mikehende

Thanks, I have a SP3 disk but will report back here of course.

Hi Pete, if we can't decrypt or recover whatever files are damaged that's one thing but first can we get that writing off the desktop and remove the ransomware?

This unit also has wireless net connection issues, I am going to reload XP

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by 12345 at 2015-06-16 21:15:01 Running from F:\AV Softwares Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 12345 (S-1-5-21-237654137-635372401-2747628395-1000 - Administrator - Enabled) => C:\Users\12345 Administrator (S-1-5-21-237654137-635372401-2747628395-500 - Administrator - Disabled) Guest (S-1-5-21-237654137-635372401-2747628395-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-237654137-635372401-2747628395-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - ) AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL LLC) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden C309g-m (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.) CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.) Delicious: Emily's Honeymoon Cruise Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FromDocToPDF Internet Explorer Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems) HomeworkSimplified Internet Explorer Toolbar (HKLM-x32\...\HomeworkSimplified_7ebar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}) (Version: 14.0 - HP) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7 - Hewlett-Packard) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden IHA_MessageCenter (HKLM-x32\...\{80813829-BE27-4799-8BC7-2F75A7B6CB50}) (Version: 1.1.0 - Verizon) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle) Java 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.) Java SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.14.16426 - LeapFrog) LeapFrog Connect (x32 Version: 4.2.14.16426 - LeapFrog) Hidden LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.13.16151 - LeapFrog) Hidden LeapFrog Leapster2 Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden PS_AIO_06_C309g-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden Remington Super Slam Hunting: Alaska (x32 Version: 3.0.2.59 - WildTangent) Hidden Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated) TINcan Race (x32 Version: 2.2.0.98 - WildTangent) Hidden TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden Tornado Jockey (x32 Version: 2.2.0.95 - WildTangent) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version: - ) Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - ) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (HKLM-x32\...\Leapster2Plugin) (Version: - LeapFrog) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog) Verizon Help and Support Tool (HKLM-x32\...\Verizon Help and Support) (Version: - ) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) Vz In Home Agent (HKLM-x32\...\{6916E491-8BBF-4E8A-AFAD-D01307C059E5}) (Version: 8.02.23 - Verizon) Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.76.0 - Verizon) Walgreens PictureMover (HKLM-x32\...\{113DE59D-B57A-4075-9D4F-5803DFA69EB7}) (Version: 3.5.0.27 - Hewlett-Packard Company) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 27-05-2015 21:48:47 Windows Update 12-06-2015 20:54:55 Windows Update 13-06-2015 10:48:16 Windows Update 16-06-2015 18:28:57 Windows Update 16-06-2015 19:08:31 Windows Update 16-06-2015 20:41:23 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-06-16 20:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {145F84B6-F2AA-4699-9BE4-49A594AC2736} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-10] (Microsoft Corporation) Task: {31DD5B9B-4824-4B89-9055-6D63A2E5D635} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd) Task: {352CA404-438D-441D-8DB5-37416154B1C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-12] (Adobe Systems Incorporated) Task: {5B496CA5-CBC1-4226-9A01-96FD8C58EBF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.) Task: {712060A4-8E5B-4B60-AE27-391B6AF50EB2} - System32\Tasks\HPCeeScheduleFor12345 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {800C5680-3A65-4B72-9A3A-2754D91D2602} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {92667655-88E9-4D4C-913A-B13E59BBEDEF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2009-07-13] (Microsoft Corporation) Task: {AAD6AB96-EF6B-42AE-9177-A281A374F291} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard) Task: {CE71B304-9B48-4CF4-AA69-B2B4C5E4CAB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.) Task: {DB9652FD-110F-4930-A30D-BF598F02F65B} - System32\Tasks\{B891F7BE-D7F7-4DCF-B387-E5715C5B1856} => pcalua.exe -a C:\Users\12345\Desktop\LeapFrogConnectSetup_Tag.exe -d C:\Users\12345\Desktop Task: {DD7633D6-64AC-4F31-8FA1-D246D080A4A1} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] () Task: {DFF7889F-534D-44BE-AE4A-831484702F1F} - System32\Tasks\SUPERAntiSpyware Scheduled Task 585b1adf-238a-4e8a-a010-b46f510c0df8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {ED627487-4373-406D-8A8D-3D9136140AD4} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard) Task: {FC22A420-E3DC-4383-83B8-8C61349D1F07} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-13] (Avast Software s.r.o.) Task: {FC37AED6-E1DE-4424-92A7-656236BDDDE4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 79454dbe-1602-4022-a321-3fc135c8c982 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleFor12345.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 585b1adf-238a-4e8a-a010-b46f510c0df8.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 79454dbe-1602-4022-a321-3fc135c8c982.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (Whitelisted) ============== 2010-03-13 02:33 - 2009-07-06 15:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2009-07-01 19:44 - 2009-07-01 19:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2014-08-01 04:25 - 2014-08-01 04:25 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2015-06-16 17:53 - 2015-06-16 17:53 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061602\algo.dll 2014-08-01 04:25 - 2014-08-01 04:25 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-237654137-635372401-2747628395-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\12345\Desktop\HELP_RESTORE_FILES.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^12345^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Walgreens PictureMover.lnk => C:\Windows\pss\Walgreens PictureMover.lnk.Startup MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1278801654\ee\AOLSoftware.exe MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW MSCONFIG\startupreg: ihanotify => C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe BalloonCount=680 RunNotify=fios BalloonMsg=init MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B9EBBAF3-4E7A-4B44-B8FB-75D80BB5AC98}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{32DAB186-5CD3-44DD-A754-1653780FAD29}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{93C2F24A-DB98-44C7-A50E-22317121C2DB}] => (Allow) svchost.exe FirewallRules: [{9F1EE360-6911-4B2D-9CD6-A560BF0D861F}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{8E1D019B-E1E7-4A96-9024-E49BAECDBAB9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{50545710-87EC-4B42-A75B-215863C1EBB7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE FirewallRules: [{5E2778B9-23EB-4B3C-9489-C4D4060F79AE}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe FirewallRules: [{43B1FA09-D48E-424B-8E05-2354C7E3CFCC}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe FirewallRules: [{F1E1E5A1-57D5-4B1A-A376-04CAA5C61D8E}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe FirewallRules: [{F2572CB1-6509-41B2-A23D-F81308F7DC58}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe FirewallRules: [{A70C202A-7D80-4A06-BCF0-884E44760487}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278801654\ee\aolsoftware.exe FirewallRules: [{2B25EEB6-40C7-4762-B47A-9F17632AC98B}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278801654\ee\aolsoftware.exe FirewallRules: [{7137A412-DF29-4C93-B4C7-EEF8A581A673}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe FirewallRules: [{D21FA077-D974-4666-A8A7-781194D19D05}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe FirewallRules: [{A788BAA0-AAA5-47FD-A43F-ABBDB92DFFB5}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{AD394E52-4CFC-4DC4-9DD1-7DD0CDB0B0DE}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe FirewallRules: [{44ED8411-2258-42AD-BAA1-BC632BB701E6}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe FirewallRules: [{93AB5632-E9D3-4560-A541-E351A369AED6}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe FirewallRules: [{94867B7A-1660-4E1A-B788-945366AE176E}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe FirewallRules: [{64417A07-07AC-4D90-A90D-4B309C2FFC2C}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe FirewallRules: [{8774046B-DED0-4F79-9C2A-A96FD116D789}] => (Allow) C:\Program Files (x86)\AOL 9.5a\waol.exe FirewallRules: [{18EB4B57-7A90-437B-BAEC-4C32787FEB7C}] => (Allow) C:\Program Files (x86)\AOL 9.5a\waol.exe FirewallRules: [{46E89BD2-36BA-4330-A960-B3155DC2E715}] => (Allow) LPort=50000 FirewallRules: [{08A6A917-04D3-4586-9144-76123819BA49}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe FirewallRules: [{1C697B37-83C3-48D5-910F-CE740B01F394}] => (Allow) LPort=50001 FirewallRules: [{E843ECA5-B21B-4C98-A128-C2DBE4C542D5}] => (Allow) LPort=50001 FirewallRules: [{C2B5905E-DA77-43BE-B973-F211DEE1603A}] => (Allow) E:\setup\hpznui40.exe FirewallRules: [{229D25D9-FDA9-41FF-8FD2-9FFC41CE8467}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{AE14FDF1-8E8A-4ABE-8E97-793136C8C84E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{48A56CE6-2321-4866-8780-F7BA161972CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{83FCFC42-1B11-464F-AB39-B754B7B96E41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{6EF06E0B-35AC-4732-8DA2-8A70672234F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{F6284241-49EF-4FE2-B30D-2150A2ED5605}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{2D6BD8E0-C0D5-4CE2-BD75-D2869088D77A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{32A84450-3392-4F58-B1B1-C49EC8462854}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{7DEBF6B2-83B6-45CD-8AE1-4B7EC4D803B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{3BA0AC2D-3EE3-4113-9C58-3463CF093C38}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{9F454EC2-17AE-42D0-A353-C12DD7FBDB5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{3034BB4D-F12A-489D-9F10-CE2B62C8AC3B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{71D57DFA-44BB-4461-BCB8-A01DEFAC191F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [TCP Query User{2DD73E94-AE0F-4DB6-B2E1-E115B4032EF3}C:\program files (x86)\wildtangent games\games\tincanrace\tincan race.exe] => (Block) C:\program files (x86)\wildtangent games\games\tincanrace\tincan race.exe FirewallRules: [uDP Query User{50B71867-ECF0-4CFC-8097-DB077943A7D1}C:\program files (x86)\wildtangent games\games\tincanrace\tincan race.exe] => (Block) C:\program files (x86)\wildtangent games\games\tincanrace\tincan race.exe FirewallRules: [{EA8D8F6E-8350-4ACD-85A6-8930B204B175}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AAFB220C-FEFA-41D1-8A04-FC8DDF8DDF38}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Photosmart Premium C309g-m Description: Photosmart Premium C309g-m Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart Premium C309g-m Description: Photosmart Premium C309g-m Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2015 10:46:49 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 43.0.2357.124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1998 Start Time: 01d0a5e78570093d Termination Time: 13 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: efa3b163-11da-11e5-8820-00038a000015 Error: (06/12/2015 08:42:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program aoudkll.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b60 Start Time: 01d0a56f43cfdb1d Termination Time: 10 Application Path: C:\Users\12345\AppData\Local\aoudkll.exe Report Id: Error: (06/12/2015 08:24:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AppIntegrator64.exe, version: 1.0.7.247, time stamp: 0x554cdcc0 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137 Exception code: 0xc0000005 Fault offset: 0x0000000000051a60 Faulting process id: 0xb44 Faulting application start time: 0xAppIntegrator64.exe0 Faulting application path: AppIntegrator64.exe1 Faulting module path: AppIntegrator64.exe2 Report Id: AppIntegrator64.exe3 Error: (05/27/2015 09:55:57 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (05/16/2015 00:29:45 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (05/05/2015 08:20:26 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (04/28/2015 10:20:09 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (04/28/2015 10:14:26 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (02/17/2015 02:39:38 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (02/15/2015 05:06:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1040 Start Time: 01d04962bb06a73b Termination Time: 175 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: System errors: ============= Error: (06/16/2015 08:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HomeworkSimplifiedService service failed to start due to the following error: %%3 Error: (06/16/2015 08:52:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 for x64-based Systems (KB976932). Error: (06/16/2015 08:33:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/16/2015 08:31:03 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (06/16/2015 08:17:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/16/2015 08:14:10 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (06/16/2015 08:14:10 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (06/16/2015 08:14:10 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (06/16/2015 08:14:10 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (06/16/2015 07:58:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office: ========================= CodeIntegrity Errors: =================================== Date: 2015-06-16 20:31:03.375 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-06-16 20:31:03.035 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 59% Total physical RAM: 3003.19 MB Available physical RAM: 1214.63 MB Total Pagefile: 6004.52 MB Available Pagefile: 3984.18 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:285.31 GB) (Free:228.97 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:12.58 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (2G-3) (Removable) (Total:1.91 GB) (Free:1.78 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 8C232226) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=06) ==================== End of log ============================

Frst: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by 12345 (administrator) on 12345-PC on 16-06-2015 21:09:38 Running from F:\AV Softwares Loaded Profiles: 12345 (Available Profiles: 12345) Platform: Windows 7 Home Premium (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\IHAMCNotify.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2010-03-13] (Sun Microsystems, Inc.) HKLM\...\Run: [Verizon_McciTrayApp] => C:\Program Files\Verizon\McciTrayApp.exe [3432448 2010-03-17] (Alcatel-Lucent) HKLM\...\Run: [HomeworkSimplified Home Page Guard 64 bit] => "C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator64.exe" HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-237654137-635372401-2747628395-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.) HKU\S-1-5-21-237654137-635372401-2747628395-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom) HKU\S-1-5-21-237654137-635372401-2747628395-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-22] (Google Inc.) HKU\S-1-5-21-237654137-635372401-2747628395-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware) HKU\S-1-5-21-237654137-635372401-2747628395-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-13] (Microsoft Corporation) Startup: C:\Users\12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RESTORE_FILES_wepli.TXT [2015-05-16] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-12] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-08-01] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-237654137-635372401-2747628395-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-237654137-635372401-2747628395-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File SearchScopes: HKLM -> {2CC656BE-4C2D-4E5B-A49C-9036F99C0959} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2CC656BE-4C2D-4E5B-A49C-9036F99C0959} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-237654137-635372401-2747628395-1000 -> {2CC656BE-4C2D-4E5B-A49C-9036F99C0959} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-01] (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-16] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-13] (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-01] (AVAST Software) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-16] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation) BHO-x32: Toolbar BHO -> {e0f8558f-9d61-46ec-b986-65d0302cdb08} -> C:\PROGRA~2\HOMEWO~2\bar\1.bin\7ebar.dll No File BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-16] (Google Inc.) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.) Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-16] (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-16] (Google Inc.) Toolbar: HKU\S-1-5-21-237654137-635372401-2747628395-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File Toolbar: HKU\S-1-5-21-237654137-635372401-2747628395-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-16] (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-12] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-03-20] (Adobe Systems, Inc.) FF Plugin-x32: @HomeworkSimplified_7e.com/Plugin -> C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\NP7eStub.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-03-17] (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\17\NP_wtapp.dll [2014-11-27] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-28] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-21] FF HKU\S-1-5-21-237654137-635372401-2747628395-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (SoundDabble Installer Plugin Stub) - C:\Program Files (x86)\SoundDabble_2lEI\Installr\1.bin\NP2lEISB.dll No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll No File CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) CHR Profile: C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-22] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-22] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-22] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-22] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-06] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-27] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] CHR Extension: (No Name) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-22] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-12] (WildTangent) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed] R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-03-17] (Alcatel-Lucent) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) S2 HomeworkSimplified_7eService; No ImagePath ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] () S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-04-01] (LeapFrog) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 21:09 - 2015-06-16 21:09 - 00000000 ____D C:\FRST 2015-06-16 20:42 - 2015-06-16 20:42 - 00000000 ____D C:\Windows\system32\SPReview 2015-06-16 20:40 - 2015-06-16 20:40 - 00021113 _____ C:\ComboFix.txt 2015-06-16 20:00 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-16 20:00 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-16 20:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-16 20:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-16 20:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-16 20:00 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-16 20:00 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-16 20:00 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-16 19:58 - 2015-06-16 20:40 - 00000000 ____D C:\Qoobox 2015-06-16 19:57 - 2015-06-16 20:35 - 00000000 ____D C:\Windows\erdnt 2015-06-16 19:41 - 2015-06-16 19:47 - 00000000 ____D C:\AdwCleaner 2015-06-16 18:49 - 2015-06-16 19:28 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 79454dbe-1602-4022-a321-3fc135c8c982.job 2015-06-16 18:49 - 2015-06-16 19:28 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 585b1adf-238a-4e8a-a010-b46f510c0df8.job 2015-06-16 18:49 - 2015-06-16 18:49 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 79454dbe-1602-4022-a321-3fc135c8c982 2015-06-16 18:49 - 2015-06-16 18:49 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 585b1adf-238a-4e8a-a010-b46f510c0df8 2015-06-16 18:48 - 2015-06-16 18:48 - 00001768 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2015-06-16 18:48 - 2015-06-16 18:48 - 00000000 ____D C:\Users\12345\AppData\Roaming\SUPERAntiSpyware.com 2015-06-16 18:48 - 2015-06-16 18:48 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2015-06-16 18:48 - 2015-06-16 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-06-16 18:48 - 2015-06-16 18:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-06-16 16:56 - 2015-06-16 17:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-16 16:56 - 2015-06-16 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-16 16:56 - 2015-06-16 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-16 16:56 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-16 16:56 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-12 20:59 - 2015-05-22 12:47 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-12 20:59 - 2015-05-22 12:47 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-12 20:59 - 2015-05-22 12:47 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-12 20:59 - 2015-05-22 12:47 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-12 20:59 - 2015-05-22 12:47 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-12 20:59 - 2015-05-22 12:47 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-12 20:59 - 2015-05-22 12:42 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-12 20:59 - 2015-05-21 09:12 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 21:10 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-16 21:10 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-16 21:02 - 2010-04-06 17:00 - 01360845 _____ C:\Windows\WindowsUpdate.log 2015-06-16 20:56 - 2014-11-17 17:48 - 00000000 ____D C:\Users\12345\AppData\Roaming\Skype 2015-06-16 20:54 - 2013-11-15 19:51 - 00252338 _____ C:\Windows\PFRO.log 2015-06-16 20:54 - 2013-11-13 10:43 - 00015616 _____ C:\Windows\setupact.log 2015-06-16 20:54 - 2013-03-22 04:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-16 20:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-16 20:49 - 2012-06-18 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-16 20:35 - 2013-03-22 04:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-16 20:33 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini 2015-06-16 19:29 - 2013-03-21 19:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-06-16 18:48 - 2014-11-17 17:47 - 00000000 ____D C:\ProgramData\Skype 2015-06-16 18:43 - 2015-04-28 20:10 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleFor12345.job 2015-06-16 18:28 - 2010-06-17 21:51 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{73791F76-237F-4DB8-8195-EDD86154C2D8} 2015-06-16 17:52 - 2015-04-28 20:10 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor12345 2015-06-16 17:52 - 2010-06-13 01:34 - 00000000 ____D C:\Users\12345 2015-06-16 17:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system 2015-06-16 16:56 - 2012-06-21 23:18 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-16 16:56 - 2010-07-11 15:21 - 00000000 ____D C:\Users\12345\AppData\Roaming\Malwarebytes 2015-06-16 16:56 - 2010-07-11 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-16 16:56 - 2009-07-14 01:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-15 14:24 - 2014-12-19 17:25 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-15 14:24 - 2014-07-08 20:36 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-13 10:56 - 2013-08-18 00:39 - 00000000 ____D C:\Windows\system32\MRT 2015-06-13 10:48 - 2012-06-21 23:54 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-12 21:49 - 2012-06-18 10:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-12 21:49 - 2012-06-18 10:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-12 21:49 - 2012-02-01 06:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-12 21:05 - 2013-03-22 04:27 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-12 20:33 - 2013-08-30 13:48 - 00001077 _____ C:\Users\Public\Desktop\Vz In-Home Agent.lnk 2015-06-12 20:29 - 2013-03-22 04:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-06-12 20:29 - 2013-03-22 04:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-06-12 20:25 - 2010-08-08 15:08 - 00000000 ____D C:\Users\12345\AppData\Local\CrashDumps 2015-06-12 20:24 - 2015-05-16 20:01 - 00000232 _____ C:\Users\12345\Documents\RECOVERY_FILE.TXT 2015-05-27 21:45 - 2014-11-17 17:48 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2015-05-16 20:06 - 2015-05-16 20:06 - 0001342 _____ () C:\Program Files\HELP_RESTORE_FILES_wepli.TXT 2014-11-17 17:22 - 2014-11-17 17:22 - 6000640 _____ () C:\Program Files (x86)\GUT901F.tmp 2015-05-16 20:04 - 2015-05-16 20:04 - 0001342 _____ () C:\Program Files\Common Files\HELP_RESTORE_FILES_wepli.TXT 2015-05-16 20:09 - 2015-05-16 21:14 - 0001342 _____ () C:\Users\12345\AppData\Roaming\HELP_RESTORE_FILES_wepli.TXT 2010-06-13 01:39 - 2010-06-13 01:39 - 0000000 _____ () C:\Users\12345\AppData\Local\AtStart.txt 2014-06-25 22:52 - 2014-06-25 22:52 - 0003584 _____ () C:\Users\12345\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-06-13 01:39 - 2010-06-13 01:39 - 0000000 _____ () C:\Users\12345\AppData\Local\DSwitch.txt 2015-05-16 20:09 - 2015-05-16 21:14 - 0001342 _____ () C:\Users\12345\AppData\Local\HELP_RESTORE_FILES_wepli.TXT 2010-06-13 01:39 - 2010-06-13 01:39 - 0000000 _____ () C:\Users\12345\AppData\Local\QSwitch.txt 2015-05-16 20:01 - 2015-05-16 21:14 - 0000752 _____ () C:\Users\12345\AppData\Local\storage.bin 2010-06-13 01:39 - 2015-06-16 20:55 - 0000186 _____ () C:\ProgramData\HPWALog.txt 2013-09-28 20:14 - 2013-10-06 07:05 - 0002206 _____ () C:\ProgramData\hpzinstall.log 2010-04-06 17:14 - 2010-04-06 17:14 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-03-13 02:34 - 2010-03-13 02:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-04-06 17:13 - 2010-04-06 17:13 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-03-13 02:28 - 2010-03-13 02:29 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-04-06 17:13 - 2010-04-06 17:13 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-04-06 17:14 - 2010-04-06 17:14 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-03-13 02:28 - 2010-03-13 02:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-03-13 02:30 - 2010-03-13 02:33 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-04-06 17:14 - 2010-04-06 17:14 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-16 12:29 ==================== End of log ============================

Here's the mbam: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/16/2015 Scan Time: 5:19:52 PM Logfile: mbam.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.03.09.05 Rootkit Database: v2015.02.25.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: 12345 Scan Type: Threat Scan Result: Completed Objects Scanned: 354696 Time Elapsed: 20 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 2 PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebrstub.dll, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebrstub.dll, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], Registry Keys: 390 PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4d8aeb1d-4ed4-44ac-a039-4775b2575db0}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4d8aeb1d-4ed4-44ac-a039-4775b2575db0}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4d8aeb1d-4ed4-44ac-a039-4775b2575db0}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ToolbarProtector.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ToolbarProtector, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ToolbarProtector, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ToolbarProtector, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ToolbarProtector.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ToolbarProtector.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{bf6fdbb8-7cd5-402d-ab4f-e4f13d3490c8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{bf6fdbb8-7cd5-402d-ab4f-e4f13d3490c8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{bf6fdbb8-7cd5-402d-ab4f-e4f13d3490c8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6191571e-f7ee-47c3-b229-2dfac70db5d2}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6191571e-f7ee-47c3-b229-2dfac70db5d2}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6191571e-f7ee-47c3-b229-2dfac70db5d2}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.FeedManager.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.FeedManager, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.FeedManager, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.FeedManager, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.FeedManager.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.FeedManager.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLMenu.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLMenu, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLMenu, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLMenu, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLMenu.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLMenu.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{840ae8ae-d547-433e-985c-6bf6c74f5084}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{840ae8ae-d547-433e-985c-6bf6c74f5084}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{840ae8ae-d547-433e-985c-6bf6c74f5084}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.MultipleButton.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.MultipleButton, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.MultipleButton, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.MultipleButton, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.MultipleButton.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.MultipleButton.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ScriptButton.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ScriptButton, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ScriptButton, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ScriptButton, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ScriptButton.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ScriptButton.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1747ae4d-0a83-4336-84d4-48500bf1554f}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1747ae4d-0a83-4336-84d4-48500bf1554f}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1747ae4d-0a83-4336-84d4-48500bf1554f}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.PseudoTransparentPlugin, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.PseudoTransparentPlugin.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.PseudoTransparentPlugin.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{a85aca7e-5cd2-461b-877a-994ccccf491c}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{a85aca7e-5cd2-461b-877a-994ccccf491c}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{a85aca7e-5cd2-461b-877a-994ccccf491c}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ThirdPartyInstaller.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.ThirdPartyInstaller, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ThirdPartyInstaller, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ThirdPartyInstaller, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.ThirdPartyInstaller.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.ThirdPartyInstaller.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3efec319-72e8-42aa-ac38-8cf8a0661cdd}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3efec319-72e8-42aa-ac38-8cf8a0661cdd}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3efec319-72e8-42aa-ac38-8cf8a0661cdd}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLPanel.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65.HTMLPanel, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLPanel, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLPanel, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65.HTMLPanel.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FromDocToPDF_65.HTMLPanel.1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d5888ea6-a162-4fa8-8161-4c9ba32157a3}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{37a9b37f-105d-4f98-a7aa-c81c5b70e4f1}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{86BD37F5-5A63-41B5-AD68-580E88195218}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{93D4485E-5708-446D-A289-E50281F598C9}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A81616BA-028C-4E2F-A4D0-B24A4C9D8845}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{86BD37F5-5A63-41B5-AD68-580E88195218}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{93D4485E-5708-446D-A289-E50281F598C9}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A81616BA-028C-4E2F-A4D0-B24A4C9D8845}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{86BD37F5-5A63-41B5-AD68-580E88195218}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{93D4485E-5708-446D-A289-E50281F598C9}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A81616BA-028C-4E2F-A4D0-B24A4C9D8845}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{37a9b37f-105d-4f98-a7aa-c81c5b70e4f1}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{37a9b37f-105d-4f98-a7aa-c81c5b70e4f1}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.ToolbarProtector.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.ToolbarProtector, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.ToolbarProtector, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.ToolbarProtector, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.ToolbarProtector.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.ToolbarProtector.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D5888EA6-A162-4FA8-8161-4C9BA32157A3}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8a5c2047-4d53-499d-b218-c319580ad87f}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0406a5a7-7587-456f-b3bc-5fc7cb9098de}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{07C52F80-CF29-4897-B82C-AABF4B5F2519}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3084184F-4D82-4A10-9E89-E1AA367FF523}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E2B0742D-009A-4B53-960F-E7B88EFCF151}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{07C52F80-CF29-4897-B82C-AABF4B5F2519}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3084184F-4D82-4A10-9E89-E1AA367FF523}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E2B0742D-009A-4B53-960F-E7B88EFCF151}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{07C52F80-CF29-4897-B82C-AABF4B5F2519}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3084184F-4D82-4A10-9E89-E1AA367FF523}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E2B0742D-009A-4B53-960F-E7B88EFCF151}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0406a5a7-7587-456f-b3bc-5fc7cb9098de}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{0406a5a7-7587-456f-b3bc-5fc7cb9098de}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8A5C2047-4D53-499D-B218-C319580AD87F}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{eeb5bac0-4179-4783-af8f-ad58585643a3}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{62aab993-c466-4d4f-889d-721202930cea}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7CD1C1EE-3FAF-4824-9E8A-6DF4E60EDCFB}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7CD1C1EE-3FAF-4824-9E8A-6DF4E60EDCFB}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7CD1C1EE-3FAF-4824-9E8A-6DF4E60EDCFB}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{62aab993-c466-4d4f-889d-721202930cea}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{62aab993-c466-4d4f-889d-721202930cea}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEB5BAC0-4179-4783-AF8F-AD58585643A3}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d295c120-b76a-445b-ae5d-cd2e82b869e0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.DynamicBarButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.DynamicBarButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.DynamicBarButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.DynamicBarButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.DynamicBarButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.DynamicBarButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D295C120-B76A-445B-AE5D-CD2E82B869E0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5cb955d9-bf20-4418-93e1-919ee4c46293}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{46a58d54-3096-40c4-9c87-525b50952f6a}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E20B6AAB-0580-4937-B5B9-6B0A7348F7B0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EFF21214-7249-44DD-AC4A-A6903B983447}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E20B6AAB-0580-4937-B5B9-6B0A7348F7B0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EFF21214-7249-44DD-AC4A-A6903B983447}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E20B6AAB-0580-4937-B5B9-6B0A7348F7B0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EFF21214-7249-44DD-AC4A-A6903B983447}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{46a58d54-3096-40c4-9c87-525b50952f6a}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{46a58d54-3096-40c4-9c87-525b50952f6a}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.FeedManager.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.FeedManager, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.FeedManager, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.FeedManager, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.FeedManager.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.FeedManager.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5CB955D9-BF20-4418-93E1-919EE4C46293}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C8348B3E-10AA-477A-A615-0C96EAEBFE5D}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.HTMLMenu.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.HTMLMenu, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.HTMLMenu, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.HTMLMenu, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.HTMLMenu.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.HTMLMenu.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C8348B3E-10AA-477A-A615-0C96EAEBFE5D}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C8348B3E-10AA-477A-A615-0C96EAEBFE5D}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{88ef5149-a42b-4821-b8ae-7f3e715e5745}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{ffef1f2e-a4cb-4d0f-b5ef-5a4b6af0ad32}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3585CB12-CDA6-4DB0-B8C5-76AB019C3A6D}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A41FC8EF-79B1-457C-A3CA-429E80E8FDA6}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3585CB12-CDA6-4DB0-B8C5-76AB019C3A6D}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A41FC8EF-79B1-457C-A3CA-429E80E8FDA6}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3585CB12-CDA6-4DB0-B8C5-76AB019C3A6D}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A41FC8EF-79B1-457C-A3CA-429E80E8FDA6}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{ffef1f2e-a4cb-4d0f-b5ef-5a4b6af0ad32}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{ffef1f2e-a4cb-4d0f-b5ef-5a4b6af0ad32}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{88EF5149-A42B-4821-B8AE-7F3E715E5745}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{27eb7173-28c3-43c6-8853-afc9395f6ec3}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.MultipleButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.MultipleButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.MultipleButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.MultipleButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.MultipleButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.MultipleButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{27EB7173-28C3-43C6-8853-AFC9395F6EC3}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{519085a2-5b5f-4b5b-903f-0c67bdd0af6e}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{ccbc5281-43f5-4fc7-b1ca-ac1a73f34cbf}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5AA5DF76-E300-4C73-A38D-4AF284865594}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AD80F0A8-8D12-4F68-B278-872A69FFB159}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D3C3B863-09DD-44F1-BC3B-52930FDA1F4F}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5AA5DF76-E300-4C73-A38D-4AF284865594}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AD80F0A8-8D12-4F68-B278-872A69FFB159}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D3C3B863-09DD-44F1-BC3B-52930FDA1F4F}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5AA5DF76-E300-4C73-A38D-4AF284865594}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AD80F0A8-8D12-4F68-B278-872A69FFB159}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D3C3B863-09DD-44F1-BC3B-52930FDA1F4F}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{ccbc5281-43f5-4fc7-b1ca-ac1a73f34cbf}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{ccbc5281-43f5-4fc7-b1ca-ac1a73f34cbf}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.XMLSessionPlugin.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.XMLSessionPlugin, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.XMLSessionPlugin, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.XMLSessionPlugin, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.XMLSessionPlugin.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.XMLSessionPlugin.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{519085A2-5B5F-4B5B-903F-0C67BDD0AF6E}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{519085A2-5B5F-4B5B-903F-0C67BDD0AF6E}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3ed58d7d-16c8-4d35-9ce4-d7b72c086138}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{a468f9ee-98e2-41cf-a64f-24de57a3972f}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{718BBF15-E6D5-4955-B1A6-2B78C3E44FEC}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{718BBF15-E6D5-4955-B1A6-2B78C3E44FEC}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{718BBF15-E6D5-4955-B1A6-2B78C3E44FEC}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{a468f9ee-98e2-41cf-a64f-24de57a3972f}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{a468f9ee-98e2-41cf-a64f-24de57a3972f}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.RadioSettings.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.RadioSettings, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.RadioSettings, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.RadioSettings, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.RadioSettings.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.RadioSettings.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3ED58D7D-16C8-4D35-9CE4-D7B72C086138}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7b1d3085-5f5e-4b5e-9890-1164638a7d1b}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.Radio.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.Radio, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.Radio, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.Radio, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.Radio.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.Radio.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7B1D3085-5F5E-4B5E-9890-1164638A7D1B}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2eb6a406-a081-4468-8a59-06890f8cae92}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.ScriptButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.ScriptButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.ScriptButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.ScriptButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.ScriptButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.ScriptButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2EB6A406-A081-4468-8A59-06890F8CAE92}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{137eaf98-bc4e-40bf-b9a6-2d0a2811ac7a}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1270339e-d395-438d-971c-8e8fb74048bc}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{69E2105F-DD4A-4AD3-A2F2-2615912E3BAB}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C20D5461-3213-4C6A-8D9F-C786B05DAE25}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E71142EB-B29A-4E8C-8FE7-0D31FCAC9F38}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EC48E94B-C11A-4942-9E45-3466674C617C}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{69E2105F-DD4A-4AD3-A2F2-2615912E3BAB}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C20D5461-3213-4C6A-8D9F-C786B05DAE25}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E71142EB-B29A-4E8C-8FE7-0D31FCAC9F38}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EC48E94B-C11A-4942-9E45-3466674C617C}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{69E2105F-DD4A-4AD3-A2F2-2615912E3BAB}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C20D5461-3213-4C6A-8D9F-C786B05DAE25}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E71142EB-B29A-4E8C-8FE7-0D31FCAC9F38}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EC48E94B-C11A-4942-9E45-3466674C617C}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1270339e-d395-438d-971c-8e8fb74048bc}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1270339e-d395-438d-971c-8e8fb74048bc}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.PseudoTransparentPlugin.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.PseudoTransparentPlugin, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.PseudoTransparentPlugin, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.PseudoTransparentPlugin, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.PseudoTransparentPlugin.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.PseudoTransparentPlugin.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{137EAF98-BC4E-40BF-B9A6-2D0A2811AC7A}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{137EAF98-BC4E-40BF-B9A6-2D0A2811AC7A}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5ecbd33b-16f4-4486-9fc6-21bbbaf2382d}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5ECBD33B-16F4-4486-9FC6-21BBBAF2382D}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{bc412c9d-834e-4c3c-bd3c-dfd15b78b3e0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC412C9D-834E-4C3C-BD3C-DFD15B78B3E0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC412C9D-834E-4C3C-BD3C-DFD15B78B3E0}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{381ae2be-7bd7-4108-9ba9-cba5fa22383e}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6468c3fe-6ce3-4b17-8356-b6b0b6497d42}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1E445483-3C8B-4892-96E6-30E58364D147}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1EA318C6-990E-4D6C-8A37-2AAE403A6E33}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1E445483-3C8B-4892-96E6-30E58364D147}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1EA318C6-990E-4D6C-8A37-2AAE403A6E33}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1E445483-3C8B-4892-96E6-30E58364D147}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1EA318C6-990E-4D6C-8A37-2AAE403A6E33}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6468c3fe-6ce3-4b17-8356-b6b0b6497d42}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6468c3fe-6ce3-4b17-8356-b6b0b6497d42}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.ThirdPartyInstaller.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.ThirdPartyInstaller, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.ThirdPartyInstaller, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.ThirdPartyInstaller, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.ThirdPartyInstaller.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.ThirdPartyInstaller.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{381AE2BE-7BD7-4108-9BA9-CBA5FA22383E}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{381AE2BE-7BD7-4108-9BA9-CBA5FA22383E}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{a7b45bf7-09e9-4068-8114-151b3945bef5}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.UrlAlertButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.UrlAlertButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.UrlAlertButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.UrlAlertButton, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.UrlAlertButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.UrlAlertButton.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A7B45BF7-09E9-4068-8114-151B3945BEF5}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5519ace3-3d08-45c3-89af-bde45ad8add2}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{bf0c0f5e-4891-4299-a767-3dd0bc9a1272}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2C840227-7639-4DBC-90CE-E6FED8487FBA}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B3499C76-47AD-4B17-93D1-13B7704D6AFC}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2C840227-7639-4DBC-90CE-E6FED8487FBA}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B3499C76-47AD-4B17-93D1-13B7704D6AFC}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2C840227-7639-4DBC-90CE-E6FED8487FBA}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B3499C76-47AD-4B17-93D1-13B7704D6AFC}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{bf0c0f5e-4891-4299-a767-3dd0bc9a1272}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{bf0c0f5e-4891-4299-a767-3dd0bc9a1272}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.HTMLPanel.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.HTMLPanel, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.HTMLPanel, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.HTMLPanel, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.HTMLPanel.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\HomeworkSimplified_7e.HTMLPanel.1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5519ACE3-3D08-45C3-89AF-BDE45AD8ADD2}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5519ACE3-3D08-45C3-89AF-BDE45AD8ADD2}, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5ea18aee-7595-4362-80bc-4ddea3814537}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{49d4394c-0c0e-4411-8c5b-92463d71a729}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D24538B-6433-489D-A4D8-377B1A2A36A3}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{589C7C4D-C0F9-4371-A28F-F54CF31F7F2C}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D24538B-6433-489D-A4D8-377B1A2A36A3}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{589C7C4D-C0F9-4371-A28F-F54CF31F7F2C}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D24538B-6433-489D-A4D8-377B1A2A36A3}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{589C7C4D-C0F9-4371-A28F-F54CF31F7F2C}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{49d4394c-0c0e-4411-8c5b-92463d71a729}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{49d4394c-0c0e-4411-8c5b-92463d71a729}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\SoundDabble_2lInstaller.Start.1, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\SoundDabble_2lInstaller.Start, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoundDabble_2lInstaller.Start, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SoundDabble_2lInstaller.Start, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoundDabble_2lInstaller.Start.1, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SoundDabble_2lInstaller.Start.1, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5EA18AEE-7595-4362-80BC-4DDEA3814537}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKU\S-1-5-21-237654137-635372401-2747628395-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5EA18AEE-7595-4362-80BC-4DDEA3814537}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5EA18AEE-7595-4362-80BC-4DDEA3814537}, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], Registry Values: 0 (No malicious items detected) Registry Data: 1 PUP.Optional.AskWebSearch, HKU\S-1-5-21-237654137-635372401-2747628395-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://home.tb.ask.com/index.jhtml?n=781B3F63&p2=^Y6^xdm003^YYA^us&ptb=248C49AE-54BF-4972-8858-3E4CAEE8DF5D&si=CPztj5G6x8UCFQoSHwodfEEASA, Good: (www.google.com), Bad: (http://home.tb.ask.com/index.jhtml?n=781B3F63&p2=^Y6^xdm003^YYA^us&ptb=248C49AE-54BF-4972-8858-3E4CAEE8DF5D&si=CPztj5G6x8UCFQoSHwodfEEASA),Replaced,[ef8a73d097f344f27b9331b0d82d9769] Folders: 78 PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\bar, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\dialog, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\chrome, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\ThirdPartyInstallers, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\assists, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\gen1, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\Message, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\Settings, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\css, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\fonts, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\js, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\swf, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\css, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\fonts, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\js, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\swf, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\js, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\chrome, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\ThirdPartyInstallers, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\gen1, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\IE9Mesg, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\Message, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\Settings, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\js, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Program Files (x86)\SoundDabble_2lEI, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, C:\Program Files (x86)\SoundDabble_2lEI\Installr, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, C:\Program Files (x86)\SoundDabble_2lEI\Installr\1.bin, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, C:\Program Files (x86)\SoundDabble_2lEI\Installr\1.bin\chrome, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\History, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Settings, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65EI, Quarantined, [0a6fbe850b7fdd59bd35df9aa95a669a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65EI\Installr, Quarantined, [0a6fbe850b7fdd59bd35df9aa95a669a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65EI\Installr\Cache, Quarantined, [0a6fbe850b7fdd59bd35df9aa95a669a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\History, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Settings, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.AppGraffiti, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti, Quarantined, [067345fe6c1e6ec83b0eaadf05feb749], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\Chrome, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\components, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Local\ArcadeWeb, Quarantined, [e693ea592169ce687af8f7a6f013a25e], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeWeb, Quarantined, [f48575ce5832d46292e1693408fb6a96], Files: 439 PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bprtct.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65datact.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk64.dll, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65feedmg.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65highin.exe, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65htmlmu.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65httpct.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65idle.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65mlbtn.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65Plugin.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regiet.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65script.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skin.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skplay.exe, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65tpinst.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\ASSISTMONITOR.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\ASSISTMONITOR64.DLL, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\BOOTSTRAP.JS, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CREXT.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExtP65.exe, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\DPNMNGR.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\FF-NativeMessagingDispatcher.dll, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\HKFXMGR64.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\INSTALLENABLER.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\installKeys.js, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\LOGO.BMP, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EPMSUP.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTEX.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8HTML.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8RES.DLL, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8TICKER.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\TOOLBARGUARD64.DLL, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\TPIMANAGERCONSOLE.EXE, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\VERIFY.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\ARBITER.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\ARBITER64.DLL, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\bar\ASSIST.EXE, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\bar\CONFIG.XML, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\dialog\ASSIST.EXE, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\APA\dialog\CONFIG.XML, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL, Delete-on-Reboot, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable\ARBITER.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable\ARBITER64.DLL, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\assists\ie_enable\CONFIG.XML, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\assists\COMMON.T8S, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\gen1\COMMON.T8S, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\Message\COMMON.T8S, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65\bar\Settings\s_pid.dat, Quarantined, [780151f21e6cf34305714d25788bc63a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\UrlFolderExtension.uf1, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\UrlFolderExtension.ufm, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\App.html, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\Background.html, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\lang-en.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\manifest.json.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\css\App.min.css.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\css\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\css\nl.css.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\css\PDFConverter.css.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\fonts\cabin.eot, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\fonts\cabin.woff, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\fonts\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\ArrowConverting.gif, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\DocToPDF.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\DocToPDF.ico, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\DocToPDF.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\icon.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\icon.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\logo.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\logo.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\PageToPDF.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\PageToPDF.ico, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\PageToPDF.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\PDFToDOC.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\PDFToDOC.ico, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\PDFToDOC.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\pdf_rate.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\rateUISprite.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\spinner.gif, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\images\sprite.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\js\Background.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\js\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\js\Review.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\js\Widget.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\swf\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\swf\UploadButton.swf, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\3028bdbb7a9aca62d66ef8719b75b93b8473bf3f\1.2.7\swf\UploadButtonIE6.swf, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\App.html, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\Background.html, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\lang-en.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\manifest.json.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\css\App.min.css.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\css\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\css\nl.css.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\css\PDFConverter.css.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\fonts\cabin.eot, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\fonts\cabin.woff, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\fonts\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\ArrowConverting.gif, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\DocToPDF.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\DocToPDF.ico, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\DocToPDF.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\icon.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\icon.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\logo.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\logo.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\PageToPDF.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\PageToPDF.ico, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\PageToPDF.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\PDFToDOC.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\PDFToDOC.bmp,hot,flags=none.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\PDFToDOC.ico, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\PDFToDOC.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\pdf_rate.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\rateUISprite.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\spinner.gif, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\images\sprite.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\js\Background.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\js\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\js\Review.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\js\Widget.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\swf\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\swf\UploadButton.swf, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\7a4bf2afb464bdbef98bc8110582aee93fa811e5\1.2.7\swf\UploadButtonIE6.swf, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\background.html, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\lang-en.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\manifest.json.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo-unbranded.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo-unbranded.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\logo.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddyLogo.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddyLogo.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddy_SpeechBubble.bmp, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\images\TranslationBuddy_SpeechBubble.png.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\js\Background.js.exx, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\FromDocToPDF_65\9df238df22677b09b4c439018fbd136cc469293a\1.1.1\js\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f6836ad961291b1bb7c080f229da0ef2], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eauxstb.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebprtct.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebrstub.dll, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7edatact.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7edlghk.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7edyn.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7efeedmg.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ehighin.exe, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ehkstub.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ehtmlmu.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ehttpct.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eidle.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eieovr.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eimpipe.exe, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7emedint.exe, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7emlbtn.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7emsg.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ePlugin.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eradio.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eregfft.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ereghk.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eregiet.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7escript.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eskin.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eskplay.exe, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7etpinst.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7euabtn.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\AppIntegratorStub64.dll, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\BOOTSTRAP.JS, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\CHROME.MANIFEST, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\CREXT.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\CrExtP7e.exe, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\DPNMNGR.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\EXEMANAGER.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\Hpg64.dll, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\INSTALL.RDF, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\installKeys.js, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\LOGO.BMP, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\NP7eStub.dll, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\T8EXTEX.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\T8EXTPEX.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\T8HTML.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\T8RES.DLL, Delete-on-Reboot, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\T8TICKER.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\VERIFY.DLL, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\chrome\7effxtbr.jar, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\gen1\COMMON.T8S, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\IE9Mesg\COMMON.T8S, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\Message\COMMON.T8S, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Program Files (x86)\HomeworkSimplified_7e\bar\Settings\s_pid.dat, Quarantined, [413802415b2fe353c6fecea529dae917], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\UrlFolderExtension.uf1, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\UrlFolderExtension.ufm, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\background.html, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\lang-en.js.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\manifest.json.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\reminder.html, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\window.html, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\App-homework.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\App-homework.min.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\App-utilitychest.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\App-utilitychest.min.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\de.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\fr.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\it.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\nl.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\Reminder-homework.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\Reminder-homework.min.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\Reminder-utilitychest.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\css\Reminder-utilitychest.min.css.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\Offside-Regular.eot, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\Offside-Regular.woff, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\RobotoCondensed-Light.eot, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\RobotoCondensed-Light.woff, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\RobotoCondensed-Regular.eot, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\RobotoCondensed-Regular.woff, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\StintUltraCondensed-Regular.eot, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\font\StintUltraCondensed-Regular.woff, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\alert_body.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\alert_footer.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\alert_header.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\bg_body_empty.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\bg_foot.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\bg_header_shadow.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\bg_prompt.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_add.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_cancel.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_completed_off.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_delete.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_edit.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_no.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_remove_off.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_save.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_x.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_x_header.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_x_reminder_alert.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\btn_yes.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\calendar_left.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\calendar_right.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\duedate_header.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\eraser.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\header.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\header_duedate.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\header_duedate_asc.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\header_duedate_desc.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\header_duedate_noorder.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\header_maintitle2.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\header_reminder.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\icon.bmp, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\icon.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\icon_calendar_listing.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\icon_reminder_listing.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\pencil.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\rateUISprite.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\remind_dd_arrow.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\remind_dp.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\remind_header.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\images\homework\utility_rate.png.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\js\Background.js.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\js\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\js\Reminder.js.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\js\Review.js.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\Local\HomeworkSimplified_7e\b390813b53d513be0d20050dd825236e8d588fd0\1.1.6\js\Widget.js.exx, Quarantined, [90e90142e5a5e650685de98ad62d2fd1], PUP.Optional.MindSpark.A, C:\Program Files (x86)\SoundDabble_2lEI\Installr\1.bin\2lEIPlug.dll, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, C:\Program Files (x86)\SoundDabble_2lEI\Installr\1.bin\2lEZSETP.dll, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, C:\Program Files (x86)\SoundDabble_2lEI\Installr\1.bin\NP2lEISb.dll, Quarantined, [5a1f1e25b7d30d298c5d91e5a85b1ae6], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\btmarrow.png.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\closebtn.png.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\config.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\dispatch.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\index.htm, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\infobar.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\jquery.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\localizedStrings.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\overlay.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\pid.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\qstring.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\toolbar.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\yellowbg_100.png.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\yellowbg_125.png.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\yellowbg_150.png.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\zEnable.css.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\zEnable.htm, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Assists\COMMON\zEnable.js.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC1C3, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC423, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC53C.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC645.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC73F.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC7CB.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC8D4.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DC9AF.cab, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DD082.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DD17C.cab, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DD5CF.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DD6C9.cab, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DD84F.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DD90A.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\020DDA90.bmp, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\files.ini, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Cache\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\History\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\History\search3, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Settings\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Settings\prevcfg2.htm, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Settings\s_ienblo.dat, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Settings\ToolbarStructure.json, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65\bar\Settings\ToolbarStructure.json.exx, Quarantined, [0d6cfa499eec9b9b31c1f4857093dd23], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65EI\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0a6fbe850b7fdd59bd35df9aa95a669a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65EI\Installr\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0a6fbe850b7fdd59bd35df9aa95a669a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\FromDocToPDF_65EI\Installr\Cache\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [0a6fbe850b7fdd59bd35df9aa95a669a], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\000233FA.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\000236D8.cab, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206DFCD, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E05A.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E0B7.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E115.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E163.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E1FF.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E29B.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E318.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E395.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E411.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\0206E559.bmp, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\files.ini, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\History\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\History\search3, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\btmarrow.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\cancel.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\config.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\continue.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\dispatch.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\divider.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\gcancel.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\index.htm, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\infobar.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\ldb.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\ldbg.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lddg.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lff.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lffb.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lg.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lgs.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lgw.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lha.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lobm.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\loryte.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lpss.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lqc.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lrb.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lrg.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lrr.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lsc.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lscr.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lsi.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\la.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lbcs.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lbms.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lca.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lcfc.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lcm.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lcs.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lcso.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lctn.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lia.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\liwon.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lkazulah.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lmd.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lmfc.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lmh.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lmma.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lmosh.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lmwf.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lmws.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lssd.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\ltrs.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\ltvf.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lvs.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lwb.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lwf.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lzwinky.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\ok.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\overlay.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\pid.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\qstring.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\shield.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\spacer.swf, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\toolbar.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\yelgrey.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\yellowbg.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\zEnable.css.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\zEnable.htm, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\zEnable.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\jquery.js.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\ie9mesg\COMMON\lhp.png.exx, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Settings\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Settings\prevcfg2.htm, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.MindSpark.A, C:\Users\12345\AppData\LocalLow\HomeworkSimplified_7e\bar\Settings\s_ie9mrd.dat, Quarantined, [5f1aa59e4e3c1026bb5785f57e855da3], PUP.Optional.AppGraffiti, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti\Uninstall AppGraffiti.lnk, Quarantined, [067345fe6c1e6ec83b0eaadf05feb749], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\chrome.manifest, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\install.rdf, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\Chrome\awtextlinks.jar, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\Chrome\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\components\arcadewebfirefox.dll, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\components\arcadewebfirefox.xpt, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\components\AWextension.js.exx, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com\components\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [79009ea51278b581eb842f6e5fa4be42], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Local\ArcadeWeb\awuper.exe, Quarantined, [e693ea592169ce687af8f7a6f013a25e], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Local\ArcadeWeb\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [e693ea592169ce687af8f7a6f013a25e], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeWeb\HELP_RESTORE_FILES_wepli.TXT, Quarantined, [f48575ce5832d46292e1693408fb6a96], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeWeb\Play More Games Online.lnk, Quarantined, [f48575ce5832d46292e1693408fb6a96], PUP.Optional.ArcadeWeb.A, C:\Users\12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeWeb\Remove ArcadeWeb.lnk, Quarantined, [f48575ce5832d46292e1693408fb6a96], Physical Sectors: 0 (No malicious items detected) (end)

I tried mbam, sas, adwcleaner and combofix on this hp win7 laptop, it generates this log posted below and the attached screenshot shows what is showing on the desktop, help please? All your documents, photos, databases and other important files have been encrypted with strongest encryption RSA-2048 key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. If you see the main encryptor red window, examine it and follow the instructions. Otherwise, it seems that you or your antivirus deleted the encryptor program. Now you have the last chance to decrypt your files. Open in your browser one of the links: https://www.reomesoess.com http://tlunjscxn5n76iyz.foi48wmc5de44.com https://tlunjscxn5n76iyz.tor2web.blutmagie.de They are public gates to the secret server. Copy and paste the following Bitcoin address in the input form on server. Avoid missprints. 1BvP863tKWngZBp7w7cgvFAuuD45v7eYJq Follow the instructions on the server. If you have problems with gates, use direct connection: 1. Download Tor Browser from http://torproject.org 2. In the Tor Browser open the http://tlunjscxn5n76iyz.onion/ Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable. Copy and paste the following Bitcoin address in the input form on server. Avoid missprints. 1BvP863tKWngZBp7w7cgvFAuuD45v7eYJq Follow the instructions on the server.

Hey guys, on startup there is always this prompt below which I have to click ok to close, any way to prevent that prompt please? Windows- registry recovery One of the files containing the system's registry data had to be recovered bu use of a log or alternate copy. The recovery was successful.

Can't get anything to work for this pete so I am moving this to the XP forum, appreciate the help!

ok, will do, thanks, will let you know

The other account stuff did not work.

Completing the hardware wizard worked, thanks, got to work on the prompt now.

Ok, while I update Java, this is the screenshot of both issues.

That worked Pete, thanks! However, I am having 2 issues, same registry prompt and now the "Found New Hardware" wizard shows on startup and I have to click 2 times to close it, if these 2 issues are not malware related should I post in the XP forum?

Oh, git, for some reason there is a star-shaped icon next to the bookmark icon which is the save option.

RK did not auto open and save a report on the first run so I ran it again and this is that log; RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Administrator [Administrator] Started from : C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe Mode : Scan -- Date : 06/15/2015 19:11:45 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541616J9SA00 +++++ --- User --- [MBR] 9213bfc24bea0f80cceed66db9d79567 [bSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 145439 MB [Windows XP Bootstrap | Windows XP Bootloader] 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 297861165 | Size: 2047 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SMI USB DISK USB Device +++++ --- User --- [MBR] 41b27a057e712e68a6461a1fe5230277 [bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 496 | Size: 1959 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_06152015_190419.log

Ok, thanks, have a good night. Here's the reports, Rkill 2.6.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2015 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/15/2015 08:34:03 AM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\WINDOWS\System32\WLTRYSVC.EXE (PID: 1560) [WD-HEUR] * C:\WINDOWS\System32\bcmwltry.exe (PID: 1580) [WD-HEUR] * C:\WINDOWS\system32\PSIService.exe (PID: 1484) [WD-HEUR] * C:\WINDOWS\system32\WLTRAY.exe (PID: 1960) [WD-HEUR] * C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7U6EJ.tmp\mbam-setup-2.0.2.1012.tmp (PID: 5376) [sUP-HEUR] 5 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 07:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig] +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 07:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/10/2004 07:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl] +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 07:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 06/15/2015 08:35:28 AM Execution time: 0 hours(s), 1 minute(s), and 24 seconds(s)

Yes, I had looked at the bookmark icon options and right-clicked on it too, that save option is nowhere to be found.

2 problems after doing the above, that prompt still comes up and in order to run the net repair adapter, I need to first install netframework 4.0 but that won't run because "does not apply or is being blocked by another condition on your computer"?

Net problem still there, I am going into safe mode now to try the Netadapter. BTW, on startup there is always this prompt below which I have to click ok to close, any way to prevent that prompt please? Windows- registry recovery One of the files containing the system's registry data had to be recovered bu use of a log or alternate copy. The recovery was successful. Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015 Ran by Administrator at 2015-06-15 16:51:36 Run:1 Running from E:\AV Softwares Loaded Profiles: Administrator (Available Profiles: Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** (Ask) C:\Program Files\Ask.com\Updater\Updater.exe HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask) HKLM\...\Run: [] => [X] SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...8gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...8gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/myweb...n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/myweb...n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/myweb...n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [Not Found] S4 IntelIde; No ImagePath S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X] S3 UIUSys; system32\drivers\UIUSys.sys [X] U1 WS2IFSL; No ImagePath CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe/UA 9.5 /DDV 0x1000SYSTEMCreated by NetScheduleJobAdd.0Üÿÿÿ�ÿ5�H!Œ©Ë¼2ÊÁ̃صøÚ yý5j¶áS“¡nc÷Ô.qZ Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At6.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At7.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At8.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe StandardProfile\AuthorizedApplications: [C:\Program Files\FrostWire 5\FrostWire.exe] => Enabled:FrostWire C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job C:\Windows\Tasks\At7.job C:\Windows\Tasks\At8.job C:\WINDOWS\Tasks\At*.job C:\Documents and Settings\Administrator\Local Settings\Temp\AdobeUpdater12345.exe C:\Program Files\Ask.com C:\Program Files\FrostWire 5 CMD: ipconfig /flushdns EmptyTemp: Hosts: ***************** C:\Program Files\Ask.com\Updater\Updater.exe => No running process found HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WPDShServiceObj => value removed successfully. HKLM\Software\Classes\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5} => key not found. HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => key removed successfully. HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found. "HKU\S-1-5-21-1454471165-688789844-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => key removed successfully. HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found. "HKU\S-1-5-21-1454471165-688789844-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully. HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found. HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found. HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully. "HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully. "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully. HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found. HKCR\CLSID\Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. "HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin" => key removed successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => key removed successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk" => key removed successfully. IntelIde => Service removed successfully. OMCI => Service removed successfully. UIUSys => Service removed successfully. WS2IFSL => Service removed successfully. HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} => key not found. "HKU\S-1-5-21-1454471165-688789844-839522115-500_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" => key removed successfully. C:\WINDOWS\Tasks\At1.job => moved successfully. C:\WINDOWS\Tasks\At2.job => moved successfully. C:\WINDOWS\Tasks\At3.job => moved successfully. C:\WINDOWS\Tasks\At4.job => moved successfully. C:\WINDOWS\Tasks\At5.job => moved successfully. C:\WINDOWS\Tasks\At6.job => moved successfully. C:\WINDOWS\Tasks\At7.job => moved successfully. C:\WINDOWS\Tasks\At8.job => moved successfully. C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => moved successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire 5\FrostWire.exe => value removed successfully. "C:\Windows\Tasks\At1.job" => File/Folder not found. "C:\Windows\Tasks\At2.job" => File/Folder not found. "C:\Windows\Tasks\At3.job" => File/Folder not found. "C:\Windows\Tasks\At4.job" => File/Folder not found. "C:\Windows\Tasks\At5.job" => File/Folder not found. "C:\Windows\Tasks\At6.job" => File/Folder not found. "C:\Windows\Tasks\At7.job" => File/Folder not found. "C:\Windows\Tasks\At8.job" => File/Folder not found. "C:\WINDOWS\Tasks\At*.job" => File/Folder not found. C:\Documents and Settings\Administrator\Local Settings\Temp\AdobeUpdater12345.exe => moved successfully. C:\Program Files\Ask.com => moved successfully. "C:\Program Files\FrostWire 5" => File/Folder not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully. Hosts restored successfully. EmptyTemp: => 614.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 16:55:57 ====

For some reason frst had run 3 times in succession, I had to use task manager to end the processes. I just ran it again and here's the log and yes, net works in safe mode: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Administrator (administrator) on OWNER-35308C001 on 15-06-2015 15:45:27 Running from E:\AV Softwares Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 7 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.) HKLM\...\Run: [sigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM\...\Run: [dlebmon.exe] => C:\Program Files\Dell P513w\dlebmon.exe [766632 2009-07-10] () HKLM\...\Run: [EzPrint] => C:\Program Files\Dell P513w\ezprint.exe [139944 2009-07-10] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2007-03-21] (Corel, Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk [2012-03-05] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2010-07-20] ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77c09f4f&ptnrs=zxxdm0028gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869 SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30] (Adobe Systems Incorporated) BHO: HP Smart Print BHO -> {1658D3A1-9E13-4196-A82A-D70D70880F36} -> C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2011-05-13] (Hewlett-Packard) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL No File BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-26] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-15] (Google Inc.) BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation) BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-26] (Oracle Corporation) Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation) Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] () FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-06] FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-03-05] FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-03-05] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-06-16] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-18] Chrome: ======= CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com) S2 dlebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dlebserv.exe [98984 2009-07-01] () S2 dleb_device; C:\WINDOWS\system32\dlebcoms.exe [602792 2009-07-01] ( ) S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-02-26] (Oracle Corporation) S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed] S2 N360; C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation) S2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) S2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed] S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-13] (Broadcom Corporation) S1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-06-06] (Symantec Corporation) S1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1503000.00C\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation) S1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation) S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed] S3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-04-25] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-04-25] (Symantec Corporation) S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.) S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.) S3 IDSxpx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140608.001\IDSxpx86.sys [383120 2014-06-08] (Symantec Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-15] (Malwarebytes Corporation) S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed] S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVENG.SYS [93272 2014-06-10] (Symantec Corporation) S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVEX15.SYS [1612376 2014-06-10] (Symantec Corporation) R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-08-30] (Sonic Solutions) [File not signed] S1 RapportCerberus_34302; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [228208 2012-04-26] () S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-06-11] (Trusteer Ltd.) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation) S1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1503000.00C\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation) S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R0 SymDS; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation) S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-03-18] (Symantec Corporation) S1 SymIRON; C:\WINDOWS\system32\drivers\N360\1503000.00C\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation) S1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation) S4 IntelIde; No ImagePath S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 UIUSys; system32\drivers\UIUSys.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-15 15:42 - 2015-06-15 15:42 - 00000000 ____D C:\WINDOWS\CSC 2015-06-15 11:32 - 2015-06-15 15:45 - 00000000 ____D C:\FRST 2015-06-15 11:09 - 2015-06-15 11:09 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk 2015-06-15 11:09 - 2015-06-15 11:09 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b21ca5fd-2366-45e6-acf4-a818aefb29bd.job 2015-06-15 11:09 - 2015-06-15 11:09 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 20c0a1cd-4c5a-4e94-99d9-f96f7a34726a.job 2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware 2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2015-06-15 10:31 - 2015-06-15 10:32 - 00000000 ____D C:\AdwCleaner 2015-06-15 10:11 - 2015-06-15 10:29 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-06-15 10:11 - 2015-06-15 10:11 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-15 10:11 - 2015-06-15 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-15 10:11 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-15 10:11 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-15 08:34 - 2015-06-15 08:35 - 00003954 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt 2015-06-15 08:30 - 2015-06-15 10:11 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-15 08:30 - 2015-06-15 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-06-14 00:18 - 2015-06-14 00:18 - 00000000 ____D C:\521519963b55f54fc969de ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-15 15:45 - 2010-03-27 18:18 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-06-15 11:44 - 2010-03-27 18:18 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt 2015-06-15 11:44 - 2010-03-27 18:18 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-06-15 11:44 - 2010-03-27 18:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-15 11:44 - 2010-03-27 18:10 - 01085084 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-15 11:44 - 2010-03-27 09:57 - 00000275 _____ C:\WINDOWS\wiadebug.log 2015-06-15 11:44 - 2010-03-27 09:57 - 00000049 _____ C:\WINDOWS\wiaservc.log 2015-06-15 11:41 - 2011-03-05 20:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-15 11:40 - 2012-10-17 11:10 - 00000250 _____ C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job 2015-06-15 11:01 - 2012-03-05 06:16 - 00000348 _____ C:\WINDOWS\Tasks\HP Photo Creations Messager.job 2015-06-15 10:29 - 2010-03-27 18:07 - 00000000 ____D C:\WINDOWS\Registration 2015-06-15 10:28 - 2014-07-19 14:50 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-06-15 10:28 - 2011-04-02 22:37 - 00112417 _____ C:\Documents and Settings\All Users\dlebscan.log 2015-06-15 10:28 - 2011-03-05 20:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-15 10:28 - 2010-08-05 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979559_0$ 2015-06-15 10:26 - 2012-02-01 14:39 - 00000000 ____D C:\Program Files\Coupons.com 2015-06-15 10:26 - 2012-02-01 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Coupons.com 2015-06-15 10:11 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At5.job 2015-06-15 10:10 - 2012-03-05 06:15 - 00000460 _____ C:\WINDOWS\Tasks\At1.job 2015-06-15 09:34 - 2011-04-02 22:54 - 00667449 _____ C:\Documents and Settings\All Users\dleb.log 2015-06-15 08:50 - 2010-09-10 14:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973687$ 2015-06-15 08:08 - 2011-09-24 12:50 - 00544377 _____ C:\WINDOWS\setupapi.log 2015-06-15 07:54 - 2004-08-10 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-13 20:40 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At6.job 2015-06-13 20:40 - 2012-03-05 06:15 - 00000460 _____ C:\WINDOWS\Tasks\At2.job 2015-06-13 19:11 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At7.job 2015-06-13 14:00 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At8.job 2015-06-13 14:00 - 2012-03-05 06:15 - 00000460 _____ C:\WINDOWS\Tasks\At4.job ==================== Files in the root of some directories ======= 2010-11-28 20:06 - 2010-11-28 20:06 - 0003584 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-03-27 18:23 - 2010-03-27 18:23 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat 2011-05-20 08:37 - 2012-02-15 09:08 - 0001940 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini 2011-04-02 22:54 - 2015-06-15 09:34 - 0667449 _____ () C:\Documents and Settings\All Users\dleb.log 2011-04-02 22:55 - 2012-03-02 11:08 - 0052292 _____ () C:\Documents and Settings\All Users\dlebJSW.log 2011-04-02 22:37 - 2015-06-15 10:28 - 0112417 _____ () C:\Documents and Settings\All Users\dlebscan.log 2011-06-02 07:56 - 2011-06-02 07:56 - 0000000 _____ () C:\Documents and Settings\All Users\LxWbGwLog.log 2011-04-02 22:32 - 2011-04-02 22:32 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job C:\Windows\Tasks\At7.job C:\Windows\Tasks\At8.job Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\AdobeUpdater12345.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================

It was there in FF but now I can't ind it anywhere?

So sorry guys, I should have posted this in the malware forum, any mod here can you please move this thread with my apologies please?

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015 Ran by Administrator at 2015-06-15 11:38:30 Running from E:\AV Softwares Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1454471165-688789844-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-1454471165-688789844-839522115-1003 - Limited - Enabled) Guest (S-1-5-21-1454471165-688789844-839522115-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1454471165-688789844-839522115-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1454471165-688789844-839522115-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Premier Edition (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 Premier Edition (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated) Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKU\S-1-5-21-1454471165-688789844-839522115-500\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.261-060523a1-033841C-Dell - ) Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation) Bing Bar Platform (Version: 6.3.2291.0 - Microsoft Corporation) Hidden Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.06.11 - Broadcom Corporation) Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - ) Corel Snapfire muvee autoProducer add-on (HKLM\...\{72470D12-2CCA-4324-AFF9-F1396A2168EA}) (Version: 1.00.0000 - Corel Corporation) Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.30.0000 - Corel Corporation) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) Coupons.com Toolbar (HKLM\...\Coupons.com Toolbar) (Version: 6.8.5.1 - Coupons.com) Dell P513w (HKLM\...\Dell P513w) (Version: - Dell, Inc.) Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations) HP Photosmart 5510 series Basic Device Software (HKLM\...\{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}) (Version: 25.0.621.0 - Hewlett-Packard Co.) HP Photosmart 5510 series Help (HKLM\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 5510 series Product Improvement Study (HKLM\...\{C2F3460B-0C14-4A85-A330-5D1D5028C496}) (Version: 25.0.621.0 - Hewlett-Packard Co.) HP Photosmart 6520 series Basic Device Software (HKLM\...\{D9B4150C-9EF6-4861-902F-5F5CB760D7ED}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 6520 series Help (HKLM\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard) HP Photosmart 6520 series Product Improvement Study (HKLM\...\{DF711F5A-C9E4-4241-9A83-58532C99DB28}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Smart Print 1.0.5.0 (HKLM\...\{4E5FDDEE-30DF-4E4F-BF77-4D7DB4B51B9E}) (Version: 1.0.5.0 - Hewlett-Packard) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.) Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - ) MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation) muvee autoProducer 5.0 (HKLM\...\{64367D02-ADA8-4FA0-B348-27F25C60BC7B}) (Version: 5.00.050 - muvee Technologies) Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation) Norton Safe Web Lite (HKLM\...\NST) (Version: 2.0.0.16 - Symantec Corporation) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Rapport (HKLM\...\Rapport_msi) (Version: 3.5.1201.84 - Trusteer) Rapport (Version: 3.5.1201.84 - Trusteer) Hidden Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel) Sonic CinePlayer DVD Pack (HKLM\...\{D4576E0D-2295-4B8E-B663-B68086B00EE5}) (Version: 2.3.1 - Sonic Solutions) Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions) Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version: - ) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com) Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File ==================== Restore Points ========================= 12-04-2015 02:56:49 Removed HP Update. 12-04-2015 02:57:01 Installed HP Update. 13-06-2015 08:46:45 System Checkpoint 14-06-2015 00:18:28 Software Distribution Service 3.0 15-06-2015 11:00:13 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe/UA 9.5 /DDV 0x1000SYSTEMCreated by NetScheduleJobAdd.0Üÿÿÿ�ÿ5�H!Œ©Ë¼2ÊÁ̃صøÚ yý5j¶áS“¡nc÷Ô.qZ Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At6.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At7.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At8.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HP Photo Creations Messager.job => C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 20c0a1cd-4c5a-4e94-99d9-f96f7a34726a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b21ca5fd-2366-45e6-acf4-a818aefb29bd.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (Whitelisted) ============== 2010-03-27 18:52 - 2006-11-01 21:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE 2010-03-27 18:52 - 2006-11-01 21:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2011-04-02 22:36 - 2009-06-19 04:58 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlebdrpp.dll 2011-04-02 22:34 - 2009-07-10 11:50 - 00766632 _____ () C:\Program Files\Dell P513w\dlebmon.exe 2011-04-02 22:33 - 2009-05-26 16:17 - 00086121 _____ () C:\Program Files\Dell P513w\dlebcfg.dll 2011-04-02 22:34 - 2009-05-29 10:08 - 00389120 _____ () C:\Program Files\Dell P513w\dlebscw.dll 2011-04-02 22:36 - 2009-05-27 08:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\dlebdatr.dll 2011-04-02 22:34 - 2009-05-29 10:09 - 01159168 _____ () C:\Program Files\Dell P513w\dlebDRS.dll 2011-04-02 22:34 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Dell P513w\dlebcaps.dll 2011-04-02 22:34 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files\Dell P513w\dlebcnv4.dll 2011-04-02 22:32 - 2009-02-12 07:33 - 00299008 _____ () C:\WINDOWS\system32\dlebsm.dll 2011-04-02 22:32 - 2009-02-12 07:33 - 00028672 _____ () C:\WINDOWS\system32\dlebsmr.dll 2011-04-02 22:34 - 2009-07-10 11:50 - 00139944 _____ () C:\Program Files\Dell P513w\ezprint.exe 2011-04-02 22:34 - 2009-03-30 08:40 - 00708608 _____ () C:\Program Files\Dell P513w\Epwizard.DLL 2011-04-02 22:34 - 2009-03-30 08:38 - 00159744 _____ () C:\Program Files\Dell P513w\customui.dll 2011-04-02 22:34 - 2009-03-30 08:38 - 00114688 _____ () C:\Program Files\Dell P513w\Eputil.DLL 2011-04-02 22:34 - 2009-03-30 08:37 - 00139264 _____ () C:\Program Files\Dell P513w\Imagutil.DLL 2011-04-02 22:34 - 2009-03-30 08:38 - 00061440 _____ () C:\Program Files\Dell P513w\Epfunct.DLL 2011-04-02 22:34 - 2009-03-30 08:40 - 02203648 _____ () C:\Program Files\Dell P513w\EPWizRes.dll 2011-04-02 22:34 - 2009-03-30 08:40 - 00045056 _____ () C:\Program Files\Dell P513w\epstring.dll 2011-04-02 22:34 - 2009-03-30 08:40 - 00196608 _____ () C:\Program Files\Dell P513w\EPOEMDll.dll 2011-04-02 22:34 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Dell P513w\iptk.dll 2011-04-02 22:34 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Dell P513w\dlebptp.dll 2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-04-02 22:36 - 2009-07-01 09:07 - 00098984 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlebserv.exe 2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll 2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2006-11-02 21:40 - 2006-11-02 21:40 - 00174656 _____ () C:\WINDOWS\system32\PSIService.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) HKU\S-1-5-21-1454471165-688789844-839522115-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dldfcoms.exe] => Enabled:Dell Communications System StandardProfile\AuthorizedApplications: [C:\Program Files\Dell AIO Printer 948\dldfmon.exe] => Enabled:Printer Device Monitor StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\dldf\wireless\ENGLISH\dldfwpss.exe] => Enabled: StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dlebcoms.exe] => Enabled:P513w Server StandardProfile\AuthorizedApplications: [C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe] => Enabled:ABBYY FineReader StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510 series) StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510 series) StandardProfile\AuthorizedApplications: [C:\Program Files\FrostWire 5\FrostWire.exe] => Enabled:FrostWire StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Photosmart 6520 series) StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 6520 series) StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Photosmart 6520 series) StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. System errors: ============= Error: (06/15/2015 10:29:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/15/2015 10:29:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL Error: (06/15/2015 10:29:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF). Error: (06/15/2015 10:29:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SAS Core Service service failed to start due to the following error: %%3 Error: (06/15/2015 10:28:49 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (06/15/2015 10:07:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF). Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: %%2 Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: %%2 Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SAS Core Service service failed to start due to the following error: %%3 Microsoft Office: ========================= Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 8) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 8) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. ==================== Memory info =========================== Processor: Intel® Core2 CPU T5500 @ 1.66GHz Percentage of memory in use: 53% Total physical RAM: 2046.37 MB Available physical RAM: 943.82 MB Total Pagefile: 3937.85 MB Available Pagefile: 3068.04 MB Total Virtual: 2047.88 MB Available Virtual: 1940.34 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:142.03 GB) (Free:94.11 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive e: (2G-3) (Removable) (Total:1.91 GB) (Free:1.79 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: E686F016) Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=2 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=06) ==================== End of log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Administrator (administrator) on OWNER-35308C001 on 15-06-2015 11:38:57 Running from E:\AV Softwares Loaded Profiles: Administrator & (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 7 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe () C:\Program Files\Dell P513w\dlebmon.exe () C:\Program Files\Dell P513w\ezprint.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Corel, Inc.) C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe (Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\WINDOWS\system32\spool\drivers\w32x86\3\dlebserv.exe ( ) C:\WINDOWS\system32\dlebcoms.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe () C:\WINDOWS\system32\PSIService.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.) HKLM\...\Run: [sigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM\...\Run: [dlebmon.exe] => C:\Program Files\Dell P513w\dlebmon.exe [766632 2009-07-10] () HKLM\...\Run: [EzPrint] => C:\Program Files\Dell P513w\ezprint.exe [139944 2009-07-10] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2007-03-21] (Corel, Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware) HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.) HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.) HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk [2012-03-05] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2010-07-20] ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77c09f4f&ptnrs=zxxdm0028gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77c09f4f&ptnrs=zxxdm0028gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869 SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869 SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30] (Adobe Systems Incorporated) BHO: HP Smart Print BHO -> {1658D3A1-9E13-4196-A82A-D70D70880F36} -> C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2011-05-13] (Hewlett-Packard) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL No File BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-26] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-15] (Google Inc.) BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation) BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-26] (Oracle Corporation) Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation) Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask) DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] () FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-06] FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-03-05] FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-03-05] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-06-16] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-18] Chrome: ======= CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com) R2 dlebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dlebserv.exe [98984 2009-07-01] () R2 dleb_device; C:\WINDOWS\system32\dlebcoms.exe [602792 2009-07-01] ( ) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-02-26] (Oracle Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed] S2 N360; C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation) R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed] R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-13] (Broadcom Corporation) R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-06-06] (Symantec Corporation) R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1503000.00C\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation) R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation) S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed] R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-04-25] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-04-25] (Symantec Corporation) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.) R3 IDSxpx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140608.001\IDSxpx86.sys [383120 2014-06-08] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-15] (Malwarebytes Corporation) S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed] R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVENG.SYS [93272 2014-06-10] (Symantec Corporation) S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVEX15.SYS [1612376 2014-06-10] (Symantec Corporation) R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-08-30] (Sonic Solutions) [File not signed] R1 RapportCerberus_34302; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [228208 2012-04-26] () S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-06-11] (Trusteer Ltd.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1503000.00C\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R0 SymDS; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-03-18] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1503000.00C\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation) R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation) S4 IntelIde; No ImagePath S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 UIUSys; system32\drivers\UIUSys.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)