:08 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-28 05:29 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:50 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-24 02:47 - 2014-08-24 02:50 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:46 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-14 16:31 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-14 15:41 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:41 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:41 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:41 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:41 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:41 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:41 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:41 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:40 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-14 15:40 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-14 15:40 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-14 15:40 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-14 15:40 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-14 15:40 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-14 15:40 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-14 15:40 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:40 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:40 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-14 15:40 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:40 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-14 15:40 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-14 15:39 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 15:39 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 15:39 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-14 15:39 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-14 15:39 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-14 15:39 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:39 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:39 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:39 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:39 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:39 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:39 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:39 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-14 15:39 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-14 15:39 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-14 15:39 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-14 15:39 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-14 15:39 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-14 15:39 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-14 15:39 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-14 15:39 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-14 15:39 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-14 15:39 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-14 15:39 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 15:39 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-14 15:39 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 15:39 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 15:39 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 15:39 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-14 15:39 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-14 15:39 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-14 15:39 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-14 15:39 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-14 15:39 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 15:39 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-14 15:39 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-14 15:39 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-14 15:39 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-14 15:39 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-14 15:39 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-14 15:39 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-14 15:39 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-14 15:39 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-14 15:39 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-14 15:39 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-14 15:39 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-14 15:39 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 08:44 - 2014-09-09 08:44 - 00020636 _____ () C:\Users\Allen\Desktop\FRST.txt
2014-09-09 08:44 - 2014-09-09 08:43 - 00000000 ____D () C:\FRST
2014-09-09 08:42 - 2014-09-09 08:42 - 02105344 _____ (Farbar) C:\Users\Allen\Desktop\FRST64.exe
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:41 - 2014-04-08 09:01 - 01631356 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:36 - 2014-07-25 08:51 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2416049117-1157259280-1329477343-1001
2014-09-09 08:31 - 2014-09-09 06:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 08:31 - 2014-09-09 06:45 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 08:31 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 08:31 - 2014-09-09 06:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 08:16 - 2014-07-25 08:47 - 00000074 _____ () C:\Users\Allen\AppData\Roaming\sp_data.sys
2014-09-09 08:14 - 2014-07-31 06:49 - 00000000 ___DO () C:\Users\Allen\OneDrive
2014-09-09 08:12 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 08:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-09 07:50 - 2013-12-12 22:50 - 00141164 _____ () C:\Windows\PFRO.log
2014-09-09 07:49 - 2014-09-09 06:12 - 00000000 ____D () C:\AdwCleaner
2014-09-09 07:08 - 2014-09-09 06:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 07:04 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-09 07:01 - 2014-09-09 07:01 - 00001911 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-09 07:01 - 2014-09-09 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-09 07:01 - 2014-09-09 07:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 07:00 - 2014-09-09 07:00 - 11194928 _____ (SurfRight B.V.) C:\Users\Allen\Desktop\HitmanPro_x64.exe
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 06:06 - 2014-09-09 06:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 06:05 - 2014-09-09 06:05 - 10280824 _____ (SurfRight B.V.) C:\Users\Allen\Desktop\HitmanPro.exe
2014-09-09 06:04 - 2014-09-09 06:04 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-09 06:02 - 2014-09-09 06:02 - 00000336 _____ () C:\Users\Allen\Desktop\CPU.txt
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:49 - 2014-07-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-08 21:39 - 2014-07-27 08:07 - 01265152 ___SH () C:\Users\Allen\Desktop\Thumbs.db
2014-09-08 21:08 - 2014-09-08 21:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-08 11:10 - 2013-12-12 23:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 10:54 - 2013-08-22 10:46 - 00026388 _____ () C:\Windows\setupact.log
2014-09-08 09:11 - 2014-07-25 08:45 - 00000000 ____D () C:\Users\Allen\AppData\Local\Packages
2014-09-07 12:13 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\HW
2014-09-07 07:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-31 09:53 - 2013-08-22 10:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 07:20 - 2014-07-26 10:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 05:49 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:55 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\MISC
2014-08-24 02:54 - 2014-04-08 09:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-24 02:50 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-24 02:46 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-22 20:42 - 2014-08-28 05:29 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 10:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-15 10:30 - 2014-08-24 02:50 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-14 17:06 - 2014-07-26 13:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 17:05 - 2014-07-26 13:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:38 - 2013-12-12 22:35 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-14 15:36 - 2014-07-28 13:23 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-14 15:36 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:36 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:36 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:35 - 2014-07-27 07:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:35 - 2014-07-27 07:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:35 - 2013-12-12 22:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:35 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:35 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:35 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:35 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:35 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:35 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:35 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:35 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Allen\AppData\Local\Temp\avgnt.exe
C:\Users\Allen\AppData\Local\Temp\COMAP.EXE
C:\Users\Allen\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe
C:\Users\Allen\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_GR3R2-W9NHG-46YHH-BFH7Y-QJYG3_act_1_.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-05 11:25

==================== End Of Log ============================








Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Allen at 2014-09-09 08:44:55
Running from C:\Users\Allen\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.4 - ASUS)
ASUS GPU Tweak (HKLM\...\{7353D4C7-43E9-46A3-A1FF-79DD94A386F2}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.8 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
ETDWare PS/2-X64 11.5.12.1_WHQL (HKLM\...\Elantech) (Version: 11.5.12.1 - ELAN Microelectronic Corp.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.169.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Control Panel 332.60 (Version: 332.60 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.60 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0927 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Thunderbolt(TM) Software (HKLM\...\{A1E0CC92-937C-4D22-8F42-C5BE96F35AC0}) (Version: 1.4.0.1 - Intel(R) Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8070 - Broadcom Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

