1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware, virus's and home access clogging up computer, please help

Discussion in 'Virus & Other Malware Removal' started by pholt, May 25, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. pholt

    pholt Thread Starter

    Joined:
    May 25, 2015
    Messages:
    6
    Hello,

    We have a laptop from the home access scheme and it runs so slow it's getting unbearable, added to that there is so much spyware on the laptop trying to access the internet this morning was a long and tireing excercise.

    Please can somebody help me remove all the junk.

    Here is a copy of the log about system details:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, 32 bit
    Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz, x64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 2008 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 780 Mb
    Hard Drives: C: Total - 137170 MB, Free - 88051 MB;
    Motherboard: SAMSUNG ELECTRONICS CO., LTD., R519/R719
    Antivirus: Microsoft Security Essentials, Not Updated

    Thanks in advance.

    Regards

    Phil
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    step 1
    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
    Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

    [​IMG]
     
  3. pholt

    pholt Thread Starter

    Joined:
    May 25, 2015
    Messages:
    6
    Thanks for the quick reply, here is the log you've requested......


    # AdwCleaner v4.205 - Logfile created 25/05/2015 at 12:14:43# Updated 21/05/2015 by Xplode# Database : 2015-05-24.1 [Server]# Operating system : Windows 7 Professional (x86)# Username : Parent - PARENT-PC# Running from : C:\Users\Parent\Downloads\AdwCleaner.exe# Option : Cleaning***** [ Services ] *****[#] Service Deleted : torchcrashhandler***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\BitGuardFolder Deleted : C:\ProgramData\IBUpdaterServiceFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\ProgramData\torchcrashhandlerFolder Deleted : C:\ProgramData\PC Drivers HeadQuartersFolder Deleted : C:\Program Files\FreeHDSport.TVFolder Deleted : C:\Program Files\MyPC BackupFolder Deleted : C:\Program Files\SeeSimilar02Folder Deleted : C:\Program Files\UtilityChest_49Folder Deleted : C:\Program Files\UtilityChest_49EIFolder Deleted : C:\Users\Parent\AppData\Local\Temp\apnFolder Deleted : C:\Users\Parent\AppData\Local\Temp\mt_ffxFolder Deleted : C:\Users\Parent\AppData\Local\Temp\pccustubinstallerFolder Deleted : C:\Users\Parent\AppData\Local\torchFolder Deleted : C:\Users\Parent\AppData\LocalLow\UtilityChest_49Folder Deleted : C:\Users\Parent\AppData\LocalLow\UtilityChest_49EIFolder Deleted : C:\Users\Parent\AppData\Roaming\BabSolutionFolder Deleted : C:\Users\Parent\AppData\Roaming\BabylonFolder Deleted : C:\Users\Parent\AppData\Roaming\pccustubinstallerFolder Deleted : C:\Users\Parent\AppData\Roaming\PerformerSoftFolder Deleted : C:\Users\Parent\AppData\Roaming\SeeSimilar02Folder Deleted : C:\Users\Parent\AppData\Roaming\SpeedAnalysis2Folder Deleted : C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuardFolder Deleted : C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torchFolder Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmdeFolder Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamofFolder Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgnFolder Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcjFile Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dgjkhjdcljddbedokogakmmdjgnbeanf_0.localstorageFile Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dgjkhjdcljddbedokogakmmdjgnbeanf_0.localstorage-journalFile Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorageFile Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fegpgkakakkgjlnfdfoghgoohkbcejpm_0.localstorageFile Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fegpgkakakkgjlnfdfoghgoohkbcejpm_0.localstorage-journalFile Deleted : C:\Program Files\WDesktop.Updater.exeFile Deleted : C:\windows\system32\roboot.exeFile Deleted : C:\Users\Parent\AppData\LocalLow\SkwConfig.binFile Deleted : C:\Users\Parent\AppData\Roaming\speedanalysis.icoFile Deleted : C:\Users\Parent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnkFile Deleted : C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnkFile Deleted : C:\Users\Parent\Desktop\SpeedAnalysis.lnkFile Deleted : C:\Users\Parent\Desktop\Torch.lnkFile Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferencesFile Deleted : C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\bprotector web data***** [ Scheduled tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{DEDAF650-12B8-48f5-A843-BBA100716106}]Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffhKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamofKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgnKey Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.comValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLLKey Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exeKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.ApiKey Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.LayersKey Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exeKey Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49Installer.StartKey Deleted : HKLM\SOFTWARE\Classes\UtilityChest_49Installer.Start.1Key Deleted : HKCU\Software\a0db8fe268ec49Key Deleted : HKLM\SOFTWARE\a0db8fe268ec49Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1db3bc24-5735-44d9-96dc-2e1d5eada08d}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{405592dc-1e4a-47f9-9c3c-dccc346655fd}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{268CA04C-106C-4636-B707-95E8CD5859E0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93488930-185C-4CED-AFEB-0FD4930F8423}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1db3bc24-5735-44d9-96dc-2e1d5eada08d}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93488930-185C-4CED-AFEB-0FD4930F8423}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1db3bc24-5735-44d9-96dc-2e1d5eada08d}Key Deleted : HKCU\Software\1ClickDownloadKey Deleted : HKCU\Software\BABSOLUTIONKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\DataMngr[#] Key Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\DeltaKey Deleted : HKCU\Software\ilividKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\SweetIMKey Deleted : HKCU\Software\torchKey Deleted : HKCU\Software\WNLTKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\UtilityChest_49Key Deleted : HKCU\Software\AppDataLow\Software\UtilityChest_49EIKey Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\DataMngrKey Deleted : HKLM\SOFTWARE\DeltaKey Deleted : HKLM\SOFTWARE\SweetIMKey Deleted : HKLM\SOFTWARE\Tarma InstallerKey Deleted : HKLM\SOFTWARE\torchKey Deleted : HKLM\SOFTWARE\Updater By SweetpacksKey Deleted : HKLM\SOFTWARE\UtilityChest_49Key Deleted : HKLM\SOFTWARE\UtilityChest_49EIKey Deleted : HKU\.DEFAULT\Software\AskPartnerNetworkKey Deleted : HKU\.DEFAULT\Software\IMKey Deleted : HKU\.DEFAULT\Software\ImInstallerKey Deleted : HKU\.DEFAULT\Software\SweetIMKey Deleted : HKU\.DEFAULT\Software\WNLTKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torchKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getwebcake.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.comData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local***** [ Web browsers ] *****-\\ Internet Explorer v9.0.8112.16476-\\ Mozilla Firefox v-\\ Google Chrome v[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A65FB482FE085B1C&affID=121284&tt=040813_11&tsp=4964[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : dgjkhjdcljddbedokogakmmdjgnbeanf[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : fegpgkakakkgjlnfdfoghgoohkbcejpm[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : kiplfnciaokpcennlkldkdaeaaomamof[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nbdbmopeebalgaeghmjoegpkngglikgn[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj[C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A65FB482FE085B1C&affID=121284&tt=040813_11&tsp=4964*************************AdwCleaner[R0].txt - [10548 bytes] - [25/05/2015 12:12:18]AdwCleaner[S0].txt - [10658 bytes] - [25/05/2015 12:14:43]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10718 bytes] ##########Many thanks in advance

