Safesearch infection

ken545 · Sep 11, 2014

The only entries I see for Safesearch are on Chome and you said you uninstalled it ??

Et Cetera · Sep 11, 2014

Correct. Like I said, it's a new computer so the program list is fairly brief. I checked it again just now, nothing about Google or Chrome anywhere.

ken545 · Sep 11, 2014

Tell me where your seeing Safesearch as I dont see it on your log , when you open IE where do you see it, is it still your main search engine ?

Et Cetera · Sep 11, 2014

The only time I see it is when I open IE initially. When the browser is open, I can click New Tab, which brings me to the "frequently-visited pages" page with the 10 icons.

When going to Tools > Internet Options > General > Home Page, bing.com is listed, the home page I had always had it on. When Safesearch first appeared, I set it back to bing and I think that setting has stayed that way ever since.

ken545 · Sep 11, 2014

Give this a shot

Open IE

Then go to - Tools - Internet Options - General Tab - check -> Delete Browsing History on Exit

Then Tools - Internet Options - Advanced Tab - check Empty Temporary Internet Files on Exit.

Close IE and then open it and let me know if its gone

Et Cetera · Sep 11, 2014

It didn't work.

ken545 · Sep 11, 2014

This will set IE back to default

Open IE
Go to Tools> Internet Options > Advanced Tab
Reset Internet Explorer Setting
Reset
This will take a few seconds
Close IE and then reopen it and see if it helped

Et Cetera · Sep 11, 2014

Sorry, still got the Safesearch.

I don't suppose re-downloading Chrome would help...? (grasping for straws)

ken545 · Sep 11, 2014

Good Morning,

Chome looks like it was infected also and reinstalling it is going to give you problems, you can reinstall it if you wish but we will need to clean it up as well.

Actually Safesearch is gone, its just leftover pages that you typed in your search that you're seeing, when you do a search from IE, you should see results from either Google or Bing

Open Internet Explorer
Go to Tools > Internet Options > Tabs

Look for "When a New Tab is Opened "

And on the drop down list select "Your First Home Page "

Et Cetera · Sep 11, 2014

Safesearch being gone certainly sounds like good news, well done!

So I just downloaded Chrome. Safesearch was the startup page of course. All I've done with Chrome so far is installed it and then changed the default search and the startup page to bing.com. When I open Chrome initially, it brings up a SS tab and a Bing tab.

ken545 · Sep 11, 2014

Try this

Open Chrome
Click the Chrome menu

on the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Safesearch and select Delete

Click the Chrome menu

on the browser toolbar.
Click on Settings
Open a specific page or set of pages.
Set Pages
Remove Safesearch if present
You can copy and paste the url from a page you like or if you have that page open select use current
OK your way out and close chome.
Reopen Chrome and make sure your start page is the one you want

Then reboot your system and run a new scan with FRST and lets see where we stand

Et Cetera · Sep 11, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Allen (administrator) on ALLENTRANSIER on 11-09-2014 07:51:21
Running from C:\Users\Allen\Desktop\FRST 3
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-24] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\FV6B5y7U.default\Extensions\abs@avira.com [2014-08-24]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
CHR StartupUrls: Default -> "hxxp://bing.com/"
CHR NewTab: Default -> "chrome-extension://gdfjhiclilbjdpeejgcgebmmihkkofji/new.html"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchProvider: Default -> Bing
CHR DefaultSearchURL: Default -> https://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-25]
CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-25]
CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Avira SafeSearch) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-24]
CHR Extension: (Services) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-08]
CHR Extension: (Tab) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-25]
CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-01] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-04-08] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-26] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:08 - 2014-09-11 07:48 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 07:08 - 2014-09-11 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 07:07 - 2014-09-11 07:48 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 07:07 - 2014-09-11 07:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 07:07 - 2014-09-11 07:07 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 07:07 - 2014-09-11 07:07 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-10 18:54 - 2014-09-11 07:51 - 00000000 ____D () C:\Users\Allen\Desktop\FRST 3
2014-09-10 18:30 - 2014-09-10 18:31 - 00000000 ____D () C:\AdwCleaner
2014-09-10 18:29 - 2014-09-10 18:29 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-09 21:26 - 2014-09-11 07:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 21:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 21:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:43 - 2014-09-11 07:51 - 00000000 ____D () C:\FRST
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 07:01 - 2014-09-09 21:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 06:59 - 2014-09-09 07:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:03 - 2014-09-08 21:08 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-28 05:29 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:50 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-24 02:50 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 02:47 - 2014-09-09 06:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-24 02:47 - 2014-08-24 02:50 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:46 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-14 16:31 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-14 15:41 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:41 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:41 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:41 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:41 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:41 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:41 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:41 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:41 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:41 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:41 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:41 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:41 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:41 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:41 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:41 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:41 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:41 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:41 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:41 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:41 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:40 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-14 15:40 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-14 15:40 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-14 15:40 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-14 15:40 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-14 15:40 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-14 15:40 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-14 15:40 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:40 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:40 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-14 15:40 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:40 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:40 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-14 15:40 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-14 15:39 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 15:39 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 15:39 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-14 15:39 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-14 15:39 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-14 15:39 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:39 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:39 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:39 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:39 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:39 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:39 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:39 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-14 15:39 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-14 15:39 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-14 15:39 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-14 15:39 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-14 15:39 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-14 15:39 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-14 15:39 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-14 15:39 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-14 15:39 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-14 15:39 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-14 15:39 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 15:39 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-14 15:39 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-14 15:39 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 15:39 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-14 15:39 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 15:39 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-14 15:39 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 15:39 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 15:39 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-14 15:39 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-14 15:39 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-14 15:39 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-14 15:39 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-14 15:39 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-14 15:39 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 15:39 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-14 15:39 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-14 15:39 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 15:39 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-14 15:39 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-14 15:39 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-14 15:39 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-14 15:39 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-14 15:39 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-14 15:39 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-14 15:39 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-14 15:39 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-14 15:39 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-14 15:39 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-14 15:39 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-14 15:39 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-14 15:39 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-14 15:39 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:51 - 2014-09-10 18:54 - 00000000 ____D () C:\Users\Allen\Desktop\FRST 3
2014-09-11 07:51 - 2014-09-09 08:43 - 00000000 ____D () C:\FRST
2014-09-11 07:48 - 2014-09-11 07:08 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 07:48 - 2014-09-11 07:07 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 07:48 - 2014-09-09 21:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 07:48 - 2014-07-31 06:49 - 00000000 __RDO () C:\Users\Allen\OneDrive
2014-09-11 07:48 - 2014-07-25 08:47 - 00000074 _____ () C:\Users\Allen\AppData\Roaming\sp_data.sys
2014-09-11 07:45 - 2013-12-12 22:50 - 00181134 _____ () C:\Windows\PFRO.log
2014-09-11 07:45 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 07:44 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-11 07:19 - 2014-07-25 08:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2416049117-1157259280-1329477343-1001
2014-09-11 07:17 - 2014-04-08 09:01 - 01666032 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 07:12 - 2014-09-11 07:07 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 07:08 - 2014-09-11 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 07:08 - 2014-07-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-11 07:07 - 2014-09-11 07:07 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 07:07 - 2014-09-11 07:07 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-11 07:07 - 2014-07-25 13:23 - 00000000 ____D () C:\Users\Allen\AppData\Local\Deployment
2014-09-11 07:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-11 06:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-10 18:31 - 2014-09-10 18:30 - 00000000 ____D () C:\AdwCleaner
2014-09-10 18:29 - 2014-09-10 18:29 - 01370467 _____ () C:\Users\Allen\Desktop\AdwCleaner.exe
2014-09-10 09:20 - 2014-09-10 09:20 - 00017408 ___SH () C:\Users\Allen\Downloads\Thumbs.db
2014-09-10 08:34 - 2014-07-27 08:07 - 01265152 ___SH () C:\Users\Allen\Desktop\Thumbs.db
2014-09-09 21:25 - 2014-09-09 21:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 21:25 - 2014-09-09 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 21:18 - 2014-09-09 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 21:08 - 2014-09-09 21:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allen\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 21:06 - 2014-09-09 07:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-09 21:05 - 2014-09-09 21:05 - 01016261 _____ (Thisisu) C:\Users\Allen\Desktop\JRT.exe
2014-09-09 08:47 - 2014-09-09 08:47 - 05185536 _____ (AVAST Software) C:\Users\Allen\Desktop\aswMBR.exe
2014-09-09 08:41 - 2014-09-09 08:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALLENTRANSIER-Microsoft-Windows-8.1-(64-bit).dat
2014-09-09 08:40 - 2014-09-09 08:40 - 00000000 ____D () C:\RegBackup
2014-09-09 08:39 - 2014-09-09 08:39 - 00002257 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-09 08:39 - 2014-09-09 08:39 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-09 08:30 - 2014-09-09 08:30 - 04057608 _____ () C:\Users\Allen\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-09 07:08 - 2014-09-09 06:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-09 06:45 - 2014-09-09 06:45 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 06:45 - 2014-09-09 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 06:45 - 2014-08-24 02:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 22:12 - 2014-09-08 22:12 - 00000000 ____D () C:\Windows\pss
2014-09-08 21:08 - 2014-09-08 21:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-08 21:02 - 2014-09-08 21:02 - 00002255 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00002221 _____ () C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Fast Browser
2014-09-08 21:02 - 2014-09-08 21:02 - 00000000 ____D () C:\Users\Allen\AppData\Local\Component
2014-09-08 11:10 - 2013-12-12 23:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 10:54 - 2013-08-22 10:46 - 00026388 _____ () C:\Windows\setupact.log
2014-09-08 09:11 - 2014-07-25 08:45 - 00000000 ____D () C:\Users\Allen\AppData\Local\Packages
2014-09-07 12:13 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\HW
2014-09-02 07:30 - 2014-09-02 07:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-31 09:53 - 2013-08-22 10:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 07:20 - 2014-07-26 10:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 05:49 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-24 03:01 - 2014-08-24 03:01 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Avira
2014-08-24 02:55 - 2014-07-25 15:48 - 00000000 ____D () C:\Users\Allen\Desktop\MISC
2014-08-24 02:54 - 2014-04-08 09:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-24 02:50 - 2014-08-24 02:47 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 02:47 - 2014-08-24 02:47 - 00000000 ____D () C:\Users\Allen\AppData\Roaming\Mozilla
2014-08-24 02:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-24 02:46 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-22 20:42 - 2014-08-28 05:29 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 10:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-15 22:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-15 10:30 - 2014-08-24 02:50 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-24 02:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-14 17:06 - 2014-07-26 13:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 17:05 - 2014-07-26 13:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:38 - 2013-12-12 22:35 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-14 15:36 - 2014-07-28 13:23 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-14 15:36 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:36 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:36 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:35 - 2014-07-27 07:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:35 - 2014-07-27 07:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:35 - 2013-12-12 22:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:35 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:35 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:35 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:35 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:35 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:35 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:35 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:35 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:35 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

Some content of TEMP:
====================
C:\Users\Allen\AppData\Local\Temp\avgnt.exe
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-05 11:25

==================== End Of Log ============================

ken545 · Sep 11, 2014

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64) either in a directory you saved frst.exe (or frst64.exe)or on your desktop if thats where you saved it

Code:

Start
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Post the log from the fix and then let me know how your system is behaving now , things ok with Chome ?

Et Cetera · Sep 11, 2014

When I ran the FRST fix, Avira popped up and said "host file blocked" right after FRST finished. fyi

After restart, I opened Chrome and Safesearch came up as the homepage, but the "open a specific page" and default search engine are still listed as bing, without SS being listed.

I then closed Chrome and reopened it, and Bing was the startup page.

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Allen at 2014-09-11 08:09:55 Run:3
Running from C:\Users\Allen\Desktop\FRST 3
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140908-135-ch
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe
Hosts:
EmptyTemp:
End
*****************

Chrome HomePage deleted successfully.
C:\Users\Allen\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 25.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

ken545 · Sep 11, 2014

About the hosts file, your AV or another program is blocking it from being changed and thats good, if we cant change it then neither can the bad guys, as long as your not being redirected in your web searches then its most likely ok

Et Cetera · Sep 11, 2014

So everything's fine except the SS startup page? I'm not planning on ever using the Safesearch search function or anything, but *should* I ensure that I never use it? Just wondering in case someone else fires up Chrome on this computer and starts typing away in the SS search field on startup.

ken545 · Sep 11, 2014

When you say SS Start page are you referring to Safesearch ? What browser is that start page on ?

Et Cetera · Sep 11, 2014

When I open Chrome initially, bing is the startup page. When I click New Tab, Safesearch comes up.

However, in IE it initially opens to Safesearch, but clicking New Tab comes up with about:blank (because we restored the IE settings earlier).

ken545 · Sep 11, 2014

You did this right ?

Open Chrome
Click the Chrome menu

on the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Safesearch and select Delete

Click the Chrome menu

on the browser toolbar.
Click on Settings
Open a specific page or set of pages.
Set Pages
Remove Safesearch if present
You can copy and paste the url from a page you like or if you have that page open select use current
OK your way out and close chome.
Reopen Chrome and make sure your start page is the one you want

Et Cetera · Sep 11, 2014

Yes, Safesearch is nowhere in those lists. It was there right after re-installing Chrome, but once we removed it from those lists, it persists when opening New Tab. I've been checking these settings every time we make a change to see if Safesearch reappears in the lists, but it never does. So long story short, IE and Chrome don't have Safesearch listed as initial startup pages/new tabs but they do still come up.

Safesearch infection

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member