24-08-2014 14:03:21 Scheduled Checkpoint
28-08-2014 09:49:09 Windows Update
05-09-2014 15:20:01 Scheduled Checkpoint
09-09-2014 01:15:44 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0225EB76-0245-4FEC-A890-99693FCC2EF4} - System32\Tasks\ASUS GPUTweak => C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe [2014-01-27] (ASUS)
Task: {02D9BA02-80B8-40C2-A6DB-D7DE9A14EAA1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-28] ()
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1BC415F8-C5C4-4C25-9569-C043F337BEE8} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-01-20] (Realtek Semiconductor)
Task: {1E63247C-7A3C-4725-96DD-63E539350949} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-29] (Microsoft Corporation)
Task: {1FAC1FC5-1385-4547-BA95-7E3C8AC92636} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-29] (Microsoft Corporation)
Task: {1FD3CF3B-B013-4F02-97A6-36EF4A42C0D9} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B0B5329-1D5B-4640-A204-59F71963CF5C} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-05] ()
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {43C53107-D209-4C25-AA0B-36388037578B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {52BCEB35-0C19-46C3-8C00-F1E92DF50546} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-01-23] (Realtek Semiconductor)
Task: {597EA1D4-BD06-41F6-83BD-F0369183885F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {721F18C1-3DFE-47DC-89F9-F2D0B148FF5C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-01-16] (ASUSTek Computer Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {866A0CA2-3FF9-4451-B3C2-6FE34DF399E9} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8A080138-619B-4667-B288-EAF4F293458B} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CF7821D-0AC1-46B1-8E62-66F94344FB80} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6145A3A-D032-4D27-838D-B4960897AFBF} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2014-09-09] ()
Task: {B1101091-4B90-478D-A7CA-39C7262099DD} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {B2791D8A-C1B0-4763-9B49-AC4BEF9D4233} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2014-09-09] ()
Task: {BC91D5A6-174E-4499-840A-40D3847831E1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {BD033A6C-4626-4DDC-A6B1-E4D477611D4C} - System32\Tasks\Component System\Component => C:\Users\Allen\AppData\Local\Component\com.exe [2014-09-04] ()
Task: {C697F868-BC38-49E8-A305-0A4FD3899A9C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D32BA3AC-E3EF-473F-9D5B-A80101E496A8} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DBA9A959-ED18-464D-A0D0-0A88BB3D73FF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E2CCB0B0-0EE8-4987-A4D4-BCB3D17978C0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F06BCB73-05AA-435B-823F-AB4E7B86332D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {F41FB19D-A8C4-4E28-B0F9-16DE138557FC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

==================== Loaded Modules (whitelisted) =============

2014-04-08 09:02 - 2014-02-02 20:24 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-25 15:05 - 2013-10-25 15:05 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-08-08 05:49 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-29 19:01 - 2013-08-29 19:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-08-29 07:19 - 2014-08-29 07:19 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-08 09:20 - 2013-05-15 17:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-01-27 19:41 - 2014-01-27 19:41 - 00011264 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\WMIProc.dll
2014-01-27 19:41 - 2014-01-27 19:41 - 00320000 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\NavpiWrapper.dll
2012-03-07 22:27 - 2012-03-07 22:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ACVsWin.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-08-24 02:51 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Allen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-08 08:55 - 2013-10-23 16:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-29 07:19 - 2014-08-29 07:19 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Allen\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Allen\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 07:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53648f36
Exception code: 0xc0000005
Fault offset: 0x0001ec81
Faulting process id: 0x1608
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (09/09/2014 07:04:32 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/09/2014 06:45:01 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (09/09/2014 06:21:50 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/08/2014 10:26:07 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/08/2014 10:12:32 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/08/2014 09:19:13 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070571.

Error: (09/08/2014 09:16:30 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/08/2014 08:51:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/07/2014 11:47:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/09/2014 07:49:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (09/08/2014 10:29:33 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/08/2014 10:29:25 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/08/2014 10:29:08 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/08/2014 10:29:08 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/08/2014 10:29:08 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/08/2014 10:29:05 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/08/2014 10:28:52 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/08/2014 10:28:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (09/08/2014 10:28:52 PM) (Source: DCOM) (EventID: 10005) (User: ALLENTRANSIER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (09/09/2014 07:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532ntdll.dll6.3.9600.1711453648f36c00000050001ec81160801cfcc1e14328166C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SYSTEM32\ntdll.dll2b81bd7f-3813-11e4-826c-54271e333cda

Error: (09/09/2014 07:04:32 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/09/2014 06:45:01 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (09/09/2014 06:21:50 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (09/08/2014 10:26:07 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/08/2014 10:12:32 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/08/2014 09:19:13 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070571

Error: (09/08/2014 09:16:30 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/08/2014 08:51:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/07/2014 11:47:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 18%
Total physical RAM: 12170.95 MB
Available physical RAM: 9929.14 MB
Total Pagefile: 14026.95 MB
Available Pagefile: 11672.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive b: (OS) (RAMDisk) (Total:372.6 GB) (Free:331 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:330.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4FDA7FC3)

Partition: GPT Partition Type.

==================== End Of Log ============================








aswMBR:

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-09 08:47:33
-----------------------------
08:47:33.404 OS Version: Windows x64 6.2.9200
08:47:33.404 Number of processors: 8 586 0x3C03
08:47:33.404 ComputerName: ALLENTRANSIER UserName: Allen
08:47:35.748 Initialize success
08:47:35.842 VM: initialized successfully
08:47:35.873 VM: Intel CPU supported
08:47:39.987 VM: disk I/O iaStorA.sys
08:50:41.038 AVAST engine defs: 14090900
08:50:57.226 The log file has been saved successfully to "C:\Users\Allen\Desktop\aswMBR.txt"
ken545
2014-09-10, 02:22
:snwelcome:

AdwCleaner should have removed those bad entries for Safesearch, maybe you ran an old version or did not run it properly

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64) either in a directory you saved frst.exe (or frst64.exe)or on your desktop if thats where you saved it



Start
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20140908-135-ie-sm
FF Homepage: hxxp://www.safesear.ch/?type=20140908-135-ff
FF NewTab: hxxp://www.safesear.ch/?type=20140908-135-ff-nt
FF SelectedSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF DefaultSearchEngine: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20140908-135-ff-sm
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140908-135-ch"
CHR DefaultSearchKeyword: Default -> safesear.ch
CHR DefaultSearchProvider: Default -> SafeSearch
CHR DefaultSearchURL: Default -> http://www.safesear.ch/web/?type=ss-ch-ds&q={searchTerms}
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



==========================================================



-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



===============================================================================


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.




