Hi again Joe!
Resetting Chrome didn't do it. I finally re-installed, and that fixed the problem. Lousy way to have do do it, but I did export all the bookmarks, so all is good.
Still getting the redirect in Explorer, it must be set to load some local page that overides the home page somewhere.
Here's the FRST.txt file:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Joyce McEachern 2 (administrator) on CRAFTY on 18-05-2014 17:56:42
Running from C:\Users\Joyce McEachern\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_2.0.1404.1723_x86__8wekyb3d8bbwe\Taptiles.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-26] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-26] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> C:\Users\Joyce McEachern\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {6097BA1E-EA64-4BFD-8552-16337C2FC9A0} URL =
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Joyce McEachern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-10-28] (IvoSoft)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-09] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-09] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-26] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-18 17:56 - 2014-05-18 17:56 - 00018500 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-18 17:51 - 2014-05-18 17:56 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 17:51 - 2014-05-18 17:56 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:51 - 2014-05-18 17:56 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:48 - 2014-05-18 17:50 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-16 10:25 - 2014-05-18 17:56 - 00000000 ____D () C:\FRST
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 00:12 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-15 00:12 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-15 00:12 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-15 00:12 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-15 00:12 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-15 00:12 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-15 00:12 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-15 00:12 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 00:12 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-15 00:12 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-15 00:12 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-15 00:12 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-15 00:12 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-15 00:12 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-15 00:12 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-15 00:12 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-15 00:12 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-15 00:12 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-15 00:12 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-15 00:12 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-15 00:12 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-15 00:12 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-15 00:12 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-15 00:12 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-15 00:11 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-15 00:11 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-15 00:11 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-15 00:10 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-15 00:10 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 18:27 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 17:52 - 2014-05-18 17:31 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 17:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Mozilla
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-14 17:52 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-14 17:52 - 2014-02-09 21:01 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-14 17:52 - 2012-10-06 09:13 - 00001151 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-05-14 17:52 - 2010-12-19 01:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:59 - 2014-05-18 17:51 - 01292744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-14 07:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-14 07:41 - 2014-05-14 07:54 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 04:27 - 2014-05-13 04:30 - 00000000 ____D () C:\cce_linux
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:39 - 2014-05-11 20:58 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-18 17:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-11 20:35 - 2014-05-11 20:45 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-10 22:13 - 2014-05-13 13:17 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:56 - 2014-05-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-10 21:56 - 2014-05-13 13:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-09 21:51 - 2014-05-09 21:59 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:05 - 2014-05-18 17:37 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2014-05-15 23:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-09 19:45 - 2014-02-25 15:30 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 19:32 - 2014-05-09 19:31 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 19:31 - 2014-05-09 19:32 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 18:37 - 2014-05-13 07:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 12:26 - 2014-05-09 18:42 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-04-27 09:19 - 2014-05-09 18:31 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-05-09 21:23 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 22:01 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-04-26 21:53 - 2014-05-17 08:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 12:08 - 2014-05-09 19:36 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 15:52 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-04-20 15:52 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-04-20 15:52 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-04-20 15:51 - 2014-04-20 15:52 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
==================== One Month Modified Files and Folders =======
2014-05-18 17:57 - 2012-11-12 16:04 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-976370131-2331909618-2087438408-1002
2014-05-18 17:56 - 2014-05-18 17:56 - 00018500 _____ () C:\Users\Joyce McEachern\Desktop\FRST.txt
2014-05-18 17:56 - 2014-05-18 17:51 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 17:56 - 2014-05-18 17:51 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 17:56 - 2014-05-18 17:51 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 17:56 - 2014-05-16 10:25 - 00000000 ____D () C:\FRST
2014-05-18 17:51 - 2014-05-18 17:51 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 17:51 - 2014-05-18 17:51 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-18 17:51 - 2014-05-18 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 17:51 - 2014-05-14 07:59 - 01292744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-18 17:51 - 2012-11-12 16:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 17:51 - 2012-11-12 16:04 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Google
2014-05-18 17:50 - 2014-05-18 17:48 - 38410256 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeStandaloneSetup.exe
2014-05-18 17:37 - 2014-05-09 20:05 - 00000369 _____ () C:\Users\Joyce McEachern\AppData\Local\RegisteredPackageInformation.xml
2014-05-18 17:37 - 2014-02-10 09:14 - 00000000 __RDO () C:\Users\Joyce McEachern\SkyDrive
2014-05-18 17:37 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-18 17:36 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-18 17:33 - 2014-05-18 17:33 - 00918672 _____ (Google Inc.) C:\Users\Joyce McEachern\Downloads\ChromeSetup.exe
2014-05-18 17:32 - 2014-05-18 17:32 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Deployment
2014-05-18 17:31 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-18 17:29 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-18 17:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9A00CD79-AA8B-4A66-B834-C09FD1EDCC53}.job
2014-05-18 17:25 - 2013-12-24 18:25 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {06A0F5CE-62A6-4D5A-AAB5-DFCD7FADBFB0}.job
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 17:16 - 2012-11-12 15:58 - 00000000 ___RD () C:\Users\Joyce McEachern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 17:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 17:08 - 2014-05-18 17:08 - 00051481 _____ () C:\Users\Joyce McEachern\Desktop\bookmarks_5_18_14.html
2014-05-18 17:08 - 2014-05-11 20:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-18 17:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-18 17:04 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-18 08:18 - 2014-05-18 08:18 - 00000117 _____ () C:\Users\Joyce McEachern\Desktop\Need Sanity check- Did I clean everything- - Page 2 - Virus, Spyware, Malware Removal.url
2014-05-17 08:41 - 2014-04-26 21:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 08:40 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-05-17 08:38 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-16 10:25 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-16 10:24 - 2014-05-16 10:24 - 02067456 _____ (Farbar) C:\Users\Joyce McEachern\Desktop\FRST64.exe
2014-05-15 23:00 - 2014-05-09 20:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-05-15 02:13 - 2013-08-04 21:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-14 19:16 - 2013-08-13 22:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 19:14 - 2012-11-13 19:51 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 18:26 - 2014-05-14 18:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-14 18:14 - 2013-08-04 21:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:08 - 2014-02-09 20:58 - 00000000 ____D () C:\Users\Joyce McEachern
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 17:52 - 2014-05-14 17:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 09:31 - 2014-05-14 09:31 - 00000000 ____D () C:\_OTL
2014-05-14 08:04 - 2014-05-14 08:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 08:02 - 2014-05-14 08:02 - 01016261 _____ (Thisisu) C:\Users\Joyce McEachern\Desktop\JRT.exe
2014-05-14 07:54 - 2014-05-14 07:41 - 00000000 ____D () C:\AdwCleaner
2014-05-14 07:39 - 2014-05-14 07:39 - 01325827 _____ () C:\Users\Joyce McEachern\Desktop\adwcleaner.exe
2014-05-14 07:39 - 2013-02-07 21:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 13:32 - 2014-05-13 13:32 - 00602112 _____ (OldTimer Tools) C:\Users\Joyce McEachern\Desktop\OTL.exe
2014-05-13 13:20 - 2014-05-10 21:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-13 13:17 - 2014-05-10 22:13 - 00000166 _____ () C:\WINDOWS\wininit.ini
2014-05-13 13:17 - 2014-05-10 21:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-13 07:15 - 2014-02-10 13:23 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74C59E82-1FDD-4855-9DC9-C954424F52F1}
2014-05-13 07:09 - 2014-05-09 18:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 04:30 - 2014-05-13 04:27 - 00000000 ____D () C:\cce_linux
2014-05-11 20:58 - 2014-05-11 20:39 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-11 20:45 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Avg2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\TuneUp Software
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\AVG2014
2014-05-11 20:40 - 2014-05-11 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-11 20:40 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ___HD () C:\$AVG
2014-05-11 20:39 - 2014-05-11 20:39 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-11 20:35 - 2014-05-11 20:35 - 04485528 _____ (AVG Technologies) C:\Users\Joyce McEachern\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-11 20:35 - 2014-05-11 20:35 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\MFAData
2014-05-11 20:33 - 2012-10-06 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-05-11 19:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-10 22:13 - 2012-10-06 09:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-10 21:45 - 2014-05-10 21:45 - 00000000 ____D () C:\Users\Joyce McEachern\Downloads\backups
2014-05-10 21:36 - 2012-11-12 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\VirtualStore
2014-05-10 18:22 - 2014-05-10 18:22 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\Intel_Corporation
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-05-10 18:20 - 2014-02-09 20:54 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-05-09 21:59 - 2014-05-09 21:51 - 00000000 ____D () C:\Users\Joyce McEachern\Doctor Web
2014-05-09 21:42 - 2012-10-06 08:48 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-05-09 21:23 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\cache
2014-05-09 21:11 - 2014-02-09 23:51 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-09 21:08 - 2014-05-09 21:08 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-09 21:08 - 2014-05-09 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-09 20:52 - 2014-02-09 20:53 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-09 20:19 - 2014-02-12 17:32 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2\AppData\Local\Packages
2014-05-09 20:04 - 2014-05-09 20:04 - 00000000 ____D () C:\Users\Joyce McEachern 2
2014-05-09 20:03 - 2012-10-06 09:01 - 00000000 ____D () C:\Program Files\Lenovo
2014-05-09 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2014-05-09 19:55 - 2013-08-22 09:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-05-09 19:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-09 19:36 - 2014-04-21 12:08 - 00000000 ____D () C:\ProgramData\d8b241c0b0684db9
2014-05-09 19:32 - 2014-05-09 19:31 - 00430410 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.txt
2014-05-09 19:31 - 2014-05-09 19:32 - 01201864 _____ () C:\Users\Joyce McEachern\Documents\malware-scan.xml
2014-05-09 18:42 - 2014-04-27 12:26 - 00000702 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-05-09 18:37 - 2014-05-09 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 18:31 - 2014-04-27 09:19 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-05-06 00:40 - 2014-05-15 00:11 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-15 00:11 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-15 00:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 00:11 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 16:23 - 2014-05-03 16:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 16:30 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 21:00 - 2014-04-27 21:00 - 00000043 _____ () C:\Users\Joyce McEachern\AppData\Roaming\WB.CFG
2014-04-27 20:26 - 2014-04-27 20:26 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\SlimWare Utilities Inc
2014-04-27 20:25 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-27 09:19 - 2014-04-27 09:19 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\IsolatedStorage
2014-04-26 22:31 - 2014-04-26 22:31 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Local\com
2014-04-26 22:02 - 2014-04-26 22:02 - 00000000 ____D () C:\Users\Joyce McEachern\.android
2014-04-26 21:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-04-21 14:54 - 2012-11-13 19:14 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\vlc
2014-04-20 15:57 - 2014-04-20 15:57 - 00000000 ____D () C:\Users\Joyce McEachern\AppData\Roaming\Oracle
2014-04-20 15:56 - 2013-10-21 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 15:52 - 2014-04-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 15:52 - 2014-04-20 15:51 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 15:52 - 2013-06-24 17:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-14 19:11
==================== End Of Log ============================
Thanks,
Jim