    Regards

    Phil
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    next
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 32 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  5. pholt

    pholt Thread Starter

    Joined:
    May 25, 2015
    Messages:
    6
    Cheers Derek,

    Here is the first log;

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
    Ran by Parent (administrator) on PARENT-PC on 25-05-2015 12:48:45
    Running from C:\Users\Parent\Downloads
    Loaded Profiles: Parent (Available Profiles: Parent)
    Platform: Microsoft Windows 7 Professional (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    (Netintelligence Ltd) C:\Program Files\Netintelligence Home\LiteClient.exe
    () C:\Windows\System32\srvmon.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Netintelligence Ltd) C:\Program Files\Netintelligence Home\LiteClientAM.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Program Files\Netintelligence Home\AMMon.exe
    (Smilebox, Inc.) C:\Users\Parent\AppData\Roaming\Smilebox\SmileboxTray.exe
    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\swriter.exe
    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [NIHomeAM] => C:\Program Files\Netintelligence Home\LiteClientAM.exe [1196544 2009-10-27] (Netintelligence Ltd)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\Run: [SmileboxTray] => C:\Users\Parent\AppData\Roaming\Smilebox\SmileboxTray.exe [317736 2013-10-15] (Smilebox, Inc.)
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\Run: [Google Update] => C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-02] (Google Inc.)
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\MountPoints2: {07c90cf5-f401-11e0-ab81-00245444b6f6} - D:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\MountPoints2: {1f858bfe-e511-11e1-9cc5-00245444b6f6} - D:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A13B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\MountPoints2: {64cfcc1b-f4b0-11e0-b48f-00245444b6f6} - D:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\MountPoints2: {d93f9a66-f3e4-11e0-be57-00245444b6f6} - D:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\MountPoints2: {d93f9a84-f3e4-11e0-be57-00245444b6f6} - D:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\MountPoints2: {eb8afab3-2f3a-11e1-97c4-00245444b6f6} - D:\iStudio.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src...9&barid={33533269-E880-11E2-972C-00245444B6F6}
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?bar...&st=23&st=23&did=10963&UPN2=92264297448468602
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src...9&barid={33533269-E880-11E2-972C-00245444B6F6}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-502250249-1756045401-4193677544-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.enhanced-search.com/?q={...82FE085B1C&affID=121284&tt=040813_11&tsp=4964
    SearchScopes: HKU\S-1-5-21-502250249-1756045401-4193677544-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-502250249-1756045401-4193677544-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-502250249-1756045401-4193677544-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-502250249-1756045401-4193677544-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=...&st=23&st=23&did=10963&UPN2=92264297448468602
    BHO: txthlpBHO Class -> {060235DC-6D84-47BD-95D7-A4EF5099A59D} -> C:\Program Files\Texthelp Systems\Read and Write 9\texthelpbho.dll [2005-12-14] ()
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO: ba3HelperObj Class -> {A17B153F-2267-4161-A165-73DCD6C31BEF} -> C:\Program Files\Texthelp Systems\Read and Write 9\ba3bho.dll [2005-05-18] ()
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-30] (Sun Microsystems, Inc.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{4F845697-C445-4D4E-95FF-33DE7B01BE4E}: [NameServer] 88.82.13.28 88.82.13.28
    Tcpip\..\Interfaces\{F408EA2D-79FB-4A5D-9D79-D53318977E2F}: [NameServer] 88.82.13.44 88.82.13.44
    Tcpip\..\Interfaces\{F9952A8A-F9A5-48B2-A084-E70096E55A66}: [NameServer] 88.82.13.28 88.82.13.28
    FireFox:
    ========
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [2010-01-18] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
    FF Plugin: @ei.UtilityChest_49.com/Plugin -> C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll No File
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
    FF Plugin HKU\S-1-5-21-502250249-1756045401-4193677544-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
    FF Plugin HKU\S-1-5-21-502250249-1756045401-4193677544-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
    FF Extension: FreeHDSport TV 3 - C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\profiles\extensions\[email protected] [2013-06-30]
    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://mysearch.sweetpacks.com/?barid={33533269-E880-11E2-972C-00245444B6F6}&src=10&crg=3.5000006.10059&st=23&st=23&did=10963&UPN2=92264297448468602"
    CHR DefaultSearchKeyword: Default -> mysearch.sweetpacks.com
    CHR DefaultSuggestURL: Default ->
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Parent\AppData\Local\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Parent\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Parent\AppData\Local\Google\Chrome\Application\40.0.2214.115\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Google Update) - C:\Users\Parent\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-27]
    CHR Extension: (Google Search) - C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-27]
    CHR Extension: (Gmail) - C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-27]
    StartMenuInternet: Google Chrome - C:\Users\Parent\AppData\Local\Google\Chrome\Application\chrome.exe
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [17904 2009-12-09] (Microsoft Corporation)
    R2 NILiteClient; C:\Program Files\Netintelligence Home\LiteClient.exe [2359296 2009-10-05] (Netintelligence Ltd) []
    R2 ServiceMonitor; C:\windows\system32\srvmon.exe [712704 2009-08-25] () []
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
    S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
    S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
    S3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
    R1 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [149040 2009-12-02] (Microsoft Corporation)
    R3 MpNWMon; C:\windows\System32\DRIVERS\MpNWMon.sys [42368 2009-12-02] (Microsoft Corporation)
    S1 hxxdcils; \??\C:\windows\system32\drivers\hxxdcils.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S1 MpKsl1be8b1cc; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{750C26B1-8890-4E80-AB46-296B79F46431}\MpKsl1be8b1cc.sys [X]
    S3 zghsat; system32\DRIVERS\zghsat.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-05-25 12:48 - 2015-05-25 12:49 - 00014418 _____ () C:\Users\Parent\Downloads\FRST.txt
    2015-05-25 12:47 - 2015-05-25 12:48 - 00000000 ____D () C:\FRST
    2015-05-25 12:45 - 2015-05-25 12:45 - 01146880 _____ (Farbar) C:\Users\Parent\Downloads\FRST.exe
    2015-05-25 12:11 - 2015-05-25 12:17 - 00000000 ____D () C:\AdwCleaner
    2015-05-25 12:10 - 2015-05-25 12:10 - 02223104 _____ () C:\Users\Parent\Downloads\AdwCleaner.exe
    2015-05-25 10:34 - 2013-05-10 19:49 - 00708168 _____ (MindSpark) C:\Program Files\49Uninstall Utility Chest.dll
    2015-05-25 10:34 - 2013-05-10 19:49 - 00186752 _____ () C:\Program Files\49res.dll
    2015-04-26 17:40 - 2015-04-26 17:41 - 00000000 ____D () C:\21a19a5b2718dc13544d
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-05-25 12:46 - 2010-04-14 12:13 - 00000000 ____D () C:\Program Files\Netintelligence Home
    2015-05-25 12:44 - 2013-01-13 15:26 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-05-25 12:43 - 2009-11-13 23:09 - 02031198 _____ () C:\windows\WindowsUpdate.log
    2015-05-25 12:36 - 2011-10-11 13:23 - 00012728 _____ () C:\windows\system32\srvmon.startuplog
    2015-05-25 12:24 - 2012-02-27 22:47 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-502250249-1756045401-4193677544-1001UA.job
    2015-05-25 12:23 - 2009-07-14 05:34 - 00021808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-25 12:23 - 2009-07-14 05:34 - 00021808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-25 12:21 - 2009-07-26 21:06 - 00813868 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-05-25 12:16 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-05-25 12:16 - 2009-07-14 05:39 - 00122548 _____ () C:\windows\setupact.log
    2015-05-25 12:15 - 2009-11-13 06:52 - 00673768 _____ () C:\windows\PFRO.log
    2015-05-25 12:11 - 2012-04-15 21:01 - 00000000 ____D () C:\Users\Parent\AppData\Local\Facebook
    2015-05-25 10:26 - 2010-03-30 14:19 - 00000000 ____D () C:\Activation
    2015-05-25 10:21 - 2012-04-15 19:26 - 00000000 ____D () C:\ProgramData\Norton
    2015-05-25 10:02 - 2010-03-30 13:43 - 00031150 _____ () C:\windows\ZTEInstallInfo.log
    2015-05-25 10:02 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\AppCompat
    2015-05-25 09:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF
    2015-05-25 09:54 - 2012-02-27 22:48 - 00002370 _____ () C:\Users\Parent\Desktop\Google Chrome.lnk
    2015-05-25 09:53 - 2009-11-13 06:12 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2015-05-25 09:52 - 2010-03-30 13:44 - 00000000 ____D () C:\ProgramData\Birdstep Technology
    2015-05-25 09:24 - 2012-02-27 22:47 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-502250249-1756045401-4193677544-1001Core.job
    ==================== Files in the root of some directories =======
    2015-05-25 10:34 - 2013-05-10 19:49 - 0186752 _____ () C:\Program Files\49res.dll
    2015-05-25 10:34 - 2013-05-10 19:49 - 0708168 _____ (MindSpark) C:\Program Files\49Uninstall Utility Chest.dll
    2013-08-04 20:13 - 2013-08-04 20:12 - 0099678 _____ () C:\Users\Parent\AppData\Roaming\seesimilar.ico
    2012-10-29 00:25 - 2012-10-29 00:25 - 0004608 _____ () C:\Users\Parent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-03-30 18:29 - 2009-08-17 05:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe
    Some files in TEMP:
    ====================
    C:\Users\Parent\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Parent\AppData\Local\Temp\DefaultAssets.exe
    C:\Users\Parent\AppData\Local\Temp\DefaultOfflineContent.exe
    C:\Users\Parent\AppData\Local\Temp\mgsqlite3.dll
    C:\Users\Parent\AppData\Local\Temp\msg6615.exe
    C:\Users\Parent\AppData\Local\Temp\msgD154.exe
    C:\Users\Parent\AppData\Local\Temp\NLStubInstallerResources.dll
    C:\Users\Parent\AppData\Local\Temp\PCCheckupInstaller.exe
    C:\Users\Parent\AppData\Local\Temp\PCCU_Installer.exe
    C:\Users\Parent\AppData\Local\Temp\PicasaUpdater_5201.exe
    C:\Users\Parent\AppData\Local\Temp\Quarantine.exe
    C:\Users\Parent\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
    C:\Users\Parent\AppData\Local\Temp\spacksyahoo_717_active.exe
    C:\Users\Parent\AppData\Local\Temp\sqlite3.dll
    C:\Users\Parent\AppData\Local\Temp\uninst1.exe
    C:\Users\Parent\AppData\Local\Temp\vcredist_x86.exe
    C:\Users\Parent\AppData\Local\Temp\WSSetup.exe
    C:\Users\Parent\AppData\Local\Temp\?odec Performer803975.exe