===============================================================================

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
Et Cetera
2014-09-10, 04:47
AdwCleaner, JRT, Malwarebytes Anti-Malware logs:


# AdwCleaner v3.309 - Report created 09/09/2014 at 21:13:10
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Allen - ALLENTRANSIER
# Running from : C:\Users\Allen\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v

[ File : C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1061 octets] - [09/09/2014 06:12:09]
AdwCleaner[R1].txt - [1122 octets] - [09/09/2014 06:34:21]
AdwCleaner[R2].txt - [1068 octets] - [09/09/2014 07:02:54]
AdwCleaner[R3].txt - [1189 octets] - [09/09/2014 07:48:48]
AdwCleaner[R4].txt - [1309 octets] - [09/09/2014 21:11:31]
AdwCleaner[S0].txt - [1188 octets] - [09/09/2014 06:38:21]
AdwCleaner[S1].txt - [1130 octets] - [09/09/2014 07:04:20]
AdwCleaner[S2].txt - [1251 octets] - [09/09/2014 07:49:22]
AdwCleaner[S3].txt - [1231 octets] - [09/09/2014 21:13:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1291 octets] ##########





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Allen on Tue 09/09/2014 at 21:18:54.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/09/2014 at 21:22:05.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/9/2014
Scan Time: 9:30:52 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.09.07
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Allen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296839
Time Elapsed: 8 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Safesear.A, HKU\S-1-5-21-2416049117-1157259280-1329477343-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}),,[7a21806b63184ee8292bc33405ffb848]

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SafeSear.A, C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://www.safesear.ch/?type=20140908-135-ch",), ,[5f3c07e44635f4422cb6cc5dde2719e7]

Physical Sectors: 0
(No malicious items detected)


(end)
ken545
2014-09-10, 12:51
Did you run the fix with FRST ?


When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Et Cetera
2014-09-10, 14:19
[grumble]... I was hoping I wouldn't miss something... sorry here's the FRST log:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Allen at 2014-09-09 21:00:32 Run:1
Running from C:\Users\Allen\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20140908-135-ie-sm
FF Homepage: hxxp://www.safesear.ch/?type=20140908-135-ff
FF NewTab: hxxp://www.safesear.ch/?type=20140908-135-ff-nt
FF SelectedSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF DefaultSearchEngine: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20140908-135-ff-sm
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140908-135-ch"
CHR DefaultSearchKeyword: Default -> safesear.ch
CHR DefaultSearchProvider: Default -> SafeSearch
CHR DefaultSearchURL: Default -> http://www.safesear.ch/web/?type=ss-ch-ds&q={searchTerms}
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Hosts:
EmptyTemp:
End
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
Firefox homepage deleted successfully.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> SafeSearch ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Et Cetera
2014-09-10, 14:51
[grumble]... I was hoping I wouldn't miss something... sorry here's the FRST log:

Oh I should have been clearer ^there. I meant that I forgot to post it here; I did run the FRST log first and then the rest in the order you said earlier.
ken545
2014-09-10, 15:19
Is Safesearch still present or is it gone ?

Go ahead and run a new scan with FRST and post the new log please
Et Cetera
2014-09-10, 15:41
Safesearch is still there. I don't know if this is relevant, but my IE shortcut icon is now the normal little blue "e" but with a tiny padlock animated onto it.

Here's the FRST log from a few minutes ago. My Avira antivirus was still on, should I turn it off when running FRST?


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Allen at 2014-09-10 08:32:07 Run:2
Running from C:\Users\Allen\Desktop\FRST TAKE TWO
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear.ch/?type=20140908-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20140908-135-sshome-ie-df&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20140908-135-ie-sm
FF Homepage: hxxp://www.safesear.ch/?type=20140908-135-ff
FF NewTab: hxxp://www.safesear.ch/?type=20140908-135-ff-nt
FF SelectedSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF DefaultSearchEngine: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20140908-135-ff-sm
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140908-135-ch"
CHR DefaultSearchKeyword: Default -> safesear.ch
CHR DefaultSearchProvider: Default -> SafeSearch
CHR DefaultSearchURL: Default -> http://www.safesear.ch/web/?type=ss-ch-ds&q={searchTerms}
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Hosts:
EmptyTemp:
End
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
Firefox homepage deleted successfully.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> SafeSearch ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
"C:\ProgramData\SetStretch.exe" => File/Directory not found.
"C:\ProgramData\SetStretch.VBS" => File/Directory not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 77.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
ken545
2014-09-10, 16:12
The log you just posted is from the fix, I need you to run a new scan with FRST and post the new scan log

But do this first


Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons
Click on Search Providers
If Safesearch is listed delete it
Make Google your default



Open IE
Go to Tools> Internet Options > Advanced Tab
Reset Internet Explorer Setting
Reset
This will take a few seconds
Close IE and then reopen it and see if it helped







Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Safesearch and select Delete



Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Open a specific page or set of pages.
Set Pages
Remove Safesearch if present
You can copy and paste the url from a page you like or if you have that page open select use current
OK your way out and close chome.
Reopen Chrome and make sure your start page is the one you want








Open Firefox
Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines
Highlite Safesearch and select Delete




Then reboot your computer and see if Safesearch is gone. Either way run a new scan with FRST and post the log from the new scan
Et Cetera
2014-09-10, 16:36
Safesearch is still here. I managed the search defaults in IE as directed, but I uninstalled Chrome from my computer soon after I found Safesearch on it, and I've never installed Firefox on this computer (it's a new computer that I've only had for about a month). In any case, I double-checked the "Add or Remove Programs" list and neither were there.

FRST Scan log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Allen (administrator) on ALLENTRANSIER on 10-09-2014 09:27:44
Running from C:\Users\Allen\Desktop\FRST TAKE TWO
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-24] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default\Extensions\abs@avira.com [2014-08-24]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140908-135-ch"
CHR DefaultSearchKeyword: Default -> safesear.ch
CHR DefaultSearchProvider: Default -> SafeSearch
CHR DefaultSearchURL: Default -> http://www.safesear.ch/web/?type=ss-ch-ds&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-25]
CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-25]
CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Avira SafeSearch) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-24]
CHR Extension: (Services) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-08]
CHR Extension: (Tab) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-25]
CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-01] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-04-08] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-26] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-10 08:31 - 2014-09-10 08:31 - 00000000 ____D () C:\Users\Allen\Desktop\FRST-OlderVersion
2014-09-09 21:41 - 2014-09-09 21:41 - 00001583 _____ () C:\Users\Allen\Desktop\mb2.txt
2014-09-09 21:26 - 2014-09-10 09:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 21:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 21:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 21:22 - 2014-09-09 21:22 - 00000622 _____ () C:\Users\Allen\Desktop\JRT.txt
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:15 - 2014-09-09 21:15 - 00001371 _____ () C:\Users\Allen\Desktop\AdwCleaner[S3].txt
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:05 - 2014-09-09 21:05 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 21:00 - 2014-09-10 09:27 - 00000000 ____D () C:\Users\Allen\Desktop\FRST TAKE TWO
2014-09-09 20:55 - 2014-09-09 21:07 - 00000000 ____D () C:\Users\Allen\Desktop\OLD CPU FIX
2014-09-09 08:50 - 2014-09-09 08:50 - 00000598 _____ () C:\Users\Allen\Desktop\aswMBR.txt
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:44 - 2014-09-09 08:45 - 00050397 _____ () C:\Users\Allen\Desktop\FRST.txt
2014-09-09 08:44 - 2014-09-09 08:45 - 00026200 _____ () C:\Users\Allen\Desktop\Addition.txt
2014-09-09 08:43 - 2014-09-10 09:27 - 00000000 ____D () C:\FRST
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 07:01 - 2014-09-09 21:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 06:59 - 2014-09-09 07:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:12 - 2014-09-09 21:13 - 00000000 ____D () C:\AdwCleaner
2014-09-09 06:02 - 2014-09-09 06:02 - 00000336 _____ () C:\Users\Allen\Desktop\CPU.txt
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:03 - 2014-09-08 21:08 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-28 05:29 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:50 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-24 02:47 - 2014-08-24 02:50 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:46 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-14 16:31 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-14 15:41 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:41 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:41 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:41 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:41 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:41 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:41 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:41 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:40 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-14 15:40 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-14 15:40 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-14 15:40 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-14 15:40 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-14 15:40 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-14 15:40 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-14 15:40 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:40 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:40 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-14 15:40 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:40 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-14 15:40 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-14 15:39 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 15:39 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 15:39 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-14 15:39 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-14 15:39 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-14 15:39 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:39 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:39 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:39 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:39 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:39 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:39 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:39 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-14 15:39 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-14 15:39 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-14 15:39 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-14 15:39 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-14 15:39 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-14 15:39 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-14 15:39 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-14 15:39 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-14 15:39 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-14 15:39 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-14 15:39 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 15:39 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-14 15:39 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 15:39 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 15:39 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 15:39 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-14 15:39 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-14 15:39 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-14 15:39 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-14 15:39 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-14 15:39 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 15:39 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-14 15:39 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-14 15:39 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-14 15:39 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-14 15:39 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-14 15:39 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-14 15:39 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-14 15:39 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-14 15:39 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-14 15:39 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-14 15:39 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-14 15:39 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-14 15:39 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 09:27 - 2014-09-09 21:00 - 00000000 ____D () C:\Users\Allen\Desktop\FRST TAKE TWO
2014-09-10 09:27 - 2014-09-09 08:43 - 00000000 ____D () C:\FRST
2014-09-10 09:25 - 2014-07-25 08:47 - 00000074 _____ () C:\Users\Allen\AppData\Roaming\sp_data.sys
2014-09-10 09:24 - 2014-07-31 06:49 - 00000000 ___DO () C:\Users\Allen\OneDrive
2014-09-10 09:23 - 2014-09-09 21:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 09:22 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 09:21 - 2014-04-08 09:01 - 01155064 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 09:21 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-10 09:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-10 08:34 - 2014-07-27 08:07 - 01265152 ___SH () C:\Users\Allen\Desktop\Thumbs.db
2014-09-10 08:32 - 2013-12-12 22:50 - 00180508 _____ () C:\Windows\PFRO.log
2014-09-10 08:31 - 2014-09-10 08:31 - 00000000 ____D () C:\Users\Allen\Desktop\FRST-OlderVersion
2014-09-10 07:55 - 2014-07-25 08:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2416049117-1157259280-1329477343-1001
2014-09-10 07:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-09 21:41 - 2014-09-09 21:41 - 00001583 _____ () C:\Users\Allen\Desktop\mb2.txt
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:22 - 2014-09-09 21:22 - 00000622 _____ () C:\Users\Allen\Desktop\JRT.txt
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:15 - 2014-09-09 21:15 - 00001371 _____ () C:\Users\Allen\Desktop\AdwCleaner[S3].txt
2014-09-09 21:13 - 2014-09-09 06:12 - 00000000 ____D () C:\AdwCleaner
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:07 - 2014-09-09 20:55 - 00000000 ____D () C:\Users\Allen\Desktop\OLD CPU FIX
2014-09-09 21:06 - 2014-09-09 07:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 21:05 - 2014-09-09 21:05 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 08:50 - 2014-09-09 08:50 - 00000598 _____ () C:\Users\Allen\Desktop\aswMBR.txt
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:45 - 2014-09-09 08:44 - 00050397 _____ () C:\Users\Allen\Desktop\FRST.txt
2014-09-09 08:45 - 2014-09-09 08:44 - 00026200 _____ () C:\Users\Allen\Desktop\Addition.txt
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:08 - 2014-09-09 06:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 06:02 - 2014-09-09 06:02 - 00000336 _____ () C:\Users\Allen\Desktop\CPU.txt
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:49 - 2014-07-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-08 21:08 - 2014-09-08 21:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-08 11:10 - 2013-12-12 23:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 10:54 - 2013-08-22 10:46 - 00026388 _____ () C:\Windows\setupact.log
2014-09-08 09:11 - 2014-07-25 08:45 - 00000000 ____D () C:\Users\Allen\AppData\Local\Packages
2014-09-07 12:13 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\HW
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-31 09:53 - 2013-08-22 10:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 07:20 - 2014-07-26 10:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 05:49 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:55 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\MISC
2014-08-24 02:54 - 2014-04-08 09:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-24 02:50 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-24 02:46 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-22 20:42 - 2014-08-28 05:29 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 10:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-15 10:30 - 2014-08-24 02:50 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-14 17:06 - 2014-07-26 13:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 17:05 - 2014-07-26 13:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:38 - 2013-12-12 22:35 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-14 15:36 - 2014-07-28 13:23 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-14 15:36 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:36 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:36 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:35 - 2014-07-27 07:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:35 - 2014-07-27 07:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:35 - 2013-12-12 22:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:35 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:35 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:35 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:35 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:35 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:35 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:35 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:35 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

Some content of TEMP:
====================
C:\Users\Allen\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-05 11:25

==================== End Of Log ============================
ken545
2014-09-10, 16:57
Open up FRST and paste this in to the box

Safesearch

The click on Search Files
Et Cetera
2014-09-10, 17:02
log:



Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Allen at 2014-09-10 09:59:20
Running from C:\Users\Allen\Desktop\FRST TAKE TWO
Boot Mode: Normal

================== Search Files: "Safesearch" =============

====== End Of Search ======
ken545
2014-09-10, 17:43
Safesearch

Do the same thing with Safesearch , this time click Search Registry
Et Cetera
2014-09-10, 20:19
Safesearch search registry:

Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Allen at 2014-09-10 13:15:34
Running from C:\Users\Allen\Desktop\FRST TAKE TWO
Boot Mode: Normal

================== Search Registry: "Safesearch" ===========

[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"="http://forums.spybot.info/showthread.php?71060-Safesearch-infection&p=456957#post456957"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url2"="http://forums.spybot.info/showthread.php?71060-Safesearch-infection/page2"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url3"="http://forums.spybot.info/showthread.php?71060-Safesearch-infection&p=456955#post456955"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"="Filter adult content out of search results"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"="explicit"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"="Filter adult content out of search results"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"="explicit"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"="Filter adult content out of search results"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\1705c8af]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"="explicit"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"="Filter adult content out of search results"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-2416049117-1157259280-1329477343-1001_Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cf4325edc7847f\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"="explicit"

====== End Of Search ======
ken545
2014-09-10, 21:48
Lets try this again


Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons from the dropdown list
In this window you can manage the Internet Explorer add-ons
Click on Search Providers
Click on the option Toolbars and Extensions on left side of the window.
Then click on the malicious items te remove Safesearch
Make Google your default
Close IE and then open it again and see if Safesearch is gone
Et Cetera
2014-09-10, 22:52
Ok, I followed those instructions but there's no mention of Safesearch in the "Tools and Extensions" or "Search Providers" tabs.

I closed and re-opened IE, Safesearch still there. Opened "Tools and Extensions," and found these:

Microsoft Corporation:
Lync Browse Helper and Lync Click to Call (both disabled)

Not Available:
Send to OneNote and OneNote Linked Notes (both enabled)

So I restarted the computer, re-opened IE (still Safesearch), and checked "T&E" again. This time it was the same four as above, but with another one listed:

Microsoft Windows Third Party Application Component:
Shockwave Flash Object (enabled)

I'm unsure if that means anything.
ken545
2014-09-10, 23:03
Lets do this and we will get a new updated copy of AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.




-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
Et Cetera
2014-09-11, 01:34
# AdwCleaner v3.309 - Report created 10/09/2014 at 18:31:04
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Allen - ALLENTRANSIER
# Running from : C:\Users\Allen\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v

[ File : C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [888 octets] - [10/09/2014 18:30:26]
AdwCleaner[S0].txt - [810 octets] - [10/09/2014 18:31:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [869 octets] ##########
ken545
2014-09-11, 01:48
Go ahead and run a new scan with FRST please
Et Cetera
2014-09-11, 01:59
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Allen (administrator) on ALLENTRANSIER on 10-09-2014 18:54:27
Running from C:\Users\Allen\Desktop\FRST 3
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-24] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default\Extensions\abs@avira.com [2014-08-24]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140908-135-ch"
CHR DefaultSearchKeyword: Default -> safesear.ch
CHR DefaultSearchProvider: Default -> SafeSearch
CHR DefaultSearchURL: Default -> http://www.safesear.ch/web/?type=ss-ch-ds&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-25]
CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-25]
CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Avira SafeSearch) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-24]
CHR Extension: (Services) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-08]
CHR Extension: (Tab) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-25]
CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-01] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-04-08] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-26] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 18:54 - 2014-09-10 18:54 - 00000000 ____D () C:\Users\Allen\Desktop\FRST 3
2014-09-10 18:30 - 2014-09-10 18:31 - 00000000 ____D () C:\AdwCleaner
2014-09-10 18:29 - 2014-09-10 18:29 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-10 09:59 - 2014-09-10 10:00 - 00000252 _____ () C:\Users\Allen\Desktop\Search.txt
2014-09-10 09:27 - 2014-09-10 09:28 - 00049127 _____ () C:\Users\Allen\Desktop\FRST Scan 2.txt
2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-10 08:31 - 2014-09-10 08:31 - 00000000 ____D () C:\Users\Allen\Desktop\FRST-OlderVersion
2014-09-09 21:41 - 2014-09-09 21:41 - 00001583 _____ () C:\Users\Allen\Desktop\mb2.txt
2014-09-09 21:26 - 2014-09-10 18:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 21:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 21:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 21:22 - 2014-09-09 21:22 - 00000622 _____ () C:\Users\Allen\Desktop\JRT.txt
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:15 - 2014-09-09 21:15 - 00001371 _____ () C:\Users\Allen\Desktop\AdwCleaner[S3].txt
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 21:00 - 2014-09-10 18:54 - 00000000 ____D () C:\Users\Allen\Desktop\FRST TAKE TWO
2014-09-09 20:55 - 2014-09-09 21:07 - 00000000 ____D () C:\Users\Allen\Desktop\OLD CPU FIX
2014-09-09 08:50 - 2014-09-09 08:50 - 00000598 _____ () C:\Users\Allen\Desktop\aswMBR.txt
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:44 - 2014-09-09 08:45 - 00050397 _____ () C:\Users\Allen\Desktop\FRST.txt
2014-09-09 08:44 - 2014-09-09 08:45 - 00026200 _____ () C:\Users\Allen\Desktop\Addition.txt
2014-09-09 08:43 - 2014-09-10 18:54 - 00000000 ____D () C:\FRST
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 07:01 - 2014-09-09 21:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 06:59 - 2014-09-09 07:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:02 - 2014-09-09 06:02 - 00000336 _____ () C:\Users\Allen\Desktop\CPU.txt
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:03 - 2014-09-08 21:08 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-28 05:29 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:50 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-24 02:47 - 2014-08-24 02:50 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:46 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-14 16:31 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-14 15:41 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:41 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:41 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:41 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:41 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:41 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:41 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:41 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:40 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-14 15:40 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-14 15:40 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-14 15:40 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-14 15:40 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-14 15:40 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-14 15:40 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-14 15:40 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:40 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:40 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-14 15:40 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:40 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-14 15:40 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-14 15:39 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 15:39 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 15:39 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-14 15:39 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-14 15:39 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-14 15:39 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:39 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:39 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:39 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:39 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:39 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:39 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:39 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-14 15:39 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-14 15:39 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-14 15:39 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-14 15:39 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-14 15:39 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-14 15:39 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-14 15:39 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-14 15:39 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-14 15:39 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-14 15:39 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-14 15:39 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 15:39 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-14 15:39 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 15:39 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 15:39 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 15:39 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-14 15:39 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-14 15:39 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-14 15:39 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-14 15:39 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-14 15:39 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 15:39 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-14 15:39 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-14 15:39 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-14 15:39 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-14 15:39 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-14 15:39 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-14 15:39 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-14 15:39 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-14 15:39 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-14 15:39 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-14 15:39 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-14 15:39 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-14 15:39 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 18:54 - 2014-09-10 18:54 - 00000000 ____D () C:\Users\Allen\Desktop\FRST 3
2014-09-10 18:54 - 2014-09-09 21:00 - 00000000 ____D () C:\Users\Allen\Desktop\FRST TAKE TWO
2014-09-10 18:54 - 2014-09-09 08:43 - 00000000 ____D () C:\FRST
2014-09-10 18:54 - 2014-07-31 06:49 - 00000000 __RDO () C:\Users\Allen\OneDrive
2014-09-10 18:34 - 2014-07-25 08:47 - 00000074 _____ () C:\Users\Allen\AppData\Roaming\sp_data.sys
2014-09-10 18:33 - 2014-09-09 21:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 18:31 - 2014-09-10 18:30 - 00000000 ____D () C:\AdwCleaner
2014-09-10 18:31 - 2014-04-08 09:01 - 01255401 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 18:31 - 2013-12-12 22:50 - 00180822 _____ () C:\Windows\PFRO.log
2014-09-10 18:31 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 18:29 - 2014-09-10 18:29 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-10 18:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-10 10:00 - 2014-09-10 09:59 - 00000252 _____ () C:\Users\Allen\Desktop\Search.txt
2014-09-10 09:41 - 2014-07-25 08:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2416049117-1157259280-1329477343-1001
2014-09-10 09:28 - 2014-09-10 09:27 - 00049127 _____ () C:\Users\Allen\Desktop\FRST Scan 2.txt
2014-09-10 09:21 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-10 08:34 - 2014-07-27 08:07 - 01265152 ___SH () C:\Users\Allen\Desktop\Thumbs.db
2014-09-10 08:31 - 2014-09-10 08:31 - 00000000 ____D () C:\Users\Allen\Desktop\FRST-OlderVersion
2014-09-10 07:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-09 21:41 - 2014-09-09 21:41 - 00001583 _____ () C:\Users\Allen\Desktop\mb2.txt
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:22 - 2014-09-09 21:22 - 00000622 _____ () C:\Users\Allen\Desktop\JRT.txt
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:15 - 2014-09-09 21:15 - 00001371 _____ () C:\Users\Allen\Desktop\AdwCleaner[S3].txt
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:07 - 2014-09-09 20:55 - 00000000 ____D () C:\Users\Allen\Desktop\OLD CPU FIX
2014-09-09 21:06 - 2014-09-09 07:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 08:50 - 2014-09-09 08:50 - 00000598 _____ () C:\Users\Allen\Desktop\aswMBR.txt
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:45 - 2014-09-09 08:44 - 00050397 _____ () C:\Users\Allen\Desktop\FRST.txt
2014-09-09 08:45 - 2014-09-09 08:44 - 00026200 _____ () C:\Users\Allen\Desktop\Addition.txt
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:08 - 2014-09-09 06:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 06:02 - 2014-09-09 06:02 - 00000336 _____ () C:\Users\Allen\Desktop\CPU.txt
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:49 - 2014-07-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-08 21:08 - 2014-09-08 21:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-08 11:10 - 2013-12-12 23:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 10:54 - 2013-08-22 10:46 - 00026388 _____ () C:\Windows\setupact.log
2014-09-08 09:11 - 2014-07-25 08:45 - 00000000 ____D () C:\Users\Allen\AppData\Local\Packages
2014-09-07 12:13 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\HW
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-31 09:53 - 2013-08-22 10:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 07:20 - 2014-07-26 10:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 05:49 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:55 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\MISC
2014-08-24 02:54 - 2014-04-08 09:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-24 02:50 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-24 02:46 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-22 20:42 - 2014-08-28 05:29 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 10:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-15 10:30 - 2014-08-24 02:50 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-14 17:06 - 2014-07-26 13:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 17:05 - 2014-07-26 13:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:38 - 2013-12-12 22:35 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-14 15:36 - 2014-07-28 13:23 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-14 15:36 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:36 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:36 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:35 - 2014-07-27 07:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:35 - 2014-07-27 07:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:35 - 2013-12-12 22:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:35 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:35 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:35 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:35 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:35 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:35 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:35 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:35 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

Some content of TEMP:
====================
C:\Users\Allen\AppData\Local\Temp\avgnt.exe
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-05 11:25

==================== End Of Log ============================
ken545
2014-09-11, 02:52
The only entries I see for Safesearch are on Chome and you said you uninstalled it ??
Et Cetera
2014-09-11, 02:57
Correct. Like I said, it's a new computer so the program list is fairly brief. I checked it again just now, nothing about Google or Chrome anywhere.
ken545
2014-09-11, 03:11
Tell me where your seeing Safesearch as I dont see it on your log , when you open IE where do you see it, is it still your main search engine ?
Et Cetera
2014-09-11, 03:29
The only time I see it is when I open IE initially. When the browser is open, I can click New Tab, which brings me to the "frequently-visited pages" page with the 10 icons.

When going to Tools > Internet Options > General > Home Page, bing.com is listed, the home page I had always had it on. When Safesearch first appeared, I set it back to bing and I think that setting has stayed that way ever since.
ken545
2014-09-11, 03:53
Give this a shot

Open IE

Then go to - Tools - Internet Options - General Tab - check -> Delete Browsing History on Exit


Then Tools - Internet Options - Advanced Tab - check Empty Temporary Internet Files on Exit.

Close IE and then open it and let me know if its gone
Et Cetera
2014-09-11, 04:02
It didn't work.
ken545
2014-09-11, 04:13
This will set IE back to default


Open IE
Go to Tools> Internet Options > Advanced Tab
Reset Internet Explorer Setting
Reset
This will take a few seconds
Close IE and then reopen it and see if it helped
Et Cetera
2014-09-11, 04:19
Sorry, still got the Safesearch.

I don't suppose re-downloading Chrome would help...? (grasping for straws)
ken545
2014-09-11, 13:33
Good Morning,

Chome looks like it was infected also and reinstalling it is going to give you problems, you can reinstall it if you wish but we will need to clean it up as well.

Actually Safesearch is gone, its just leftover pages that you typed in your search that you're seeing, when you do a search from IE, you should see results from either Google or Bing


Open Internet Explorer
Go to Tools > Internet Options > Tabs

Look for "When a New Tab is Opened "

And on the drop down list select "Your First Home Page "
Et Cetera
2014-09-11, 14:19
Safesearch being gone certainly sounds like good news, well done!

So I just downloaded Chrome. Safesearch was the startup page of course. All I've done with Chrome so far is installed it and then changed the default search and the startup page to bing.com. When I open Chrome initially, it brings up a SS tab and a Bing tab.
ken545
2014-09-11, 14:39
Try this


Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Safesearch and select Delete



Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Open a specific page or set of pages.
Set Pages
Remove Safesearch if present
You can copy and paste the url from a page you like or if you have that page open select use current
OK your way out and close chome.
Reopen Chrome and make sure your start page is the one you want




Then reboot your system and run a new scan with FRST and lets see where we stand
Et Cetera
2014-09-11, 14:53
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Allen (administrator) on ALLENTRANSIER on 11-09-2014 07:51:21
Running from C:\Users\Allen\Desktop\FRST 3
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-24] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default\Extensions\abs@avira.com [2014-08-24]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://bing.com/"
CHR NewTab: Default -> "chrome-extension://gdfjhiclilbjdpeejgcgebmmihkkofji/new.html"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchProvider: Default -> Bing
CHR DefaultSearchURL: Default -> https://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-25]
CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-25]
CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Avira SafeSearch) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-24]
CHR Extension: (Services) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-08]
CHR Extension: (Tab) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-25]
CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-01] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-04-08] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-26] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:08 - 2014-09-11 07:48 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 07:08 - 2014-09-11 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 07:07 - 2014-09-11 07:48 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 07:07 - 2014-09-11 07:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 07:07 - 2014-09-11 07:07 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 07:07 - 2014-09-11 07:07 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-10 18:54 - 2014-09-11 07:51 - 00000000 ____D () C:\Users\Allen\Desktop\FRST 3
2014-09-10 18:30 - 2014-09-10 18:31 - 00000000 ____D () C:\AdwCleaner
2014-09-10 18:29 - 2014-09-10 18:29 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-09 21:26 - 2014-09-11 07:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 21:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 21:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:43 - 2014-09-11 07:51 - 00000000 ____D () C:\FRST
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 07:01 - 2014-09-09 21:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 06:59 - 2014-09-09 07:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:03 - 2014-09-08 21:08 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-28 05:29 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:50 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-24 02:47 - 2014-08-24 02:50 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:46 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-14 16:31 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-14 15:41 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:41 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:41 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:41 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:41 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:41 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:41 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:41 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:40 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-14 15:40 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-14 15:40 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-14 15:40 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-14 15:40 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-14 15:40 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-14 15:40 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-14 15:40 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:40 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:40 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-14 15:40 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:40 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-14 15:40 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-14 15:39 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 15:39 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 15:39 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-14 15:39 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-14 15:39 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-14 15:39 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:39 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:39 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:39 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:39 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:39 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:39 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:39 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-14 15:39 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-14 15:39 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-14 15:39 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-14 15:39 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-14 15:39 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-14 15:39 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-14 15:39 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-14 15:39 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-14 15:39 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-14 15:39 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-14 15:39 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 15:39 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-14 15:39 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 15:39 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 15:39 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 15:39 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-14 15:39 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-14 15:39 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-14 15:39 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-14 15:39 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-14 15:39 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 15:39 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-14 15:39 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-14 15:39 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-14 15:39 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-14 15:39 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-14 15:39 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-14 15:39 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-14 15:39 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-14 15:39 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-14 15:39 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-14 15:39 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-14 15:39 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-14 15:39 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:51 - 2014-09-10 18:54 - 00000000 ____D () C:\Users\Allen\Desktop\FRST 3
2014-09-11 07:51 - 2014-09-09 08:43 - 00000000 ____D () C:\FRST
2014-09-11 07:48 - 2014-09-11 07:08 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 07:48 - 2014-09-11 07:07 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 07:48 - 2014-09-09 21:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 07:48 - 2014-07-31 06:49 - 00000000 __RDO () C:\Users\Allen\OneDrive
2014-09-11 07:48 - 2014-07-25 08:47 - 00000074 _____ () C:\Users\Allen\AppData\Roaming\sp_data.sys
2014-09-11 07:45 - 2013-12-12 22:50 - 00181134 _____ () C:\Windows\PFRO.log
2014-09-11 07:45 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 07:44 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-11 07:19 - 2014-07-25 08:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2416049117-1157259280-1329477343-1001
2014-09-11 07:17 - 2014-04-08 09:01 - 01666032 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 07:12 - 2014-09-11 07:07 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 07:08 - 2014-09-11 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 07:08 - 2014-07-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-11 07:07 - 2014-09-11 07:07 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 07:07 - 2014-09-11 07:07 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-11 07:07 - 2014-07-25 13:23 - 00000000 ____D () C:\Users\Allen\AppData\Local\Deployment
2014-09-11 07:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-11 06:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-10 18:31 - 2014-09-10 18:30 - 00000000 ____D () C:\AdwCleaner
2014-09-10 18:29 - 2014-09-10 18:29 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-10 08:34 - 2014-07-27 08:07 - 01265152 ___SH () C:\Users\Allen\Desktop\Thumbs.db
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:06 - 2014-09-09 07:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:08 - 2014-09-09 06:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:08 - 2014-09-08 21:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-08 11:10 - 2013-12-12 23:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 10:54 - 2013-08-22 10:46 - 00026388 _____ () C:\Windows\setupact.log
2014-09-08 09:11 - 2014-07-25 08:45 - 00000000 ____D () C:\Users\Allen\AppData\Local\Packages
2014-09-07 12:13 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\HW
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-31 09:53 - 2013-08-22 10:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 07:20 - 2014-07-26 10:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 05:49 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:55 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\MISC
2014-08-24 02:54 - 2014-04-08 09:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-24 02:50 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-24 02:46 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-22 20:42 - 2014-08-28 05:29 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 10:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-15 10:30 - 2014-08-24 02:50 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-14 17:06 - 2014-07-26 13:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 17:05 - 2014-07-26 13:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:38 - 2013-12-12 22:35 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-14 15:36 - 2014-07-28 13:23 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-14 15:36 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:36 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:36 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:35 - 2014-07-27 07:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:35 - 2014-07-27 07:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:35 - 2013-12-12 22:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:35 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:35 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:35 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:35 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:35 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:35 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:35 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:35 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

Some content of TEMP:
====================
C:\Users\Allen\AppData\Local\Temp\avgnt.exe
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-05 11:25

==================== End Of Log ============================
ken545
2014-09-11, 15:04
Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64) either in a directory you saved frst.exe (or frst64.exe)or on your desktop if thats where you saved it



Start
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Post the log from the fix and then let me know how your system is behaving now , things ok with Chome ?
Et Cetera
2014-09-11, 15:21
When I ran the FRST fix, Avira popped up and said "host file blocked" right after FRST finished. fyi

After restart, I opened Chrome and Safesearch came up as the homepage, but the "open a specific page" and default search engine are still listed as bing, without SS being listed.

I then closed Chrome and reopened it, and Bing was the startup page.

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Allen at 2014-09-11 08:09:55 Run:3
Running from C:\Users\Allen\Desktop\FRST 3
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe
Hosts:
EmptyTemp:
End
*****************

Chrome HomePage deleted successfully.
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 25.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
ken545
2014-09-11, 15:33
About the hosts file, your AV or another program is blocking it from being changed and thats good, if we cant change it then neither can the bad guys, as long as your not being redirected in your web searches then its most likely ok
Et Cetera
2014-09-11, 15:52
So everything's fine except the SS startup page? I'm not planning on ever using the Safesearch search function or anything, but *should* I ensure that I never use it? Just wondering in case someone else fires up Chrome on this computer and starts typing away in the SS search field on startup.
ken545
2014-09-11, 16:24
When you say SS Start page are you referring to Safesearch ? What browser is that start page on ?
Et Cetera
2014-09-11, 16:30
When I open Chrome initially, bing is the startup page. When I click New Tab, Safesearch comes up.

However, in IE it initially opens to Safesearch, but clicking New Tab comes up with about:blank (because we restored the IE settings earlier).
ken545
2014-09-11, 16:36
You did this right ?


Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Safesearch and select Delete



Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Open a specific page or set of pages.
Set Pages
Remove Safesearch if present
You can copy and paste the url from a page you like or if you have that page open select use current
OK your way out and close chome.
Reopen Chrome and make sure your start page is the one you want
Et Cetera
2014-09-11, 16:48
Yes, Safesearch is nowhere in those lists. It was there right after re-installing Chrome, but once we removed it from those lists, it persists when opening New Tab. I've been checking these settings every time we make a change to see if Safesearch reappears in the lists, but it never does. So long story short, IE and Chrome don't have Safesearch listed as initial startup pages/new tabs but they do still come up.
ken545
2014-09-11, 16:51
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Down on the bottom you will see an option for RESET BROWSER SETTINGS
Click on it and it will set Chome back to defaults
Et Cetera
2014-09-11, 17:00
Okay, that seemed to do it. I restarted the computer and checked again, and Safesearch does not appear in either initial startup or New Tab. You've been a great help by the way. So the question now is do I avoid IE because Safesearch is still its startup page? Because we already restored IE's default settings as we just did to Chrome but Safesearch is still there.
ken545
2014-09-11, 17:15
Open IE and go to Tools > Internet Options and there you can change your homepage, you can type in a url like msn.com for instance or if your browser is open to a page you want to use just click on Use Current
Et Cetera
2014-09-11, 17:35
Same thing as before, Safesearch persists.

Here's what I just did: I opened IE to Internet Options > General > Tabs > When a tab is opened, open: > Your first home page (which is Bing)

So to recap:

Chrome seems totally fine.
IE initially opens with Safesearch. New Tab opens Bing, the homepage I manually set it to.
ken545
2014-09-11, 17:54
Lets clear all your history, this will remove cookies also so be sure to write down log on info for any sites you use that you need a user name and password because removing cookies will delete that info but when you log back in a new cookie will be set and thats fine, the reason for this is that you may still have some bad cookies from Safesearch



Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on History
Click on Clear Browsing History
Check
1. Browsing History
2. Cookies and Site Plug Ins
3. Cached Images and Files
Then ok your way out and close Chrome






Open Internet Explorer
Go to Tools > Internet Options
Browsing History
Delete Temp Files / History / Cookies / Saved Passwords / Web Form Information
Delete
Close out Internet Explorer
Et Cetera
2014-09-11, 18:10
It had no effect, it's still in the condition described in my previous post.
ken545
2014-09-11, 18:13
http://i.imgur.com/1QYkxTZ.jpg Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything




=============================================




Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan

As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
ken545
2014-09-11, 18:42
Running those tools cant hurt, just making sure there is nothing else present


Open Internet Explorer
Go to Tools > Internet Options > Tabs
When a new tab is open ...on the drop down list select a blank page
OK your way out and close IE
Et Cetera
2014-09-11, 19:08
Ran aswMBR, file below.

Ran TDSSkiller, no threats found and it generated no log file.

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-11 11:19:41
-----------------------------
11:19:41.378 OS Version: Windows x64 6.2.9200
11:19:41.378 Number of processors: 8 586 0x3C03
11:19:41.378 ComputerName: ALLENTRANSIER UserName: Allen
11:19:42.174 Initialize success
11:19:42.174 VM: initialized successfully
11:19:42.189 VM: Intel CPU supported
11:19:47.098 VM: disk I/O iaStorA.sys
11:49:26.898 AVAST engine defs: 14091000
11:53:25.538 The log file has been saved successfully to "C:\Users\Allen\Desktop\aswMBR report.txt"
ken545
2014-09-11, 19:24
Good, follow the instructions to change your new tab to open to a blank page
Et Cetera
2014-09-11, 21:16
Okay, did it. New Tab in IE gives about:blank
ken545
2014-09-11, 22:32
Great, keep in mind that you're free of this infection and what you were seeing where just some websites you went in via Safesearch, looks like your good to go

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.



==========================================================


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


Double-click DelFix.exe to run the program.
Place a checkmark next to the following items:

*Activate UAC
*Remove disinfection tools
*Create registry backup
*Reset System Settings


Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



==========================================================




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
Et Cetera
2014-09-12, 13:29
Thanks, Ken. I appreciate it.
ken545
2014-09-12, 14:37
Your very welcome

Ken :)