[gracek]

Won't boot in any mode. I was unable to uninstall Firefox, so I changed my start mode in msconfig to safe with minimal on windows 7. I am now stuck in a non functioning safe mode. No screen after seeing "loading in safe mode " info . I then did F8 and got into safe mode with the usual choices, but the curser was scrolling by itself (possessed). I got it to stop on start normally, but it didn't. Then I did system restore, went through the notions but still stuck in non functional safe mode. I DO believe it functions when I'm able to open the cmd prompt but I wouldn't know what to do with that. Neither my boot repair disk or my boot recovery disk do anything significant, same excessive scrolling then open to blank screen and the computer fan is going. I have to force shut down to try anything else so far .

I have been unable to change my bios to boot from CD to run the AVG cd, the cursor keeps flashing through all choices. i might try another keyboard tomorrow, but I don't think that is the problem. Isn't there a way I can get it to boot from CD without changing bios?

I do have another computer to make boot drivers from or anything if needed.
Any suggestions? Thanks...

Edited by gracek, 22 October 2013 - 07:57 PM.

[Advertisements]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

It is usually not a good idea to use MSConfig to get into safe mode, as you have found out. It can get stuck in a loop if something goes wrong.

Let's try this first. We are going to use a flash drive, so let's protect it from infection first. Please do this on your clean computer:


Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of your machine.

• Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
• At the configuration screen(settings)...
• Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
• Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
• Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).

Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.

Now, please download Farbar Recovery Scan Tool x64 and save it to the flash drive.


Plug the flashdrive into the infected PC and boot to Safe Mode with Command Prompt (I believe you said that you can get it to do this.)

• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
  
  
  
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Buddierdl]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

It is usually not a good idea to use MSConfig to get into safe mode, as you have found out. It can get stuck in a loop if something goes wrong.

Let's try this first. We are going to use a flash drive, so let's protect it from infection first. Please do this on your clean computer:


Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of your machine.

• Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
• At the configuration screen(settings)...
• Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
• Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
• Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).

Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.

Now, please download Farbar Recovery Scan Tool x64 and save it to the flash drive.


Plug the flashdrive into the infected PC and boot to Safe Mode with Command Prompt (I believe you said that you can get it to do this.)

• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
  
  
  
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[gracek]

Thank you, Old school msconfig was our friend I thought! Lesson learned!

I removed my second monitor and changed the port the keyboard was plugged into and the cursor quit scrolling. i can now enter safemode and probably change my boot order if needed now. When I started in safemode with cmd prompt, i was unable to see where my drive was. I started in safemode with networking and it came up with my normal screen. It also told me that the system restore I did was successful.

My computer does now start in the safemode I boot "safeboot minimal" now. I have not changed anything and will wait for response to change boot options.

I did have a virus some time ago, the FBI hijack thing, and went through extensive cleaning to get rid of it. I have not used my computer in a few months and I did suspect possible virus when I couldn't uninstall firefox and I got one odd security popup which I did not click on.

Here is the text you requested.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013
Ran by Grace (administrator) on GRACE-PC on 23-10-2013 12:35:23
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-14] (SUPERAntiSpyware)
HKCU\...\Run: [MobileAppSync] - "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-04] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Grace\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-12] (Google Inc.)
HKCU\...\Run: [mysms] - C:\Program Files (x86)\mysms\mysms.exe [702976 2013-06-04] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Grace\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\Grace\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-07-21] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Grace\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {506484B9-B227-49E2-87A1-BC53F22460A8} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {6BA6EA00-F135-4D70-ADE6-2C2A3244393A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Grace\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Grace\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Grace\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Grace\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.yahoo.com/", "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Advanced SystemCare 6) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DjVu Plugin Viewer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npdjvu.dll (Caminova, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (PACE Client Helper Plugin) - C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Facebook Desktop) - C:\Users\Grace\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\cichbngoomgnobmmjpagmbkimbamigie\0.3.3_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0
CHR Extension: (Google+) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjnaogkjbogokcnohkmnjdojkikgobo\1.115.1_0
CHR Extension: (Gmail Offline) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0
CHR Extension: (Google Calendar) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.37_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonkkonklnplheamfjiahcfkgdihjlng\4.0.0.0_0
CHR Extension: (Google Finance) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0
CHR Extension: (Drive Notepad) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj\1.2_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.0_0
CHR Extension: (AirDroid) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd\2.0.4_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbhiigbgcmeeknmajflllpcllcccheeb\1.5.0_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp\5.9_0
CHR Extension: (HootSuite) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0
CHR Extension: (Evernote Web) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0
CHR Extension: (Google Maps) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.15_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Chrome to Phone) - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.1.2_0
CHR Extension: () - C:\Users\Grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe [81920 2011-08-09] (Avid Technology, Inc.)
S4 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()
S4 MacDrive8ServiceD; C:\Program Files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe [167424 2010-06-07] (Mediafour Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S4 Panasonic Local Printer Service; C:\PROGRA~2\PANASO~1\LocalCom\lmsrvnt.exe [49152 2010-01-09] (Panasonic System Networks Co., Ltd.)
S4 Panasonic Trap Monitor Service; C:\PROGRA~2\PANASO~1\TRAPMO~1\Trapmnnt.exe [69632 2004-02-26] (Panasonic)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
S3 atillk64; C:\dell\drivers\R267410\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S2 CXIR; C:\Windows\System32\drivers\cxcir64.sys [44032 2010-07-13] (Conexant Systems, Inc.)
S3 CXPOLARIS; C:\Windows\System32\drivers\cxpolar64.sys [428288 2010-07-22] (Conexant Systems, Inc.)
S2 DVDRIVER; C:\Windows\System32\DRIVERS\dvdriver.sys [39240 2009-11-18] (Eagletron Inc.)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25720 2011-09-01] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
S3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [433168 2010-10-08] (Avid)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
S0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [306280 2010-05-18] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32352 2010-05-05] (Mediafour Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S1 RxFilter; C:\Windows\SysWow64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 A2DDA; \??\C:\Users\Grace\Desktop\emsisoftemergencykit\Run\a2ddax64.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 easytether; system32\DRIVERS\easytthr.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 12:34 - 2013-10-23 12:34 - 00000000 ____D C:\FRST
2013-10-22 21:16 - 2013-10-22 21:16 - 00003224 ____N C:\bootsqm.dat
2013-10-21 19:24 - 2013-10-21 19:24 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-21 19:05 - 2013-10-21 19:05 - 00009728 _____ C:\Users\Grace\Desktop\grace info oct 2013.wps
2013-10-21 19:03 - 2013-10-21 19:08 - 00000000 ____D C:\Users\Grace\Desktop\TAX 2009
2013-10-21 18:00 - 2013-10-21 18:12 - 00000000 ____D C:\AdwCleaner
2013-10-21 17:22 - 2013-05-02 13:46 - 00000119 _____ C:\Users\Grace\Desktop\Cosmos.txt
2013-10-19 11:24 - 2013-10-19 11:24 - 00017847 _____ C:\Users\Grace\Downloads\Moms Email contacts.xlsx
2013-10-19 10:56 - 2013-10-19 10:56 - 00021072 _____ C:\Users\Grace\Downloads\yahoo_ab.csv
2013-10-18 11:21 - 2013-10-18 11:21 - 00000000 ____D C:\Program Files (x86)\Twitter
2013-10-18 11:20 - 2013-10-18 11:20 - 29259264 _____ C:\Users\Grace\Downloads\TweetDeck.msi
2013-10-18 11:04 - 2013-10-18 11:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-18 11:04 - 2013-10-18 11:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-18 11:04 - 2013-10-18 11:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-18 11:04 - 2013-10-18 11:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-14 21:05 - 2013-10-21 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-14 21:05 - 2013-10-14 21:05 - 00001077 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-14 21:01 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-14 21:01 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-14 21:01 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-14 21:01 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-14 21:01 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-14 21:01 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-14 21:01 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-14 20:24 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-14 20:24 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-14 20:24 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-14 20:24 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-14 20:24 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-14 20:24 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-14 20:24 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-14 20:24 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-14 20:24 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-14 20:24 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-14 20:24 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-14 20:24 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-14 20:11 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-14 20:11 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-14 20:11 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-14 20:11 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-14 20:11 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-14 20:11 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-14 20:11 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-14 20:11 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-14 20:11 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-14 20:11 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-14 20:11 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-14 20:11 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-14 20:11 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-14 20:11 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-14 20:11 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-14 20:11 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-14 20:11 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-14 20:11 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-14 20:11 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-14 20:11 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-14 20:11 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-14 20:11 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-14 20:11 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-14 20:11 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-14 20:11 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-14 19:39 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-14 19:39 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-14 19:39 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-14 19:39 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-14 19:39 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-14 19:39 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-14 19:39 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-14 19:39 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-14 19:39 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-14 19:39 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-14 19:39 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-14 19:39 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-14 19:39 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-14 19:39 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-14 19:39 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-14 19:39 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-14 19:39 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-14 19:39 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-14 19:39 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-14 19:39 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-14 19:39 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-14 19:39 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-14 19:39 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

==================== One Month Modified Files and Folders =======

2013-10-23 12:34 - 2013-10-23 12:34 - 00000000 ____D C:\FRST
2013-10-23 12:33 - 2012-12-21 14:13 - 00245760 ___SH C:\Users\Grace\Desktop\Thumbs.db
2013-10-23 12:20 - 2013-09-03 12:38 - 00002724 _____ C:\Windows\setupact.log
2013-10-23 12:17 - 2013-05-02 18:22 - 01336576 _____ C:\Windows\WindowsUpdate.log
2013-10-23 12:10 - 2009-07-14 01:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 12:06 - 2011-08-27 19:21 - 00000000 ____D C:\Users\Grace
2013-10-22 21:16 - 2013-10-22 21:16 - 00003224 ____N C:\bootsqm.dat
2013-10-21 21:09 - 2013-10-14 21:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-21 21:09 - 2013-09-04 12:53 - 00000000 ____D C:\Users\Grace\AppData\Local\Akamai
2013-10-21 21:09 - 2013-08-27 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-21 21:09 - 2013-05-17 10:47 - 00000000 ____D C:\Users\Grace\Desktop\showSimResponse_files
2013-10-21 21:09 - 2013-05-04 14:19 - 00000000 ____D C:\Users\Grace\Desktop\JavaRa
2013-10-21 21:09 - 2013-05-04 13:35 - 00000000 ____D C:\Users\Grace\Downloads\iobit_toolbox
2013-10-21 21:09 - 2013-05-04 11:22 - 00000000 ____D C:\Program Files (x86)\IObit
2013-10-21 21:09 - 2013-03-24 15:05 - 00000000 ____D C:\Users\Grace\Documents\dvd
2013-10-21 21:09 - 2012-12-27 13:07 - 00000000 ____D C:\Program Files (x86)\ieSpell
2013-10-21 21:09 - 2012-11-25 19:32 - 00000000 ____D C:\Users\Grace\Downloads\Google Play Store (1)
2013-10-21 21:09 - 2012-11-25 19:30 - 00000000 ____D C:\Users\Grace\Downloads\org
2013-10-21 21:09 - 2012-11-03 16:29 - 00000000 ____D C:\Users\Grace\Desktop\SD Card
2013-10-21 21:09 - 2012-03-29 10:18 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2013-10-21 21:09 - 2011-10-17 18:38 - 00000000 ____D C:\Users\Grace\Desktop\Kuder
2013-10-21 21:09 - 2011-09-29 17:56 - 00000000 ____D C:\Users\Grace\Downloads\UB445-U_driver_6.0113.0722.0723
2013-10-21 21:09 - 2011-09-29 14:25 - 00000000 ____D C:\Users\Grace\Downloads\Mbox_Pro_Drivers_v1011_69345 (1)
2013-10-21 21:09 - 2011-09-23 19:44 - 00000000 ____D C:\Users\Grace\Downloads\TiVme_V1.01.10.0172
2013-10-21 21:09 - 2011-09-22 16:50 - 00000000 ____D C:\Users\Grace\Downloads\Remote_V1.2.0.7.100622
2013-10-21 21:09 - 2011-09-08 21:08 - 00000000 ____D C:\Users\Grace\Downloads\Mbox_Pro_Drivers_v1011_69345
2013-10-21 21:09 - 2011-08-31 23:11 - 00000000 ____D C:\Users\Grace\Downloads\Pro_Tools_905_Updater_72734
2013-10-21 21:09 - 2011-08-28 17:37 - 00000000 ____D C:\Users\Grace\Desktop\Cleaners
2013-10-21 21:09 - 2011-08-28 01:12 - 00000000 ____D C:\Windows\pss
2013-10-21 21:09 - 2011-08-27 23:32 - 00000000 ____D C:\Users\Grace\Downloads\Installed
2013-10-21 21:09 - 2011-08-27 19:21 - 00000000 ___RD C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-21 21:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-21 21:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-10-21 21:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-21 21:08 - 2011-11-29 20:12 - 00000000 ___RD C:\Users\Grace\Dropbox
2013-10-21 21:07 - 2013-04-27 11:27 - 00000000 ____D C:\Users\Grace\AppData\Roaming\Mozilla
2013-10-21 21:06 - 2013-05-04 13:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-10-21 19:24 - 2013-10-21 19:24 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-21 19:09 - 2011-08-28 20:31 - 00001914 _____ C:\Users\Grace\AppData\Roaming\wklnhst.dat
2013-10-21 19:09 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-21 19:08 - 2013-10-21 19:03 - 00000000 ____D C:\Users\Grace\Desktop\TAX 2009
2013-10-21 19:05 - 2013-10-21 19:05 - 00009728 _____ C:\Users\Grace\Desktop\grace info oct 2013.wps
2013-10-21 18:12 - 2013-10-21 18:00 - 00000000 ____D C:\AdwCleaner
2013-10-21 17:58 - 2013-09-04 04:16 - 00143872 ___SH C:\Users\Grace\Downloads\Thumbs.db
2013-10-21 17:47 - 2012-11-25 13:35 - 00000000 ____D C:\Users\Grace\Desktop\LG internals
2013-10-21 17:23 - 2012-12-27 13:17 - 00032768 ___SH C:\Users\Grace\Documents\Thumbs.db
2013-10-19 11:24 - 2013-10-19 11:24 - 00017847 _____ C:\Users\Grace\Downloads\Moms Email contacts.xlsx
2013-10-19 10:56 - 2013-10-19 10:56 - 00021072 _____ C:\Users\Grace\Downloads\yahoo_ab.csv
2013-10-18 12:09 - 2010-07-10 00:21 - 00000000 ____D C:\Windows\Panther
2013-10-18 11:21 - 2013-10-18 11:21 - 00000000 ____D C:\Program Files (x86)\Twitter
2013-10-18 11:20 - 2013-10-18 11:20 - 29259264 _____ C:\Users\Grace\Downloads\TweetDeck.msi
2013-10-18 11:04 - 2013-10-18 11:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-18 11:04 - 2013-10-18 11:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-18 11:04 - 2013-10-18 11:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-18 11:04 - 2013-10-18 11:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-18 11:04 - 2013-05-04 15:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-18 11:04 - 2010-07-09 21:51 - 00000000 ____D C:\Program Files\Java
2013-10-18 11:01 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 11:01 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 11:00 - 2011-08-27 23:55 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-18 10:59 - 2013-05-01 10:54 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000UA.job
2013-10-18 10:59 - 2013-05-01 10:54 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000Core.job
2013-10-18 10:57 - 2011-11-29 19:57 - 00000000 ____D C:\Users\Grace\AppData\Roaming\Dropbox
2013-10-18 10:57 - 2011-08-27 23:55 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-18 10:56 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 09:44 - 2013-07-02 10:44 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000UA.job
2013-10-15 08:54 - 2011-08-27 23:55 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 08:54 - 2011-08-27 23:55 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 08:47 - 2013-09-11 10:08 - 00003488 _____ C:\Windows\PFRO.log
2013-10-14 21:05 - 2013-10-14 21:05 - 00001077 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-14 21:04 - 2013-05-04 15:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-14 21:04 - 2013-05-04 15:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-14 21:04 - 2013-05-04 15:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-14 20:28 - 2012-03-13 13:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-14 20:28 - 2012-03-13 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-14 20:28 - 2011-12-12 21:37 - 00405384 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 20:25 - 2011-08-28 15:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-14 20:22 - 2012-08-02 15:20 - 00773030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-14 20:19 - 2013-09-12 14:19 - 00000000 ____D C:\Windows\system32\MRT
2013-10-14 20:17 - 2011-08-27 19:40 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-14 20:13 - 2012-08-02 15:20 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-14 20:13 - 2012-08-02 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-14 20:13 - 2012-08-02 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-14 20:06 - 2011-08-27 23:55 - 00000000 ____D C:\Users\Grace\AppData\Local\Google
2013-10-14 19:44 - 2013-07-02 10:44 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000Core.job
2013-10-14 19:39 - 2013-07-02 10:44 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000UA
2013-10-14 19:39 - 2013-07-02 10:44 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3875385828-3578430940-2960995150-1000Core
2013-10-14 19:38 - 2011-08-27 23:59 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-14 19:32 - 2013-05-05 11:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!


LastRegBack: 2013-10-21 10:46

==================== End Of Log ============================

Edited by gracek, 23 October 2013 - 10:54 AM.

[Buddierdl]

This should allow your computer to boot back into normal mode. Then we can take a look at firefox. Does it give an error message when you try to install?

Please download the attached fixlist.txt to your flash drive with FRST. Then run FRST again and select "Fix" this time. Please post the resulting fixlog.txt.

Attached Files

•  fixlist.txt   790bytes   107 downloads

[gracek]

With firefox, I was trying to uninstall it, It keeps coming back, showing up on desktop and it's not an inactive icon, it opens firefox.

My computer does now start in regular mode. Thanks.. Will wait for more instructions.

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2013
Ran by Grace at 2013-10-23 14:27:18 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6BA6EA00-F135-4D70-ADE6-2C2A3244393A} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
C:\Program Files\Updater By SweetPacks
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BA6EA00-F135-4D70-ADE6-2C2A3244393A} => Key deleted successfully.
HKCR\CLSID\{6BA6EA00-F135-4D70-ADE6-2C2A3244393A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => Value deleted successfully.
"C:\Program Files\Updater By SweetPacks" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.

The operation completed successfully.

==== End of Fixlog ====

Edited by gracek, 23 October 2013 - 01:00 PM.

[Buddierdl]

So, were you trying to uninstall using Control Panel >> Programs and Features (or Uninstall a Program)? Did it give you any error?

Do you want to completely get rid of Firefox, with all favorites, plugins, user info, etc.?

[gracek]

Yes, I wanted to completely remove Firefox and it wouldn't uninstall. It appeared to uninstall via control panel, then showed up in the program list, it wouldn't go away, could this be some virus?

[Buddierdl]

I am not seeing anything in the logs to indicate malware. We can do a manual removal since it is not working. Can you post addition.txt located on the flash drive?

[gracek]

I'll try to post later today, I can't find the drive I saved the logs to! I'm sure I will find it soon:-)

[Buddierdl]

No worries, we can generate it again if necessary.

[Buddierdl]

Did you find it?

[gracek]

Sorry, my mother just died and want able to get back to you. Why don't you close this thread since my initial problem is solved. Thank you ! I will PM you if it won't uninstall :-)

[Buddierdl]

I am so sorry to hear that. Please accept my condolences.

Why don't you close this thread since my initial problem is solved. Thank you ! I will PM you if it won't uninstall :-)

That will be fine. We can open it again if needed.

[Buddierdl]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.