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-05-02 18:24
    ==================== End of log ============================

    And also the Addition log;

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
    Ran by Parent at 2015-05-25 12:50:04
    Running from C:\Users\Parent\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-502250249-1756045401-4193677544-500 - Administrator - Disabled)
    Guest (S-1-5-21-502250249-1756045401-4193677544-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-502250249-1756045401-4193677544-1002 - Limited - Enabled)
    Parent (S-1-5-21-502250249-1756045401-4193677544-1001 - Administrator - Enabled) => C:\Users\Parent
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Microsoft Security Essentials (Enabled - Out of date) {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    AS: Microsoft Security Essentials (Enabled - Out of date) {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
    Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BECTA Home Access Activation Tool (HKLM\...\{9B39B512-1E22-45B6-9561-83DBFEA00A33}) (Version: 1.0.0 - Texthelp Systems)
    Best Uninstall Tool (HKLM\...\Best Uninstall Tool_is1) (Version: - www.bestuninstalltool.com)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
    Doxillion Document Converter (HKLM\...\Doxillion) (Version: - NCH Software)
    Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
    Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
    Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
    EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
    GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
    Google Chrome (HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2082 - Intel Corporation)
    Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
    IntelĀ® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
    Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
    Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Essentials) (Version: 1.0.1961.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OpenOffice.org 3.2 (HKLM\...\{379F9A64-4317-477A-BBC5-35466F8476B5}) (Version: 3.2.9483 - OpenOffice.org)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Positive IT Solutions Online Support (HKLM\...\{7E117A6A-8579-4435-8290-4089C1C5BEFA}) (Version: 5.2.142 - LogMeIn, Inc.)
    Read And Write Home Access (HKLM\...\{2775D83C-A85F-4CC2-84A1-FC5E63F682BB}) (Version: 9.0.1 - Texthelp Systems)
    Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.)
    Revo Uninstaller Pro 2.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.5 - VS Revo Group, Ltd.)
    Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.4 - Samsung)
    Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
    SamsungMovie (HKLM\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
    Smilebox (HKU\S-1-5-21-502250249-1756045401-4193677544-1001\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
    User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
    VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\MP3Writer.dll ()
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\CoreAAC.ax ()
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Parent\AppData\Local\Google\Chrome\Application\43.0.2357.65\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\CoreAAC.ax ()
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\MP3Encoder.dll ()
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\Parent\AppData\Local\Torch\Application\29.0.0.4888\delegate_execute.exe" No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\CoreAAC.ax ()
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\Parent\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-502250249-1756045401-4193677544-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    ==================== Restore Points =========================

    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {07CD40BA-BDEF-4697-93FA-9451378B4C50} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-22] (Adobe Systems Incorporated)
    Task: {1129C3B5-E612-4A8F-B5F4-3471C2B0BE55} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
    Task: {310429EC-45A6-442E-96B4-89B69B26BB11} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09] (Microsoft Corporation)
    Task: {69676FBD-8F03-4EBE-B836-C7BDAB664A1E} - System32\Tasks\{613764CC-C312-4EAA-A3C0-0DC0FE9CFBD2} => pcalua.exe -a C:\PROGRA~1\NETINT~1\UNINST~1.EXE
    Task: {6E364C8B-5AA6-441E-ABAC-C8872C6B7108} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
    Task: {9F9213EC-D680-4EC6-80A9-7DDDBD6BEECD} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
    Task: {C0043620-FE59-40AE-97B9-09CA0E2BFFEE} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
    Task: {CC0FC958-7160-4B95-893F-5817CD340782} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
    Task: {CDF637A9-5088-4AB7-B6A4-9125ACAC7242} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-502250249-1756045401-4193677544-1001UA => C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
    Task: {D631377D-13B8-4AF5-9794-D892C00773E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-502250249-1756045401-4193677544-1001Core => C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
    Task: {EA20BE70-5970-4369-A178-C2B66A793321} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-502250249-1756045401-4193677544-1001Core.job => C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-502250249-1756045401-4193677544-1001UA.job => C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (Whitelisted) ==============
    2013-02-28 23:09 - 2011-11-02 18:01 - 00411024 _____ () C:\Program Files\Best Uninstall Tool\Contextmenu.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-11-13 06:19 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
    2010-04-14 12:13 - 2009-08-25 11:45 - 00712704 _____ () C:\windows\system32\srvmon.exe
    2010-04-14 12:13 - 2008-12-03 22:20 - 00657408 _____ () C:\Program Files\Netintelligence Home\AMMon.exe
    2009-10-20 21:02 - 2010-03-30 14:16 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    2009-09-28 13:09 - 2010-03-30 14:16 - 00166400 _____ () C:\Program Files\OpenOffice.org 3\program\libxslt.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
    ==================== EXE Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-502250249-1756045401-4193677544-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    ==================== MSCONFIG/TASK MANAGER Error getting ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupfolder: C:^Users^Parent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\windows\pss\OpenOffice.org 3.2.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: CSSolutionsClient => C:\Positive IT Solutions\Child Safe Solutions\CSSolutionsClient.exe
    MSCONFIG\startupreg: CSSWebFiltering => C:\Positive IT Solutions\Child Safe Solutions\CSSWebFiltering.exe
    MSCONFIG\startupreg: Facebook Update => "C:\Users\Parent\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Google Update => "C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
    MSCONFIG\startupreg: MobileBroadband => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    MSCONFIG\startupreg: MSSE => "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: NIHomeAM => "C:\Program Files\Netintelligence Home\LiteClientAM.exe"
    MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
    MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{190AFF8B-76A6-461A-A19E-E6AE8C1E9453}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{65FA43D7-DDC2-4B66-A5A0-09733A5A6330}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{6075C49B-0E51-42DB-91C2-C905B92A0F3F}] => (Allow) svchost.exe
    FirewallRules: [{BF3D0B3F-09EB-485A-8C98-F581C936ECF9}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [TCP Query User{98BB36E3-B0D1-42F3-A8B6-B01BC5122B68}C:\positive it solutions\child safe solutions\csswebfiltering.exe] => (Allow) C:\positive it solutions\child safe solutions\csswebfiltering.exe
    FirewallRules: [UDP Query User{07F1323C-AACB-4809-8403-BDD92D6F01B3}C:\positive it solutions\child safe solutions\csswebfiltering.exe] => (Allow) C:\positive it solutions\child safe solutions\csswebfiltering.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    FirewallRules: [{98680115-D969-4935-983B-248F0E2D2C63}] => (Allow) C:\Program Files\Netintelligence Home\LiteClient.exe
    FirewallRules: [{007D88A4-813F-4891-A842-D43CF705578F}] => (Allow) C:\Program Files\Netintelligence Home\LiteClient.exe
    FirewallRules: [{7D42568A-C714-42B7-8196-5B9E4863B8BA}] => (Allow) C:\Program Files\Netintelligence Home\LiteClient.exe
    FirewallRules: [{61D2AB23-4D3D-436C-9734-4631F1D34605}] => (Allow) C:\Program Files\Netintelligence Home\LiteClient.exe
    FirewallRules: [{39B083B0-475E-4292-93AE-7B3E4CA5E74C}] => (Allow) C:\Program Files\Netintelligence Home\LiteClientAM.exe
    FirewallRules: [{F9ECBF3B-544E-4E05-AB14-D3BD3263DC0F}] => (Allow) C:\Program Files\Netintelligence Home\LiteClientAM.exe
    FirewallRules: [{36FA45C0-903B-4301-AD2C-EE26A05251C7}] => (Allow) C:\Program Files\Netintelligence Home\LiteClientAM.exe
    FirewallRules: [{858F96F9-B452-44A3-99D2-AA8CFE5979DA}] => (Allow) C:\Program Files\Netintelligence Home\LiteClientAM.exe
    FirewallRules: [{4DA0EE7E-9D1A-4E8A-9213-9ADA679AF9F5}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{7C7507B4-C63C-452F-8D50-ADE962984931}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F598525A-972E-45A9-A45C-B9B44710D1BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{407E49F7-BF44-46E2-8057-DF3FE698EB1B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{31FC8E6A-C19B-4C7E-9AAE-776B24E42DEA}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{02DCCC93-7784-43A5-9AE0-4020449D5BB3}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{CED3C262-6CB2-4C7A-A0D4-56E2D0CA8995}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [{5EB0605B-0345-48DC-BB29-56AD893D5CA9}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [{53D5C4F1-D7F0-4B28-9A9E-185733E82F61}] => (Allow) C:\Users\Parent\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
    FirewallRules: [{67A3792C-4ABE-44F4-A974-D45AF6D72439}] => (Allow) C:\Users\Parent\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
    FirewallRules: [{668075E4-DD0F-430D-9918-4C4D1E2F2F65}] => (Allow) C:\Users\Parent\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
    FirewallRules: [{AD82E00B-1E33-4778-BE62-A4AEB83F5E50}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{4314C661-EDB6-4951-A52F-22A733F980D2}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{2CA3D7BE-68EB-45FC-9802-1531223BF022}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [{36FE69FB-A4EB-4BE5-BDBA-90E6D939C627}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
    FirewallRules: [TCP Query User{7F1AF4CA-4A8D-43F6-A5A5-0145AF562307}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{53DD085B-3C71-4568-839D-4343BDBF3615}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
    ==================== Faulty Device Manager Devices =============
    Name: MpKsl1be8b1cc
    Description: MpKsl1be8b1cc
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKsl1be8b1cc
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/25/2015 10:25:20 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed MatchWare MindView 3.0 Home Access; Error = 0x80070422).
    Error: (05/25/2015 10:25:09 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed MatchWare MindView 3.0 Home Access; Error = 0x80070422).
    Error: (05/25/2015 10:10:25 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Parent-PC)
    Description: Application or service 'Vodafone Mobile Broadband Service' could not be restarted.
    Error: (05/25/2015 10:09:36 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Vodafone Mobile Broadband Lite.; Error = 0x80070422).
    Error: (05/25/2015 10:09:10 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = ##IDS_ERROR_1717##; Error = 0x80070422).
    Error: (05/25/2015 10:08:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer
    Error: (05/25/2015 10:08:08 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer
    Error: (05/25/2015 10:08:06 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer
    Error: (05/25/2015 10:07:40 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer
    Error: (05/25/2015 10:07:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 254
    Start Time: 01d096c90f2e652b
    Termination Time: 0
    Application Path: C:\Program Files\Internet Explorer\iexplore.exe
    Report Id:

    System errors:
    =============
    Error: (05/25/2015 00:16:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
    %%2
    Error: (05/25/2015 00:15:48 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume \\?\Volume{c805786b-d0a0-11de-96fe-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code.
    Error: (05/25/2015 00:14:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    Error: (05/25/2015 00:14:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    Error: (05/25/2015 00:14:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (05/25/2015 00:14:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    Error: (05/25/2015 00:14:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    Error: (05/25/2015 00:14:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Torch Crash Handler service terminated unexpectedly. It has done this 1 time(s).
    Error: (05/25/2015 00:14:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Service Monitor service terminated unexpectedly. It has done this 1 time(s).
    Error: (05/25/2015 00:14:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Netintelligence Home Edition Client service terminated unexpectedly. It has done this 1 time(s).

    Microsoft Office:
    =========================
    Error: (05/25/2015 10:25:20 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\windows\system32\msiexec.exe /VRemoved MatchWare MindView 3.0 Home Access0x80070422
    Error: (05/25/2015 10:25:09 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\windows\system32\msiexec.exe /VRemoved MatchWare MindView 3.0 Home Access0x80070422
    Error: (05/25/2015 10:10:25 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Parent-PC)
    Description: 0VmbService.exeVodafone Mobile Broadband Service03026217824760
    Error: (05/25/2015 10:09:36 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\windows\system32\msiexec.exe /VRemoved Vodafone Mobile Broadband Lite.0x80070422
    Error: (05/25/2015 10:09:10 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\windows\system32\msiexec.exe /V##IDS_ERROR_1717##0x80070422
    Error: (05/25/2015 10:08:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer (NULL)(NULL)(NULL)(NULL)(NULL)
    Error: (05/25/2015 10:08:08 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer (NULL)(NULL)(NULL)(NULL)(NULL)
    Error: (05/25/2015 10:08:06 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer (NULL)(NULL)(NULL)(NULL)(NULL)
    Error: (05/25/2015 10:07:40 AM) (Source: MsiInstaller) (EventID: 10005) (User: Parent-PC)
    Description: Product: Sopcast Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:
    Internet Explorer (NULL)(NULL)(NULL)(NULL)(NULL)
    Error: (05/25/2015 10:07:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1647625401d096c90f2e652b0C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Memory info ===========================
    Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz
    Percentage of memory in use: 51%
    Total physical RAM: 2008.61 MB
    Available physical RAM: 976.58 MB
    Total Pagefile: 4017.22 MB
    Available Pagefile: 2673.43 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1914.29 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:133.96 GB) (Free:85.89 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 12E18098)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
    Partition 2: (Active) - (Size=95 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=134 GB) - (Type=07 NTFS)
    ==================== End of log ============================

    Thanks for your quick help with this,

    Regards

    Phil
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    first go to control panel/ programs & features and uninstall "Best Uninstall Tool"

    then

    Download attached fixlist.txt file and save it to your downloads folder.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  7. pholt

    pholt Thread Starter

    Joined:
    May 25, 2015
    Messages:
    6
    Hi Derek,

    Here is the fixlog (only difference was that it saved in downloads, is this correct?)


    Fix result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01Ran by Parent at 2015-05-25 13:22:11 Run:1Running from C:\Users\Parent\DownloadsLoaded Profiles: Parent (Available Profiles: Parent)Boot Mode: Normal==============================================fixlist content:*****************HKU\S-1-5-21-502250249-1756045401-4193677544-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src=...C-00245444B6F6}HKU\S-1-5-21-502250249-1756045401-4193677544-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?bari...64297448468602SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com/?src=...C-00245444B6F6}SearchScopes: HKU\S-1-5-21-502250249-1756045401-4193677544-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.enhanced-search.com/?q={s...13_11&tsp=4964SearchScopes: HKU\S-1-5-21-502250249-1756045401-4193677544-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6...64297448468602FF Plugin: @ei.UtilityChest_49.com/Plugin -> C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll No FileCHR StartupUrls: Default -> "hxxp://mysearch.sweetpacks.com/?barid={33533269-E880-11E2-972C-00245444B6F6}&src=10&crg=3.5000006.10059&st=23&st=23&did=10963&UPN2=9226429 7448468602"CHR DefaultSearchKeyword: Default -> mysearch.sweetpacks.com2015-05-25 10:34 - 2013-05-10 19:49 - 00708168 _____ (MindSpark) C:\Program Files\49Uninstall Utility Chest.dll2015-05-25 10:34 - 2013-05-10 19:49 - 00186752 _____ () C:\Program Files\49res.dll2010-03-30 18:29 - 2009-08-17 05:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe2013-02-28 23:09 - 2011-11-02 18:01 - 00411024 _____ () C:\Program Files\Best Uninstall Tool\Contextmenu.dllC:\Program Files\Best Uninstall ToolEmptyTemp:*****************"HKU\S-1-5-21-502250249-1756045401-4193677544-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\S-1-5-21-502250249-1756045401-4193677544-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => key Removed successfully.HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found. "HKU\S-1-5-21-502250249-1756045401-4193677544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key Removed successfully.HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. "HKU\S-1-5-21-502250249-1756045401-4193677544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => key Removed successfully.HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found. "HKLM\Software\MozillaPlugins\@ei.UtilityChest_49.com/Plugin" => key Removed successfully.Chrome StartupUrls Removed successfully.Chrome DefaultSearchKeyword not found.C:\Program Files\49Uninstall Utility Chest.dll => Moved successfully.C:\Program Files\49res.dll => Moved successfully.C:\ProgramData\FullRemove.exe => Moved successfully.C:\Program Files\Best Uninstall Tool\Contextmenu.dll => Moved successfully.C:\Program Files\Best Uninstall Tool => Moved successfully.EmptyTemp: => Removed 2.1 GB temporary data.The system needed a reboot. ==== End of Fixlog 13:25:17 ====I'll await next instruction, many thanks.

    Regards

    Phil
     
  8. pholt

    pholt Thread Starter

    Joined:
    May 25, 2015
    Messages:
    6
    Hi Derek,

    I notice all of the above actions have got rid of all the pop ups and made browsing better, when i load the task manager the CPU usage is pretty constant at 0-1% when idle now which is great!

    When i check msconfig and look at progs on startup, i can't get rid of netintelligence. Could you help with removing that and all the "home access" stuff too?

    Hope you can help, you've been a great help thus far.

    Regards

    Phil
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
  10. pholt

    pholt Thread Starter

    Joined:
    May 25, 2015
    Messages:
    6
    Ok, thanks for all your help.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Spyware virus's home
  1. jennys95
    Replies:
    1
    Views:
    633
  2. rjay13
    Replies:
    0
    Views:
    289
  3. dano_61
    Replies:
    14
    Views:
    917
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148788

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice