Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Sanity check: Did I clean everything?


  • Please log in to reply

#16
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

here's the fixlog.txt:

 

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 at 2014-05-17 08:40:07 Run:1
Running from C:\Users\Joyce McEachern\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [jgapnhijgmmehljdkfkojcoefcddinjl] - C:/Program Files (x86)/Yaimo/yaimo.crx [2014-03-29]
CHR Extension: (Yaimo extension) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl [2014-05-16]
2014-04-26 22:00 - 2014-04-26 22:00 - 00002674 _____ () C:\WINDOWS\System32\Tasks\Price Meter Updater
2014-04-26 21:50 - 2014-04-26 21:51 - 00003534 _____ () C:\WINDOWS\System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1
Task: {06444F70-9E5A-4AAC-9D4D-C6BA185D7B82} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {122FE0E6-E2DB-45EA-9F7C-EFC12C7A31FD} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {21D708A3-8EC4-493D-B02A-D8BD7A2A32CB} - System32\Tasks\Price Meter Updater => C:\Users\JOYCEM~1\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {24D80345-9ECD-4409-A9F7-99E35D870263} - System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {3E8F4085-D6CA-4A7F-B07E-202B3FFB5F84} - \pricemetertask No Task File <==== ATTENTION
Task: {72CC9FD8-61B9-4626-9417-E5A8D505B888} - \MySearchDial No Task File <==== ATTENTION
Task: {83A4B37F-9900-4D09-96A3-CE2D6738508F} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {90FCC687-C4BD-4EBE-BD52-6875327BB42D} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {C998A2BC-DFEE-45EC-BFDE-298A14DFF3ED} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {E606C0F2-7731-45C3-B06E-62D620AD3054} - \LaunchApp No Task File <==== ATTENTION
Task: {E6C097A1-78C6-4FAF-8A5B-B02C71277727} - \APSnotifierPP1 No Task File <==== ATTENTION
*****************
 
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl => Key deleted successfully.
Could not move "C:/Program Files (x86)/Yaimo/yaimo.crx" => Scheduled to move on reboot.
C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapnhijgmmehljdkfkojcoefcddinjl => Moved successfully.
C:\WINDOWS\System32\Tasks\Price Meter Updater => Moved successfully.
C:\WINDOWS\System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06444F70-9E5A-4AAC-9D4D-C6BA185D7B82} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06444F70-9E5A-4AAC-9D4D-C6BA185D7B82} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{122FE0E6-E2DB-45EA-9F7C-EFC12C7A31FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{122FE0E6-E2DB-45EA-9F7C-EFC12C7A31FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21D708A3-8EC4-493D-B02A-D8BD7A2A32CB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21D708A3-8EC4-493D-B02A-D8BD7A2A32CB} => Key deleted successfully.
C:\Windows\System32\Tasks\Price Meter Updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Meter Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24D80345-9ECD-4409-A9F7-99E35D870263} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24D80345-9ECD-4409-A9F7-99E35D870263} => Key deleted successfully.
C:\Windows\System32\Tasks\35c01418-e0a6-4915-805b-e29ce589ad45-1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\35c01418-e0a6-4915-805b-e29ce589ad45-1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E8F4085-D6CA-4A7F-B07E-202B3FFB5F84} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E8F4085-D6CA-4A7F-B07E-202B3FFB5F84} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemetertask => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72CC9FD8-61B9-4626-9417-E5A8D505B888} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72CC9FD8-61B9-4626-9417-E5A8D505B888} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83A4B37F-9900-4D09-96A3-CE2D6738508F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83A4B37F-9900-4D09-96A3-CE2D6738508F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90FCC687-C4BD-4EBE-BD52-6875327BB42D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90FCC687-C4BD-4EBE-BD52-6875327BB42D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterwatcher => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C998A2BC-DFEE-45EC-BFDE-298A14DFF3ED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C998A2BC-DFEE-45EC-BFDE-298A14DFF3ED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E606C0F2-7731-45C3-B06E-62D620AD3054} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E606C0F2-7731-45C3-B06E-62D620AD3054} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6C097A1-78C6-4FAF-8A5B-B02C71277727} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6C097A1-78C6-4FAF-8A5B-B02C71277727} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-17 08:41:45)<=
 
"C:/Program Files (x86)/Yaimo/yaimo.crx" => File could not move.
 
==== End of Fixlog ====
 
Yiamo now appears to be gone from Chrome, but the yaimo page still appears in Explorer, even if I set a new default home page. Interestingly, if I hit the home button after explorer comes up and display yaimo, it then goes to the home page I set.
 
Permissions problem is still there with Chrome.
 
Thanks,
 
Jim

  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello Jim,


Lets try resetting chrome,
Please follow these instructions here to reset chrome.

Also Post a new FRST Log, that is,
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

    Thanks
    Joe :)

  • 0

#18
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi again Joe!  :geek:

 

Resetting Chrome didn't do it. I finally re-installed, and that fixed the problem. Lousy way to have do do it, but I did export all the bookmarks, so all is good.

 

Still getting the redirect in Explorer, it must be set to load some local page that overides the home page somewhere.

 

Here's the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 (administrator) on CRAFTY on 18-05-2014 17:56:42
Running from C:\Users\Joyce McEachern\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_2.0.1404.1723_x86__8wekyb3d8bbwe\Taptiles.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-26] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-26] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://slashdot.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
SearchScopes: HKLM - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
SearchScopes: HKCU - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = 
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://games.ca.zone...on.cab64162.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-10-28] (IvoSoft)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-09] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-09] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-26] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-18 17:56 - 2014-05-18 17:56 - 00018500 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-18 17:51 - 2014-05-18 17:56 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 17:51 - 2014-05-18 17:56 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:51 - 2014-05-18 17:56 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:48 - 2014-05-18 17:50 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-16 10:25 - 2014-05-18 17:56 - 00000000 ____D () C:\FRST
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 00:12 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-15 00:12 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-15 00:12 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-15 00:12 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-15 00:12 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-15 00:12 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-15 00:12 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-15 00:12 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-15 00:12 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-15 00:12 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-15 00:12 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-15 00:12 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-15 00:12 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-15 00:12 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-15 00:12 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-15 00:12 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-15 00:11 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-15 00:11 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-15 00:10 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-15 00:10 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 17:52 - 2014-05-18 17:31 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 17:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Mozilla
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-14 17:52 - 2014-02-09 21:01 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-14 17:52 - 2012-10-06 09:13 - 00001151 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-05-14 17:52 - 2010-12-19 01:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:59 - 2014-05-18 17:51 - 01292744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-14 07:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-14 07:41 - 2014-05-14 07:54 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 04:27 - 2014-05-13 04:30 - 00000000 ____D () C:\cce_linux
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:39 - 2014-05-11 20:58 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-18 17:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-11 20:35 - 2014-05-11 20:45 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-10 22:13 - 2014-05-13 13:17 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:56 - 2014-05-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-10 21:56 - 2014-05-13 13:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-09 21:51 - 2014-05-09 21:59 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:05 - 2014-05-18 17:37 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2014-05-15 23:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-09 19:45 - 2014-02-25 15:30 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 19:32 - 2014-05-09 19:31 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 19:31 - 2014-05-09 19:32 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 18:37 - 2014-05-13 07:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 12:26 - 2014-05-09 18:42 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-04-27 09:19 - 2014-05-09 18:31 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-05-09 21:23 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 22:01 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-26 21:53 - 2014-05-17 08:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 12:08 - 2014-05-09 19:36 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 15:52 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-04-20 15:52 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-04-20 15:52 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-04-20 15:51 - 2014-04-20 15:52 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-18 17:57 - 2012-11-12 16:04 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-976370131-2331909618-2087438408-1002
2014-05-18 17:56 - 2014-05-18 17:56 - 00018500 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-18 17:56 - 2014-05-18 17:51 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 17:56 - 2014-05-18 17:51 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:56 - 2014-05-18 17:51 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 17:56 - 2014-05-16 10:25 - 00000000 ____D () C:\FRST
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:51 - 2014-05-14 07:59 - 01292744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-18 17:51 - 2012-11-12 16:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 17:51 - 2012-11-12 16:04 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Google
2014-05-18 17:50 - 2014-05-18 17:48 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:37 - 2014-05-09 20:05 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-18 17:37 - 2014-02-10 09:14 - 00000000 __RDO () C:\Users\Joyce McEachern\SkyDrive
2014-05-18 17:37 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-18 17:36 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:31 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-18 17:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 17:08 - 2014-05-11 20:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-18 17:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-18 17:04 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-17 08:41 - 2014-04-26 21:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 08:40 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-05-17 08:38 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-16 10:25 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 23:00 - 2014-05-09 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-15 02:13 - 2013-08-04 21:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-14 19:16 - 2013-08-13 22:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 19:14 - 2012-11-13 19:51 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 18:14 - 2013-08-04 21:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:08 - 2014-02-09 20:58 - 00000000 ____D () C:\Users\Joyce McEachern
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:54 - 2014-05-14 07:41 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-14 07:39 - 2013-02-07 21:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 13:20 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-13 13:17 - 2014-05-10 22:13 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-13 13:17 - 2014-05-10 21:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-13 07:15 - 2014-02-10 13:23 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74C59E82-1FDD-4855-9DC9-C954424F52F1}
2014-05-13 07:09 - 2014-05-09 18:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 04:30 - 2014-05-13 04:27 - 00000000 ____D () C:\cce_linux
2014-05-11 20:58 - 2014-05-11 20:39 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:45 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:40 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-11 20:33 - 2012-10-06 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-05-11 19:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-10 22:13 - 2012-10-06 09:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 21:36 - 2012-11-12 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\VirtualStore
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-05-09 21:59 - 2014-05-09 21:51 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:42 - 2012-10-06 08:48 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-05-09 21:23 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-05-09 21:11 - 2014-02-09 23:51 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:52 - 2014-02-09 20:53 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-09 20:19 - 2014-02-12 17:32 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2012-10-06 09:01 - 00000000 ____D () C:\Program Files\Lenovo
2014-05-09 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2014-05-09 19:55 - 2013-08-22 09:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-05-09 19:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-09 19:36 - 2014-04-21 12:08 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-05-09 19:32 - 2014-05-09 19:31 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 19:31 - 2014-05-09 19:32 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 18:42 - 2014-04-27 12:26 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 18:31 - 2014-04-27 09:19 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-05-06 00:40 - 2014-05-15 00:11 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-15 00:11 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-15 00:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 00:11 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 16:30 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 21:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-04-21 14:54 - 2012-11-13 19:14 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\vlc
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:56 - 2013-10-21 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-20 15:51 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 15:52 - 2013-06-24 17:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-14 19:11
 
==================== End Of Log ============================
 
Thanks,
 
Jim

  • 0

#19
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Oops, word wrap was on...

 

let's try again....

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 (administrator) on CRAFTY on 18-05-2014 17:56:42
Running from C:\Users\Joyce McEachern\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_2.0.1404.1723_x86__8wekyb3d8bbwe\Taptiles.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-26] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-26] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://slashdot.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
SearchScopes: HKLM - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
SearchScopes: HKCU - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = 
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://games.ca.zone...on.cab64162.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-10-28] (IvoSoft)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-09] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-09] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-26] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-18 17:56 - 2014-05-18 17:56 - 00018500 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-18 17:51 - 2014-05-18 17:56 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 17:51 - 2014-05-18 17:56 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:51 - 2014-05-18 17:56 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:48 - 2014-05-18 17:50 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-16 10:25 - 2014-05-18 17:56 - 00000000 ____D () C:\FRST
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 00:12 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-15 00:12 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-15 00:12 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-15 00:12 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-15 00:12 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-15 00:12 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-15 00:12 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-15 00:12 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-15 00:12 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-15 00:12 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-15 00:12 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-15 00:12 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-15 00:12 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-15 00:12 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-15 00:12 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-15 00:12 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-15 00:11 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-15 00:11 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-15 00:10 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-15 00:10 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 17:52 - 2014-05-18 17:31 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 17:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Mozilla
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-14 17:52 - 2014-02-09 21:01 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-14 17:52 - 2012-10-06 09:13 - 00001151 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-05-14 17:52 - 2010-12-19 01:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:59 - 2014-05-18 17:51 - 01292744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-14 07:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-14 07:41 - 2014-05-14 07:54 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 04:27 - 2014-05-13 04:30 - 00000000 ____D () C:\cce_linux
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:39 - 2014-05-11 20:58 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-18 17:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-11 20:35 - 2014-05-11 20:45 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-10 22:13 - 2014-05-13 13:17 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:56 - 2014-05-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-10 21:56 - 2014-05-13 13:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-09 21:51 - 2014-05-09 21:59 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:05 - 2014-05-18 17:37 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2014-05-15 23:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-09 19:45 - 2014-02-25 15:30 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 19:32 - 2014-05-09 19:31 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 19:31 - 2014-05-09 19:32 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 18:37 - 2014-05-13 07:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 12:26 - 2014-05-09 18:42 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-04-27 09:19 - 2014-05-09 18:31 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-05-09 21:23 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 22:01 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-26 21:53 - 2014-05-17 08:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 12:08 - 2014-05-09 19:36 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 15:52 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-04-20 15:52 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-04-20 15:52 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-04-20 15:51 - 2014-04-20 15:52 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-18 17:57 - 2012-11-12 16:04 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-976370131-2331909618-2087438408-1002
2014-05-18 17:56 - 2014-05-18 17:56 - 00018500 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-18 17:56 - 2014-05-18 17:51 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 17:56 - 2014-05-18 17:51 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:56 - 2014-05-18 17:51 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 17:56 - 2014-05-16 10:25 - 00000000 ____D () C:\FRST
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:51 - 2014-05-14 07:59 - 01292744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-18 17:51 - 2012-11-12 16:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 17:51 - 2012-11-12 16:04 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Google
2014-05-18 17:50 - 2014-05-18 17:48 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:37 - 2014-05-09 20:05 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-18 17:37 - 2014-02-10 09:14 - 00000000 __RDO () C:\Users\Joyce McEachern\SkyDrive
2014-05-18 17:37 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-18 17:36 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:31 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-18 17:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 17:08 - 2014-05-11 20:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-18 17:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-18 17:04 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-17 08:41 - 2014-04-26 21:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 08:40 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-05-17 08:38 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-16 10:25 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 23:00 - 2014-05-09 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-15 02:13 - 2013-08-04 21:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-14 19:16 - 2013-08-13 22:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 19:14 - 2012-11-13 19:51 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 18:14 - 2013-08-04 21:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:08 - 2014-02-09 20:58 - 00000000 ____D () C:\Users\Joyce McEachern
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:54 - 2014-05-14 07:41 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-14 07:39 - 2013-02-07 21:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 13:20 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-13 13:17 - 2014-05-10 22:13 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-13 13:17 - 2014-05-10 21:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-13 07:15 - 2014-02-10 13:23 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74C59E82-1FDD-4855-9DC9-C954424F52F1}
2014-05-13 07:09 - 2014-05-09 18:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 04:30 - 2014-05-13 04:27 - 00000000 ____D () C:\cce_linux
2014-05-11 20:58 - 2014-05-11 20:39 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:45 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:40 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-11 20:33 - 2012-10-06 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-05-11 19:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-10 22:13 - 2012-10-06 09:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 21:36 - 2012-11-12 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\VirtualStore
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-05-09 21:59 - 2014-05-09 21:51 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:42 - 2012-10-06 08:48 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-05-09 21:23 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-05-09 21:11 - 2014-02-09 23:51 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:52 - 2014-02-09 20:53 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-09 20:19 - 2014-02-12 17:32 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2012-10-06 09:01 - 00000000 ____D () C:\Program Files\Lenovo
2014-05-09 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2014-05-09 19:55 - 2013-08-22 09:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-05-09 19:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-09 19:36 - 2014-04-21 12:08 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-05-09 19:32 - 2014-05-09 19:31 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 19:31 - 2014-05-09 19:32 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 18:42 - 2014-04-27 12:26 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 18:31 - 2014-04-27 09:19 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-05-06 00:40 - 2014-05-15 00:11 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-15 00:11 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-15 00:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 00:11 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 16:30 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 21:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-04-21 14:54 - 2012-11-13 19:14 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\vlc
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:56 - 2013-10-21 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-20 15:51 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 15:52 - 2013-06-24 17:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-14 19:11
 
==================== End Of Log ============================

  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi Jim,

That would have been my next suggestion with Chrome. I'm still seeing this in Chrome too. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
I believe the profile was or is corrupted in Chrome.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run this fix please

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
1- Click Format and ensure Wordwrap is unchecked.
2- Save as Fixlist.txt to your Desktop (Must be in this location)
3- Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
4- The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Uninstall the programs that you downloaded to try and fix things with, spybot, doctorweb etc...

Then once again reset your home page in Internet Explorer. I'm wondering if spybot is interfering with home page someway, we may need to reset Internet Explorer 11.

Post a fresh (FRST.txt) Log I want to see if the policy restriction is gone from Chrome.

Thanks
Joe :)
  • 0

#21
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

all the clean-up programs were already uninstalled. I did a check through and removed leftover directories, just in case that had an effect. Did a reset of IE, no effect.

 

I noticed that in C:\Program Files (x86), there is a Yaimo directory. I renamed to YYaimo, no effect. Inside that directory is another,

C:\Program Files (x86)\YYaimo\jgapnhijgmmehljdkfkojcoefcddinjl, which has a bunch of files in it, as well as yaimo.crx. Maybe that's what is causing the trouble, although I would think the rename would avoid that.

 

I was browsing the registry (NOT editing!) looking for a local page setting in IE. Didn't find one, but noticed that there some local service keys lying around for pricemeterliveUpdatem. Don't know if they are malware lying around, but thought I'd mention it.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 at 2014-05-19 09:17:51 Run:2
Running from C:\Users\Joyce McEachern\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
 
==== End of Fixlog ====
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 (administrator) on CRAFTY on 19-05-2014 09:32:53
Running from C:\Users\Joyce McEachern\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-26] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-26] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM - DefaultScope {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
SearchScopes: HKLM - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL = http://www.bing.com/...E10TR&pc=MALNJS
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://games.ca.zone...on.cab64162.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-10-28] (IvoSoft)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-09] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-09] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-26] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-19 09:32 - 2014-05-19 09:32 - 00017625 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-19 09:31 - 2014-05-19 09:31 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-19 09:31 - 2014-05-19 09:31 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-19 09:27 - 2014-05-19 09:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-05-19 09:27 - 2014-05-19 09:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-05-18 17:51 - 2014-05-19 09:32 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 17:51 - 2014-05-19 09:32 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 17:51 - 2014-05-18 20:56 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:48 - 2014-05-18 17:50 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-16 10:25 - 2014-05-19 09:32 - 00000000 ____D () C:\FRST
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 00:12 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-15 00:12 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-15 00:12 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-15 00:12 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-15 00:12 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-15 00:12 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-15 00:12 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-15 00:12 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-15 00:12 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-15 00:12 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-15 00:12 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-15 00:12 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-15 00:12 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-15 00:12 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-15 00:12 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-15 00:12 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-15 00:11 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-15 00:11 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-15 00:10 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-15 00:10 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 17:52 - 2014-05-18 17:31 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 17:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Mozilla
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-14 17:52 - 2014-02-09 21:01 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-14 17:52 - 2012-10-06 09:13 - 00001151 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-05-14 17:52 - 2010-12-19 01:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-14 07:41 - 2014-05-14 07:54 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 04:27 - 2014-05-13 04:30 - 00000000 ____D () C:\cce_linux
2014-05-11 20:40 - 2014-05-19 09:27 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-19 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:39 - 2014-05-11 20:58 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-19 09:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-11 20:35 - 2014-05-11 20:45 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-10 22:13 - 2014-05-13 13:17 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-09 21:51 - 2014-05-09 21:59 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:05 - 2014-05-19 09:31 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2014-05-15 23:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-09 19:45 - 2014-02-25 15:30 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 19:32 - 2014-05-09 19:31 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 19:31 - 2014-05-09 19:32 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 18:37 - 2014-05-13 07:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 12:26 - 2014-05-09 18:42 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-04-27 09:19 - 2014-05-09 18:31 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-05-09 21:23 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 22:01 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-26 21:53 - 2014-05-17 08:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 12:08 - 2014-05-09 19:36 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 15:52 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-04-20 15:52 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-04-20 15:52 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-04-20 15:51 - 2014-04-20 15:52 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
 
==================== One Month Modified Files and Folders =======
 
2014-05-19 09:33 - 2014-05-19 09:32 - 00017625 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-19 09:32 - 2014-05-18 17:51 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-19 09:32 - 2014-05-18 17:51 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 09:32 - 2014-05-16 10:25 - 00000000 ____D () C:\FRST
2014-05-19 09:31 - 2014-05-19 09:31 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-19 09:31 - 2014-05-19 09:31 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-19 09:31 - 2014-05-11 20:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-19 09:31 - 2014-05-09 20:05 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-19 09:31 - 2014-02-10 09:14 - 00000000 __RDO () C:\Users\Joyce McEachern\SkyDrive
2014-05-19 09:31 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-19 09:30 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-19 09:27 - 2014-05-19 09:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-05-19 09:27 - 2014-05-19 09:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-05-19 09:27 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-19 09:27 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-19 09:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-19 09:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-19 09:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-19 09:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-19 09:25 - 2012-11-12 16:04 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-976370131-2331909618-2087438408-1002
2014-05-19 09:13 - 2013-08-04 21:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-19 09:10 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-19 09:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-18 20:56 - 2014-05-18 17:51 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:51 - 2012-11-12 16:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 17:51 - 2012-11-12 16:04 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Google
2014-05-18 17:50 - 2014-05-18 17:48 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:31 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-17 08:41 - 2014-04-26 21:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 08:40 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-05-17 08:38 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-16 10:25 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 23:00 - 2014-05-09 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-14 19:16 - 2013-08-13 22:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 19:14 - 2012-11-13 19:51 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 18:14 - 2013-08-04 21:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:08 - 2014-02-09 20:58 - 00000000 ____D () C:\Users\Joyce McEachern
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:54 - 2014-05-14 07:41 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-14 07:39 - 2013-02-07 21:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 13:17 - 2014-05-10 22:13 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-13 07:15 - 2014-02-10 13:23 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74C59E82-1FDD-4855-9DC9-C954424F52F1}
2014-05-13 07:09 - 2014-05-09 18:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 04:30 - 2014-05-13 04:27 - 00000000 ____D () C:\cce_linux
2014-05-11 20:58 - 2014-05-11 20:39 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:45 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-11 20:33 - 2012-10-06 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-05-11 19:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-10 22:13 - 2012-10-06 09:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 21:36 - 2012-11-12 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\VirtualStore
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-05-09 21:59 - 2014-05-09 21:51 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:42 - 2012-10-06 08:48 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-05-09 21:23 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-05-09 21:11 - 2014-02-09 23:51 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:52 - 2014-02-09 20:53 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-09 20:19 - 2014-02-12 17:32 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2012-10-06 09:01 - 00000000 ____D () C:\Program Files\Lenovo
2014-05-09 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2014-05-09 19:55 - 2013-08-22 09:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-05-09 19:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-09 19:36 - 2014-04-21 12:08 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-05-09 19:32 - 2014-05-09 19:31 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 19:31 - 2014-05-09 19:32 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 18:42 - 2014-04-27 12:26 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-05-09 18:31 - 2014-04-27 09:19 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-05-06 00:40 - 2014-05-15 00:11 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-15 00:11 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-15 00:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 00:11 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 16:30 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 21:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-04-21 14:54 - 2012-11-13 19:14 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\vlc
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:56 - 2013-10-21 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-20 15:51 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 15:52 - 2013-06-24 17:09 - 00000000 ____D () C:\Program Files (x86)\Java
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-14 19:11
 
==================== End Of Log ============================
 
Jim

  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello Jim,

Need to go out this evening, wanted to check in with you.

In post # 2 would you run Adwcleaner again, and junk removal tool. Post the logs please.

Joe
  • 0

#23
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

thanks for checking in. No problem, you are entitled to a life beyond responding to my beck and call you know!  :D

 

Here's the logs:

 

Adware Cleaner:

 

# AdwCleaner v3.210 - Report created 19/05/2014 at 20:31:35
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Joyce McEachern 2 - CRAFTY
# Running from : C:\Users\Joyce McEachern\Desktop\adwcleaner_3.210.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [16400 octets] - [14/05/2014 07:41:48]
AdwCleaner[R1].txt - [16461 octets] - [14/05/2014 07:52:49]
AdwCleaner[R2].txt - [2368 octets] - [19/05/2014 20:20:44]
AdwCleaner[R3].txt - [2428 octets] - [19/05/2014 20:29:41]
AdwCleaner[S0].txt - [13030 octets] - [14/05/2014 07:54:14]
AdwCleaner[S2].txt - [2349 octets] - [19/05/2014 20:31:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2409 octets] ##########
 
 
JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Joyce McEachern 2 on 2014-05-19 at 20:37:53.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-05-19 at 20:41:32.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Jim

  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi Jim,

Have we tried to reset Internet Explorer 11 yet,

http://support.microsoft.com/kb/923737

Joe.
  • 0

#25
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Jim,

Have we tried to reset Internet Explorer 11 yet,

http://support.microsoft.com/kb/923737

Joe.

Hi Joe,

 

I've tried a couple of times, same result. Yaimo.com search page keeps showing up when I start the program. 

It happens in both safe mode with networking, and with regular boot. If I click on the home button, it returns to the home page that was actually set.

 

This is one insidious puppy! I noticed one thing that may or may not be relevant. In the registry, IE has a reference to Local Page, set to windows\system32\blank.htm. That file doesn't exist in the directory, I've enable show hidden files, and show file extensions. 

 

I'm wondering If I should try an uninstall/reinstall. Actually in 8.1, you turn off IE, and then turn it on again, you can't actually uninstall it.

 

Other than the IE home page redirect, the rest of the system seems to be running fine. I'm just concerned because I can't get rid of it, and because IE is so embedded into the rest of the OS.

 

Jim


  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello Jim,

I'm wondering If I should try an uninstall/reinstall. Actually in 8.1, you turn off IE, and then turn it on again, you can't actually uninstall it.


I saw that too in Windows 8.1, Lets try it.

Joe
:)
  • 0

#27
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Well, that didn't work either. Turned off IE, ran a reg clean with CCleaner, turned back on. Back to Yaimo.com on the home page.

 

In addition, Chrome is doing the "can't read preferences" thing again, I have to click ok up to 6 times to get to a usable state. Uninstalls, cleans and installs don't help.

 

Even though Chrome says there are no extensions enabled, there are six directories in the extensions folder, all read only.

 

Totally removed Chrome, installed Comodo Dragon (Chrome-based) and the same problem appeared.

 

Getting tempted to do some "percussive maintenance" with a shotgun... :-) 

 

Jim


  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Are you doing this when we uninstall Chrome ?

delete your user profile information

https://support.goog...wer/95319?hl=en

Joe
  • 0

#29
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hello,

Are you doing this when we uninstall Chrome ?

delete your user profile information

https://support.goog...wer/95319?hl=en

Joe

 

Yep, that's the exact page I used! I also checked all user profiles appdata directories, and removed all Chrome entries, and did a reg clean before re-install.

 

Jim

(bet you're getting tired of me...)


  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Was AVG Anti Virus on the computer when you got it?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP