Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Chromium Browser virus - pop-ups, random URL pages...

Started by Krueg9651 , Jun 10 2017 09:20 PM

  • Please log in to reply

#1
Krueg9651
Posted 10 June 2017 - 09:20 PM

Krueg9651

    Member

  • Member
  • PipPipPip
  • 136 posts

Hello, I am visiting my dad and his home computer has the Chromium browser on it.  I noticed this problem when I came upon websites that I never typed the URL or searched for, and I kept getting some pop-up ads on the banner. 

 

First off, thank you guys for always volunteering your time.  It's been a while since I have posted a problem, but I am always grateful!  Below is the information.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-06-2017
Ran by Teacher (administrator) on MININT-CSRN707 (10-06-2017 22:10:41)
Running from C:\Users\Teacher\Desktop
Loaded Profiles: Teacher (Available Profiles: Teacher)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1667164 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2444016 2013-10-25] (Synaptics Incorporated)
HKLM\...\Run: [WorksFUD] => C:\Program Files\Microsoft Works\wkfud.exe [24576 2001-10-05] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [331830 2001-08-23] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28738 2001-08-16] (Microsoft® Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2183752 2017-05-04] ()
HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Run: [MoneyAgent] => "C:\Program Files\Microsoft Money\System\Money Express.exe"
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Run: [GOOGLECHROMEAUTOLAUNCH_56D513A1911079B147124FB0B59A739C] => C:\Users\Teacher\AppData\Local\Chromium\Application\chrome.exe [659456 2015-06-03] (The Chromium Authors)
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\MountPoints2: {14bf7dde-fa49-11e4-bfbc-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-05-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-08-28]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk [2015-08-28]
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk [2015-08-20]
ShortcutTarget: VideoCam Suite 2.0.lnk -> C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{22ADEB53-C2C8-47A0-912B-5FF1E588605A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={DCD43075-5B47-4BC8-8BEB-5C2D75C7AA45}&mid=dba20ab3439347cd8f9e1d1be9618564-6236eefa95dcad2db71f733b5949e0647767db60&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2015-08-29 08:33:08&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-05-04] (AVG)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: ifnqvwrb.default-1493848962235
FF ProfilePath: C:\Users\Teacher\AppData\Roaming\Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235 [2017-06-10]
FF Homepage: Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235 -> hxxps://mg.mail.yahoo.com/neo/launch?.partner=sbc&.rand=0mlf2r9rtg41o
FF Extension: (AVG Web TuneUp) - C:\Users\Teacher\AppData\Roaming\Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235\Extensions\[email protected] [2017-05-04]
FF SearchPlugin: C:\Users\Teacher\AppData\Roaming\Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235\searchplugins\avg-secure-search.xml [2017-05-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-15] (Intel Corporation)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [1002552 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2012-04-23] (Intel® Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279024 2013-12-04] (Intel Corporation)
S2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-10-24] (IDT, Inc.) [File not signed]
S2 uArcCapture; C:\Windows\system32\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-05-04] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-05-04] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMPPAL; C:\WINDOWS\System32\DRIVERS\AMPPAL.sys [143360 2012-03-15] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\WINDOWS\System32\DRIVERS\amppal.sys [143360 2012-03-15] (Windows ® Win 7 DDK provider)
S3 ARCVCAM; C:\WINDOWS\System32\DRIVERS\ArcSoftVCapture.sys [37952 2012-02-03] (ArcSoft, Inc.)
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [259328 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
S0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
S1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c6232.sys [358224 2012-11-28] (Intel Corporation)
R3 johci; C:\WINDOWS\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 NETwNs32; C:\WINDOWS\System32\DRIVERS\Netwsn00.sys [10364416 2012-06-03] (Intel Corporation)
S3 SmbDrv; C:\WINDOWS\system32\drivers\Smb_driver_AMDASF.sys [25328 2013-10-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\system32\drivers\Smb_driver_Intel.sys [27888 2013-10-25] (Synaptics Incorporated)
S3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1825288 2012-10-03] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-10 22:10 - 2017-06-10 22:11 - 00012396 _____ C:\Users\Teacher\Desktop\FRST.txt
2017-06-10 22:10 - 2017-06-10 22:10 - 00000000 ____D C:\FRST
2017-06-10 22:09 - 2017-06-10 22:09 - 01776640 _____ (Farbar) C:\Users\Teacher\Desktop\FRST.exe
2017-06-10 22:07 - 2017-06-10 22:07 - 00000000 ____D C:\Users\Teacher\Desktop\Anti-virus files
2017-06-10 21:35 - 2017-06-10 21:35 - 00160724 _____ C:\WINDOWS\ntbtlog.txt
2017-05-14 15:33 - 2017-05-14 15:33 - 00000000 ___RD C:\Users\Teacher\Documents\Scanned Documents
2017-05-14 15:33 - 2017-05-14 15:33 - 00000000 ____D C:\Users\Teacher\Documents\Fax
2017-05-14 15:30 - 2017-05-14 15:31 - 00089478 _____ C:\Users\Teacher\Downloads\Esp 3 - Presente Perfecto - Más Práctica #1 - side 1 of 2.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-10 21:40 - 2016-11-19 14:26 - 00000000 ____D C:\Users\Teacher\AppData\LocalLow\Mozilla
2017-06-10 21:40 - 2015-05-08 11:44 - 00781790 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-10 21:40 - 2009-07-13 21:37 - 00000000 ____D C:\WINDOWS\inf
2017-06-10 21:34 - 2009-07-13 23:34 - 00009712 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-10 21:34 - 2009-07-13 23:34 - 00009712 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-10 21:28 - 2016-11-18 08:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-10 21:28 - 2015-08-29 08:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-10 21:28 - 2009-07-13 23:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-10 20:26 - 2015-05-08 12:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-10 20:23 - 2015-08-28 09:24 - 00000000 ____D C:\ProgramData\MFAData
2017-06-10 20:18 - 2015-05-08 12:30 - 129479984 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-08-28 09:11 - 2015-08-28 09:11 - 0000064 _____ () C:\Users\Teacher\AppData\Local\716bd5b580c5a4184827032546c5461a

Files to move or delete:
====================
C:\Program Files\Itibiti Soft Phone\Itibiti.exe

Some files in TEMP:
====================
2016-08-22 21:39 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_081180295016.exe
2016-02-24 07:24 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_081231433982.exe
2015-10-20 04:59 - 2015-09-22 13:13 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_081342165611.exe
2016-04-07 17:02 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_081519775753.exe
2016-04-18 07:05 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08197182896.exe
2015-11-19 06:01 - 2015-10-16 13:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08207674018.exe
2016-05-31 09:51 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08250089337.exe
2016-05-13 09:18 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08379082520.exe
2016-07-27 06:11 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08412740535.exe
2016-01-15 22:13 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08451895395.exe
2016-07-06 18:36 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08452730589.exe
2016-01-05 12:13 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08550626776.exe
2015-10-12 05:24 - 2015-09-10 10:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Teacher\AppData\Local\Temp\avguirn_08825530461.exe
2007-04-05 02:09 - 2007-04-05 02:09 - 0455600 ____R (Macrovision Corporation) C:\Users\Teacher\AppData\Local\Temp\_is5EE1.exe
2007-04-05 02:09 - 2007-04-05 02:09 - 0455600 ____R (Macrovision Corporation) C:\Users\Teacher\AppData\Local\Temp\_is781B.exe
2007-04-05 02:09 - 2007-04-05 02:09 - 0455600 ____R (Macrovision Corporation) C:\Users\Teacher\AppData\Local\Temp\_is95D8.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-28 07:03

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-06-2017
Ran by Teacher (10-06-2017 22:11:42)
Running from C:\Users\Teacher\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2015-07-27 12:40:48)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3157478879-3267821037-2198957907-500 - Administrator - Disabled)
Guest (S-1-5-21-3157478879-3267821037-2198957907-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3157478879-3267821037-2198957907-1002 - Limited - Enabled)
Teacher (S-1-5-21-3157478879-3267821037-2198957907-1000 - Administrator - Enabled) => C:\Users\Teacher

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
ArcSoft Webcam Sharing Manager (HKLM\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
AVG (Version: 16.151.8013 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4776 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8013 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Bridge Baron 22 (HKLM\...\{B0C3F9C3-225A-4AA0-8A6E-28C7C116599E}) (Version: 22.00.00 - Great Game Products, Inc.)
Bridge Baron Teacher: Learn and Practice Bidding Conventions - Volume 2 (HKLM\...\{2C31CC47-74D7-43A8-B7AF-0B9C5C6FACB1}) (Version: 2.00.0001 - Great Game Products)
Bridge Baron Teacher: Learn and Practice Bidding Conventions - Volume 3 (HKLM\...\{70999647-34A9-413B-8974-74F21EEDA815}) (Version: 3.00.0001 - Great Game Products)
Chromium (HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Chromium) (Version: 45.0.2422.0 - Chromium)
Counting at Bridge (HKLM\...\Counting at Bridge) (Version:  - Bridge Base Inc.)
Defense (HKLM\...\Defense) (Version:  - Bridge Base Inc.)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GeniusBox 2.0 (HKLM\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
GWX Control Panel (HKLM\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hoyle Card Games 4 (HKLM\...\Hoyle Card Games 4) (Version:  - )
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM\...\{801EAD7A-7202-4BE4-84A1-299202AD17C0}) (Version: 2.0.7.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
JMicron 1394 Filter Driver (HKLM\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
KNCTR (HKLM\...\Itibiti_is1) (Version:  - Itibiti Inc.)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version:  - )
Learn to Play Bridge 2 (HKLM\...\Learn_to_Play_Bridge_2) (Version:  - )
Marty Sez (HKLM\...\Marty_Sez) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version:  - )
Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{C3A439E4-7303-491F-A678-CEA36A87D517}) (Version: 2.0.0.0000 - Microsoft Corporation)
Mike's Advice (HKLM\...\{FF115D5C-D288-4242-B1DE-C86E0DE1D846}_is1) (Version: 1.0 - Michael Lawrence)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
OrderReminder HP LaserJet 1020 (HKLM\...\OrderReminder HP LaserJet 1020) (Version: 2.0 - )
Points Schmoints! (HKLM\...\Points_Schmoints!) (Version:  - )
Pro PC Cleaner (HKLM\...\Pro PC Cleaner) (Version: 2.9.6 - Pro PC Cleaner) <==== ATTENTION
Shockwave (HKLM\...\Shockwave) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
VideoCam Suite 2.0 (HKLM\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.043.1033 - Panasonic Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Teacher\AppData\Local\Chromium\Application\45.0.2422.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C9D8522-14CA-4497-8B27-DF007D159BAD} - System32\Tasks\Check Updates => C:\Program Files\user extensions\updater.exe <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5A6C6202-3AB5-469C-AA0F-B1A500B600D5} - System32\Tasks\{E2EC6324-6576-4BCF-9E97-E04E6B060BD3} => pcalua.exe -a D:\setup.exe -d D:\
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {60E3E79F-7B70-43DC-9F02-33882F4CFCF4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-26] (Adobe Systems Incorporated)
Task: {762917E6-DE6E-4F3A-B0AD-1CF140F5838A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {7CC22976-7FB5-441D-A353-117307BB363D} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\WINDOWS\system32\srtasks.exe
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {AF73B4E3-0AB1-46CD-8472-1769E85D5FC1} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {B643DEE6-FFEC-4379-AC76-BA17D464C5DD} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Program Files\user extensions\client.exe" <==== ATTENTION
Task: {B75248BF-3C26-4245-A778-52CDAEC06130} - System32\Tasks\Tny_Cassiopesa => C:\Users\Teacher\AppData\Local\{2B181~1\UNINST~1.EXE
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {DC400010-E530-4274-BED2-D22581E2E228} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {EADFF62A-0CFC-40F0-93BE-E0E6D49C69F2} - System32\Tasks\Validate Installation => C:\Program Files\user extensions\updater.exe <==== ATTENTION
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Tny_Cassiopesa.job => C:\Users\Teacher\AppData\Local\{2B181~1\UNINST~1.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Teacher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{089831F4-D22C-441F-BB1B-B0CB17C523FC}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{E3684E0C-D172-4729-AF2F-BB7FEE55CA4C}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{F8BDCA35-21B9-41F7-B3EB-4D32342F1D1D}] => (Allow) C:\Users\Teacher\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{A2B05995-59CE-4726-90DA-B71B9026FA27}C:\program files\itibiti soft phone\itibiti.exe] => (Block) C:\program files\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{26141F11-18E4-4EC2-8673-9F2148EAC412}C:\program files\itibiti soft phone\itibiti.exe] => (Block) C:\program files\itibiti soft phone\itibiti.exe
FirewallRules: [{C38C8740-302F-4170-86D5-59E98DC6141A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4DB7918-4855-4858-A3E1-C397AEDEACD2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1C921281-B9F5-41EC-BDC6-3392ADF965CE}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{1BAE0EAB-56E0-43D4-9245-A8E18D80F4AF}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{C817ED63-3151-4432-B264-A002FAFBABBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B097DD0D-7C50-42FF-A0B6-F56DF3A5A6D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BC704BCB-77BF-4C3D-8770-CDA633B29C65}] => (Allow) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{39041D88-E549-43AE-81F4-F92473CE0969}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{46778BBC-AA63-4A87-A513-AF758E82E8B0}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{900005F2-CC3F-46E8-AE1F-125EDBE619DB}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{4E3FE453-6149-4990-BE91-1281ACDD0229}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2017 04:19:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpqWmiEx.exe, version: 4.6.10.1, time stamp: 0x5048beb6
Faulting module name: hpqWmiEx.exe, version: 4.6.10.1, time stamp: 0x5048beb6
Exception code: 0xc0000005
Fault offset: 0x00044dba
Faulting process id: 0xdc8
Faulting application start time: 0x01d2c9957cb266ab
Faulting application path: C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
Faulting module path: C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
Report Id: 23dd362c-3e6b-11e7-a74b-cc52af856c97

Error: (05/13/2017 02:59:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/05/2017 09:31:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 53.0.0.6312, time stamp: 0x58f0428a
Faulting module name: xul.dll, version: 53.0.0.6312, time stamp: 0x58f046bd
Exception code: 0x80000003
Fault offset: 0x00886df8
Faulting process id: 0x113c
Faulting application start time: 0x01d2c509499cb449
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\xul.dll
Report Id: 121942c7-3204-11e7-8ce5-cc52af856c97

Error: (03/27/2017 03:21:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7a0

Start Time: 01d2a737928e8ade

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: e7c9c235-132a-11e7-ba2d-cc52af856c97

Error: (03/18/2017 04:08:25 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (01/13/2017 07:36:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (12/14/2016 02:41:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (12/07/2016 09:02:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.0.0.6152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c444

Start Time: 01d248ee5d97ba23

Termination Time: 295

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 6281363d-bcea-11e6-a032-cc52af856c97

Error: (11/28/2016 02:04:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 84dc

Start Time: 01d2480727574220

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/28/2016 06:34:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\WINDOWS\Temp\AvgSetup\9c16837e-eb65-47cf-8388-1d1be9618564\install\fmw\avgrdsttestx.exe".
Dependent Assembly AVG.VC140.CRT,processorArchitecture="x86",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/10/2017 09:42:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:42:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:42:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:42:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:42:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:42:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:35:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:35:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:35:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/10/2017 09:35:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================
  Date: 2017-06-10 21:34:18.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 21:31:30.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:41:03.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:36:22.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:36:21.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestacap.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:32:50.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:32:46.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:17:50.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-23 21:08:12.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-05-23 14:10:34.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 25%
Total physical RAM: 2996.04 MB
Available physical RAM: 2218.89 MB
Total Virtual: 5990.39 MB
Available Virtual: 5244.11 MB

==================== Drives ================================

Drive c: (Default) (Fixed) (Total:232.88 GB) (Free:198.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B08384BF)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
zep516
Posted 10 June 2017 - 10:06 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Programs to remove
Pro PC Cleaner

Next

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION
C:\Program Files\Itibiti Soft Phone
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={DCD43075-5B47-4BC8-8BEB-5C2D75C7AA45}&mid=dba20ab3439347cd8f9e1d1be9618564-6236eefa95dcad2db71f733b5949e0647767db60&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2015-08-29 08:33:08&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
C:\Program Files\Itibiti Soft Phone\Itibiti.exe
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Teacher\AppData\Local\Chromium\Application\45.0.2422.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
Task: {1C9D8522-14CA-4497-8B27-DF007D159BAD} - System32\Tasks\Check Updates => C:\Program Files\user extensions\updater.exe <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
C:\Program Files\user extensions
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {762917E6-DE6E-4F3A-B0AD-1CF140F5838A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {7CC22976-7FB5-441D-A353-117307BB363D} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe <==== ATTENTION
C:\Program Files\Pro PC Cleaner
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {B643DEE6-FFEC-4379-AC76-BA17D464C5DD} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Program Files\user extensions\client.exe" <==== ATTENTION
Task: {B75248BF-3C26-4245-A778-52CDAEC06130} - System32\Tasks\Tny_Cassiopesa => C:\Users\Teacher\AppData\Local\{2B181~1\UNINST~1.EXE
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {EADFF62A-0CFC-40F0-93BE-E0E6D49C69F2} - System32\Tasks\Validate Installation => C:\Program Files\user extensions\updater.exe <==== ATTENTION
FirewallRules: [{089831F4-D22C-441F-BB1B-B0CB17C523FC}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{E3684E0C-D172-4729-AF2F-BB7FEE55CA4C}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{A2B05995-59CE-4726-90DA-B71B9026FA27}C:\program files\itibiti soft phone\itibiti.exe] => (Block) C:\program files\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{26141F11-18E4-4EC2-8673-9F2148EAC412}C:\program files\itibiti soft phone\itibiti.exe] => (Block) C:\program files\itibiti soft phone\itibiti.exe
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#3
Krueg9651
Posted 10 June 2017 - 10:40 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 10-06-2017
Ran by Teacher (10-06-2017 23:17:21) Run:1
Running from C:\Users\Teacher\Desktop
Loaded Profiles: Teacher (Available Profiles: Teacher)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION
C:\Program Files\Itibiti Soft Phone
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_35&cd=2XzuyEtN2Y1L1Qzu0C0CyDtB0A0FzzyDyC0CzyyByDzytByBtN0D0Tzu0StCtAtAyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S0E0FyC0AyDzzyD0DtGtA0BtB0AtGyE0EtD0EtGzzyE0CzytGzyyB0CtAtA0D0EyByD0A0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0FtDtByCtB0BtG0A0EyBtBtGyEyCtCzytG0B0D0B0CtGyB0A0BtB0AyD0B0FyD0FyEtB2QtN0A0LzuyE&cr=1996962322&ir=
SearchScopes: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={DCD43075-5B47-4BC8-8BEB-5C2D75C7AA45}&mid=dba20ab3439347cd8f9e1d1be9618564-6236eefa95dcad2db71f733b5949e0647767db60&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2015-08-29 08:33:08&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
C:\Program Files\Itibiti Soft Phone\Itibiti.exe
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Teacher\AppData\Local\Chromium\Application\45.0.2422.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
Task: {1C9D8522-14CA-4497-8B27-DF007D159BAD} - System32\Tasks\Check Updates => C:\Program Files\user extensions\updater.exe <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
C:\Program Files\user extensions
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {762917E6-DE6E-4F3A-B0AD-1CF140F5838A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {7CC22976-7FB5-441D-A353-117307BB363D} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe <==== ATTENTION
C:\Program Files\Pro PC Cleaner
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {B643DEE6-FFEC-4379-AC76-BA17D464C5DD} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Program Files\user extensions\client.exe" <==== ATTENTION
Task: {B75248BF-3C26-4245-A778-52CDAEC06130} - System32\Tasks\Tny_Cassiopesa => C:\Users\Teacher\AppData\Local\{2B181~1\UNINST~1.EXE
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {EADFF62A-0CFC-40F0-93BE-E0E6D49C69F2} - System32\Tasks\Validate Installation => C:\Program Files\user extensions\updater.exe <==== ATTENTION
FirewallRules: [{089831F4-D22C-441F-BB1B-B0CB17C523FC}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{E3684E0C-D172-4729-AF2F-BB7FEE55CA4C}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{A2B05995-59CE-4726-90DA-B71B9026FA27}C:\program files\itibiti soft phone\itibiti.exe] => (Block) C:\program files\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{26141F11-18E4-4EC2-8673-9F2148EAC412}C:\program files\itibiti soft phone\itibiti.exe] => (Block) C:\program files\itibiti soft phone\itibiti.exe
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully.
C:\Program Files\Itibiti Soft Phone => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
"C:\Program Files\Itibiti Soft Phone\Itibiti.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully.
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C9D8522-14CA-4497-8B27-DF007D159BAD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C9D8522-14CA-4497-8B27-DF007D159BAD} => key removed successfully.
C:\Windows\System32\Tasks\Check Updates => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully.
C:\Program Files\user extensions => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{762917E6-DE6E-4F3A-B0AD-1CF140F5838A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{762917E6-DE6E-4F3A-B0AD-1CF140F5838A} => key removed successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CC22976-7FB5-441D-A353-117307BB363D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC22976-7FB5-441D-A353-117307BB363D} => key removed successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key removed successfully.
C:\Program Files\Pro PC Cleaner => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F54B95F-5096-4803-AE61-E9B3AC5B616D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F54B95F-5096-4803-AE61-E9B3AC5B616D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B643DEE6-FFEC-4379-AC76-BA17D464C5DD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B643DEE6-FFEC-4379-AC76-BA17D464C5DD} => key removed successfully.
C:\Windows\System32\Tasks\GeniusBox => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B75248BF-3C26-4245-A778-52CDAEC06130} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B75248BF-3C26-4245-A778-52CDAEC06130} => key removed successfully.
C:\Windows\System32\Tasks\Tny_Cassiopesa => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tny_Cassiopesa => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EADFF62A-0CFC-40F0-93BE-E0E6D49C69F2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EADFF62A-0CFC-40F0-93BE-E0E6D49C69F2} => key removed successfully.
C:\Windows\System32\Tasks\Validate Installation => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{089831F4-D22C-441F-BB1B-B0CB17C523FC} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3684E0C-D172-4729-AF2F-BB7FEE55CA4C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A2B05995-59CE-4726-90DA-B71B9026FA27}C:\program files\itibiti soft phone\itibiti.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{26141F11-18E4-4EC2-8673-9F2148EAC412}C:\program files\itibiti soft phone\itibiti.exe => value removed successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 4194304 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40871788 B
Java, Flash, Steam htmlcache => 1301 B
Windows/system/drivers => 2188147290 B
Edge => 0 B
Chrome => 0 B
Firefox => 376257885 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33959424 B
LocalService => 16674 B
NetworkService => 13558 B
Teacher => 767921042 B

RecycleBin => 256677385 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 23:20:10 ====


  • 0

#4
zep516
Posted 10 June 2017 - 10:44 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Still getting pop ups ?

If so

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

  • 0

#5
Krueg9651
Posted 10 June 2017 - 11:06 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

# AdwCleaner v6.047 - Logfile created 10/06/2017 at 23:53:57
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-10.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : Teacher - MININT-CSRN707
# Running from : C:\Users\Teacher\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[-] Service deleted: vToolbarUpdater40.3.7
[-] Service deleted: WtuSystemSupport

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Teacher\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Users\Teacher\AppData\Local\PRO_PC_Cleaner
[-] Folder deleted: C:\Users\Teacher\AppData\Roaming\Itibiti
[-] Folder deleted: C:\Users\Teacher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner
[-] Folder deleted: C:\Users\Teacher\Documents\PROPCCleaner
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search

***** [ Files ] *****

[-] File deleted: C:\Users\Teacher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
[#] File deleted: C:\Users\Teacher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[-] File deleted: C:\Users\Teacher\AppData\Roaming\Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235\extensions\[email protected]
[-] File deleted: C:\Users\Teacher\AppData\Roaming\Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235\searchplugins\avg-secure-search.xml

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

[-] Task deleted: Tny_cassiopesa

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\Software\geniusboxinstalled
[-] Key deleted: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\Software\OB
[-] Key deleted: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\Software\Search Extensions
[-] Key deleted: HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\Software\Tny_Cassiopesa
[#] Key deleted on reboot: HKCU\Software\geniusboxinstalled
[#] Key deleted on reboot: HKCU\Software\OB
[#] Key deleted on reboot: HKCU\Software\Search Extensions
[#] Key deleted on reboot: HKCU\Software\Tny_Cassiopesa
[-] Key deleted: HKLM\SOFTWARE\GeniusBox
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cassiopessa.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.cassiopessa.com
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ProPCCleaner.exe
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ProPCCleaner.exe

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6157 Bytes] - [10/06/2017 23:53:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [5984 Bytes] - [10/06/2017 23:49:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6303 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x86
Ran by Teacher (Limited) on Sun 06/11/2017 at  0:02:49.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 9

Successfully deleted: C:\Users\Teacher\AppData\Local\716bd5b580c5a4184827032546c5461a (File)
Successfully deleted: C:\Users\Teacher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GQ9TJTW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Teacher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXSD495Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Teacher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO8BN5T7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Teacher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8U8J3HG (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GQ9TJTW (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXSD495Q (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO8BN5T7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8U8J3HG (Temporary Internet Files Folder)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GOOGLECHROMEAUTOLAUNCH_56D513A1911079B147124FB0B59A739C (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/11/2017 at  0:03:35.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#6
zep516
Posted 10 June 2017 - 11:11 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Lets run a malwarebytes scan. This will be a good program to have on the computer for your dad.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#7
Krueg9651
Posted 10 June 2017 - 11:33 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/11/17
Scan Time: 12:13 AM
Log File: MBAM scanned log 6-11.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2131
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: MININT-CSRN707\Teacher

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 234774
Threats Detected: 332
Threats Quarantined: 332
Time Elapsed: 4 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 7
PUP.Optional.Cassiopessa, HKLM\SOFTWARE\CLASSES\APPID\{ef494946-9425-4a5c-b373-74ccd38e8c48}, Quarantined, [11128], [169162],1.0.2131
PUP.Optional.Cassiopesa, HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143E921-7C9A-4D27-AC43-EACCC78CC55A}, Quarantined, [14575], [253732],1.0.2131
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}, Quarantined, [14575], [253732],1.0.2131
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\PRO PC CLEANER\Pro PC Cleaner, Quarantined, [353], [242075],1.0.2131
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\SOFTWARE\Pro PC Cleaner, Quarantined, [353], [242062],1.0.2131
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\SOFTWARE\ProPCCleanerLanguage, Quarantined, [353], [242064],1.0.2131
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\Pro PC Cleaner, Quarantined, [353], [246154],1.0.2131

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 85
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\abstractbutton\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\thirdparty\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\uninstall\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\weather\css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps\css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\weather\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\weather\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\generic\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript\html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\alert\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\flare\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\link\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\weather, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\abstractbutton, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml\html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\common, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\rss\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\rss\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\flare\icons, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\images, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\rss, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\radioWrapper, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\thirdparty, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\foreground, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\uninstall, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\generic, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\weather, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\background, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\alert, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\flare, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search\html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\link, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\rss, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\window, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\adapter, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\libs, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\_metadata, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\USERS\TEACHER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\CEOPOALDCNMHECHACAFGAGDKKLCOGKGD, Quarantined, [276], [301930],1.0.2131

File: 240
PUP.Optional.BestPriceNinja, C:\USERS\TEACHER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [15588], [254642],1.0.2131
PUP.Optional.BestPriceNinja, C:\USERS\TEACHER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [15588], [254642],1.0.2131
PUP.Optional.Cassiopesa, C:\USERS\TEACHER\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\TNY_CASSIOPESA.ICO, Quarantined, [14575], [246544],1.0.2131
PUP.Optional.MindSpark, C:\USERS\TEACHER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\CEOPOALDCNMHECHACAFGAGDKKLCOGKGD\12.600.11.23885_0\MANIFEST.JSON, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\adapter\adapterUtil.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\adapter\widget-adapter.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\alert\background\alertButton.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\flare\background\FlareWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\flare\icons\Thumbs.db, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\generic\background\GenericWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\link\background\linkButton.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\background\menuButton.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\css\menuframe.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\html\menuframe.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\images\right_arrow.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\images\right_arrow_white.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\js\menuframe.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\js\query-string.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\menu\README.txt, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\rss\background\RssWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\components\weather\background\weatherButton.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\bs.30.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\common.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\dynamic.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\enableDetect.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\eventListening.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\global.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\jquery-1.7.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\list-interaction.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\messageEventListener.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\navRedirector.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\paramReplacer.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\PartnerId.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\set.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\underscore-1.3.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\underscore-1.5.2.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\js\unifiedLogging.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\common\common.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\common\set.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\invalid.json, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\jquery.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\qunit.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\qunit.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\resource.json, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\resource.xml, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\common\widget-api\widget-context-1.0.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\background\ApiBasedWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\background\widget-api-impl.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\window\widgetWindow.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\api\window\widgetWindow.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\background\updateSearch.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\css\movieReviews.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\html\movieReviews.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\moviereviews\js\movieReviews.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\background\RadioWidget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\css\toolbar-item.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\foreground\button.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search\background\searchBox.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search\html\searchSuggestions.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search\html\searchSuggestions.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search\html\searchSuggestions.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\search\html\searchSuggestionsInit.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\css\supertab.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\html\supertab.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\js\newtabfork.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\js\reporting.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\js\srchsugg.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\js\supertab.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\js\unifiedLogging.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\components\supertab\js\__utm.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\_metadata\verified_contents.json, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons\arrowSprite.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons\icon128.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons\icon16.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons\icon19disabled.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons\icon19on.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons\icon48.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\223756496.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\223756500.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\223756515.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\223756519.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\223756521.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\223756543.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\224441887.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\down_arrow.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\magnifying_glass.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\RadioPlayerSprite.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\search_button.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\tvf_icon_guide.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\tvf_logo.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\images\wrench.png, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\newTabInitialize.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\chromeStorage.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\chromeUtils.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\companionSWUtils.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\exeManager.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\exeManagerNMD.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\exePackageManager.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\focusManager.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\globalBlacklistManager.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\messaging.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\mutation_summary-min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\mutation_summary.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\nativeMessagingDispatcher.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\newTabInfo.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\options.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\readLocalStorage.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\reservespacefortoolbar.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\reservespaceifenabled.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\scriptInjector.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\searchContext.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\settingsOverrides.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\toolbarCookieParser.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\toolbarPreinit.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\underscore-1.3.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\URILoaderContentScript.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\webTooltabAPI.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\Widget.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\widgetContentScriptInjectee.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\widgetFactory.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\js\widgetWindowManager.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\libs\jquery-1.7.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\libs\jquery-1.9.1.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\libs\underscore-1.5.2.min.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\cache.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\ce.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\debug.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\native\ss.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\activePing.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\buttonLogger.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\competitorDnsList.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\console.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\FFPreferencesPersister.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\httpTransport.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\HttpURL.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\internationalSearch.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\LocalStoragePersister.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\MindsparkGlobal.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\MindsparkGlobal.unitTest.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\MindsparkGlobalNotes.txt, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\rsvp-latest.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\searchSuggestLocale.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\testHttpTransport.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\unifiedLogger.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\unifiedLogging.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\universalConsole.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\shared\utils.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spent2.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\bg.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\buildVars, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\buildVars.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\companionSW.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\config.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\contentScript.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\contentScript.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\debug.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\debug.jade, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spentJ.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spentK.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spentK.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\startup.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\stub.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\stubby.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\superFrame.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\toolbar.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\toolbar.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\toolbarUI.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\toolbarUI.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\toolbarUI.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\url.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\urlFragmentActions.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\webtooltab.cs.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\extension_toolbar_api.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\initWidgetWindow.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\newTabContentScript.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\options.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spent.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spent.html, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spent.js, Quarantined, [276], [301930],1.0.2131
PUP.Optional.MindSpark, C:\Users\Teacher\AppData\Local\Chromium\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd\12.600.11.23885_0\spent2.css, Quarantined, [276], [301930],1.0.2131
PUP.Optional.Cassiopesa, C:\USERS\TEACHER\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\SECURE PREFERENCES, Replaced, [14575], [302990],1.0.2131

Physical Sector: 0
(No malicious items detected)

(end)


  • 0

#8
zep516
Posted 10 June 2017 - 11:36 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Mindspark junk and lots of it.

Reset the Chrome browser if issues persists

To do that

https://www.howtogee...fault-settings/
  • 0

#9
Krueg9651
Posted 11 June 2017 - 11:59 AM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

I don't think I have the Chrome browser on here any longer (at least, I can't find it).  However, I DID reset Explorer  :)

 

I don't see the Chromium browser popping up again (thank you!!!!), but my computer is still running super super slow..  A lot of times when I start Explorer, I get a message that says a script did not work.

 

Is it just old? 


  • 0

#10
zep516
Posted 11 June 2017 - 12:05 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
How old is it ?

While you're here lets take a look again at things.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

Advertisements

#11
zep516
Posted 11 June 2017 - 12:22 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Forgot to say.

Post the logs from normal mode this time, not safemode.
  • 0

#12
Krueg9651
Posted 11 June 2017 - 02:12 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

It's a few years old, I think 2012 (?) Since I last came back on computer with normal mode, it looks so far like everything is ok, it's just slow when I first start the screen.  Below is the info, just to double check.  Thanks!!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-06-2017
Ran by Teacher (administrator) on MININT-CSRN707 (11-06-2017 15:04:58)
Running from C:\Users\Teacher\Desktop
Loaded Profiles: Teacher (Available Profiles: Teacher)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(B.H.A Corporation) C:\WINDOWS\System32\bgsvcgen.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(ArcSoft, Inc.) C:\WINDOWS\System32\ArcVCapRender\uArcCapture.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft® Corporation) C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
(Panasonic Corporation) C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1667164 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2444016 2013-10-25] (Synaptics Incorporated)
HKLM\...\Run: [WorksFUD] => C:\Program Files\Microsoft Works\wkfud.exe [24576 2001-10-05] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [331830 2001-08-23] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28738 2001-08-16] (Microsoft® Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Web TuneUp\vprot.exe"
HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Run: [MoneyAgent] => "C:\Program Files\Microsoft Money\System\Money Express.exe"
HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\MountPoints2: {14bf7dde-fa49-11e4-bfbc-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-05-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-08-28]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk [2015-08-28]
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk [2015-08-20]
ShortcutTarget: VideoCam Suite 2.0.lnk -> C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{22ADEB53-C2C8-47A0-912B-5FF1E588605A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: ifnqvwrb.default-1493848962235
FF ProfilePath: C:\Users\Teacher\AppData\Roaming\Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235 [2017-06-11]
FF Homepage: Mozilla\Firefox\Profiles\ifnqvwrb.default-1493848962235 -> www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-15] (Intel Corporation)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [1002552 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2012-04-23] (Intel® Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279024 2013-12-04] (Intel Corporation)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-10-24] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\Windows\system32\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMPPAL; C:\WINDOWS\System32\DRIVERS\AMPPAL.sys [143360 2012-03-15] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\WINDOWS\System32\DRIVERS\amppal.sys [143360 2012-03-15] (Windows ® Win 7 DDK provider)
R3 ARCVCAM; C:\WINDOWS\System32\DRIVERS\ArcSoftVCapture.sys [37952 2012-02-03] (ArcSoft, Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [259328 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c6232.sys [358224 2012-11-28] (Intel Corporation)
R3 johci; C:\WINDOWS\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [162208 2017-06-11] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39840 2017-06-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220576 2017-06-11] (Malwarebytes)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 NETwNs32; C:\WINDOWS\System32\DRIVERS\Netwsn00.sys [10364416 2012-06-03] (Intel Corporation)
S3 SmbDrv; C:\WINDOWS\system32\drivers\Smb_driver_AMDASF.sys [25328 2013-10-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\system32\drivers\Smb_driver_Intel.sys [27888 2013-10-25] (Synaptics Incorporated)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1825288 2012-10-03] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 15:04 - 2017-06-11 15:04 - 00000000 ____D C:\Users\Teacher\Desktop\FRST-OlderVersion
2017-06-11 00:30 - 2017-06-11 00:30 - 00071927 _____ C:\Users\Teacher\Desktop\MBAM scanned log 6-11.txt
2017-06-11 00:13 - 2017-06-11 00:13 - 00162208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-11 00:12 - 2017-06-11 11:52 - 00039840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-11 00:12 - 2017-06-11 11:51 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-11 00:12 - 2017-06-11 00:12 - 00002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-11 00:12 - 2017-06-11 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-11 00:12 - 2017-06-11 00:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-11 00:12 - 2017-06-11 00:12 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-11 00:12 - 2017-05-25 11:58 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-06-11 00:11 - 2017-06-11 00:12 - 64232976 _____ (Malwarebytes ) C:\Users\Teacher\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-11 00:03 - 2017-06-11 00:03 - 00002278 _____ C:\Users\Teacher\Desktop\JRT.txt
2017-06-10 23:57 - 2017-06-10 23:57 - 01663672 _____ (Malwarebytes) C:\Users\Teacher\Desktop\JRT.exe
2017-06-10 23:47 - 2017-06-10 23:53 - 00000000 ____D C:\AdwCleaner
2017-06-10 23:46 - 2017-06-10 23:46 - 04110280 _____ C:\Users\Teacher\Desktop\adwcleaner_6.047.exe
2017-06-10 23:17 - 2017-06-10 23:20 - 00013177 _____ C:\Users\Teacher\Desktop\Fixlog.txt
2017-06-10 22:11 - 2017-06-10 22:12 - 00025116 _____ C:\Users\Teacher\Desktop\Addition.txt
2017-06-10 22:10 - 2017-06-11 15:05 - 00012093 _____ C:\Users\Teacher\Desktop\FRST.txt
2017-06-10 22:10 - 2017-06-11 15:04 - 00000000 ____D C:\FRST
2017-06-10 22:09 - 2017-06-11 15:04 - 01776640 _____ (Farbar) C:\Users\Teacher\Desktop\FRST.exe
2017-06-10 22:07 - 2017-06-10 22:07 - 00000000 ____D C:\Users\Teacher\Desktop\Anti-virus files
2017-06-10 21:35 - 2017-06-11 00:45 - 00822804 _____ C:\WINDOWS\ntbtlog.txt
2017-05-14 15:33 - 2017-05-14 15:33 - 00000000 ___RD C:\Users\Teacher\Documents\Scanned Documents
2017-05-14 15:33 - 2017-05-14 15:33 - 00000000 ____D C:\Users\Teacher\Documents\Fax
2017-05-14 15:30 - 2017-05-14 15:31 - 00089478 _____ C:\Users\Teacher\Downloads\Esp 3 - Presente Perfecto - Más Práctica #1 - side 1 of 2.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 13:00 - 2016-11-19 14:26 - 00000000 ____D C:\Users\Teacher\AppData\LocalLow\Mozilla
2017-06-11 12:01 - 2009-07-13 23:34 - 00009712 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-11 12:01 - 2009-07-13 23:34 - 00009712 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-11 11:56 - 2015-05-08 11:44 - 00781790 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-11 11:56 - 2009-07-13 21:37 - 00000000 ____D C:\WINDOWS\inf
2017-06-11 11:54 - 2015-08-28 09:24 - 00000000 ____D C:\ProgramData\MFAData
2017-06-11 11:51 - 2009-07-13 23:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-10 23:23 - 2015-08-28 09:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-06-10 23:18 - 2015-09-05 06:10 - 00000000 ____D C:\Users\Teacher\AppData\LocalLow\Temp
2017-06-10 23:17 - 2009-07-13 21:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-10 21:28 - 2016-11-18 08:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-10 21:28 - 2015-08-29 08:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-10 20:26 - 2015-05-08 12:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-10 20:18 - 2015-05-08 12:30 - 129479984 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-28 07:03

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-06-2017
Ran by Teacher (11-06-2017 15:05:36)
Running from C:\Users\Teacher\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2015-07-27 12:40:48)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3157478879-3267821037-2198957907-500 - Administrator - Disabled)
Guest (S-1-5-21-3157478879-3267821037-2198957907-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3157478879-3267821037-2198957907-1002 - Limited - Enabled)
Teacher (S-1-5-21-3157478879-3267821037-2198957907-1000 - Administrator - Enabled) => C:\Users\Teacher

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
ArcSoft Webcam Sharing Manager (HKLM\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
AVG (Version: 16.151.8013 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4776 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8013 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Bridge Baron 22 (HKLM\...\{B0C3F9C3-225A-4AA0-8A6E-28C7C116599E}) (Version: 22.00.00 - Great Game Products, Inc.)
Bridge Baron Teacher: Learn and Practice Bidding Conventions - Volume 2 (HKLM\...\{2C31CC47-74D7-43A8-B7AF-0B9C5C6FACB1}) (Version: 2.00.0001 - Great Game Products)
Bridge Baron Teacher: Learn and Practice Bidding Conventions - Volume 3 (HKLM\...\{70999647-34A9-413B-8974-74F21EEDA815}) (Version: 3.00.0001 - Great Game Products)
Chromium (HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\...\Chromium) (Version: 45.0.2422.0 - Chromium)
Counting at Bridge (HKLM\...\Counting at Bridge) (Version:  - Bridge Base Inc.)
Defense (HKLM\...\Defense) (Version:  - Bridge Base Inc.)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GWX Control Panel (HKLM\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hoyle Card Games 4 (HKLM\...\Hoyle Card Games 4) (Version:  - )
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM\...\{801EAD7A-7202-4BE4-84A1-299202AD17C0}) (Version: 2.0.7.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version:  - )
Learn to Play Bridge 2 (HKLM\...\Learn_to_Play_Bridge_2) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Marty Sez (HKLM\...\Marty_Sez) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version:  - )
Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{C3A439E4-7303-491F-A678-CEA36A87D517}) (Version: 2.0.0.0000 - Microsoft Corporation)
Mike's Advice (HKLM\...\{FF115D5C-D288-4242-B1DE-C86E0DE1D846}_is1) (Version: 1.0 - Michael Lawrence)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
OrderReminder HP LaserJet 1020 (HKLM\...\OrderReminder HP LaserJet 1020) (Version: 2.0 - )
Points Schmoints! (HKLM\...\Points_Schmoints!) (Version:  - )
Pro PC Cleaner (HKLM\...\Pro PC Cleaner) (Version: 2.9.6 - Pro PC Cleaner) <==== ATTENTION
Shockwave (HKLM\...\Shockwave) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
VideoCam Suite 2.0 (HKLM\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.043.1033 - Panasonic Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5A6C6202-3AB5-469C-AA0F-B1A500B600D5} - System32\Tasks\{E2EC6324-6576-4BCF-9E97-E04E6B060BD3} => pcalua.exe -a D:\setup.exe -d D:\
Task: {60E3E79F-7B70-43DC-9F02-33882F4CFCF4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-26] (Adobe Systems Incorporated)
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\WINDOWS\system32\srtasks.exe
Task: {AF73B4E3-0AB1-46CD-8472-1769E85D5FC1} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {DC400010-E530-4274-BED2-D22581E2E228} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-30 22:33 - 2015-01-30 22:33 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll.dll
2016-11-28 06:34 - 2016-11-28 06:33 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-05-10 09:03 - 2017-05-10 09:03 - 00169984 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d61220a4a2df736b34065374250e40aa\IsdiInterop.ni.dll
2015-05-14 09:53 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3157478879-3267821037-2198957907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Teacher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F8BDCA35-21B9-41F7-B3EB-4D32342F1D1D}] => (Allow) C:\Users\Teacher\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{C38C8740-302F-4170-86D5-59E98DC6141A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4DB7918-4855-4858-A3E1-C397AEDEACD2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1C921281-B9F5-41EC-BDC6-3392ADF965CE}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{1BAE0EAB-56E0-43D4-9245-A8E18D80F4AF}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{C817ED63-3151-4432-B264-A002FAFBABBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B097DD0D-7C50-42FF-A0B6-F56DF3A5A6D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BC704BCB-77BF-4C3D-8770-CDA633B29C65}] => (Allow) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{39041D88-E549-43AE-81F4-F92473CE0969}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{46778BBC-AA63-4A87-A513-AF758E82E8B0}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{900005F2-CC3F-46E8-AE1F-125EDBE619DB}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{4E3FE453-6149-4990-BE91-1281ACDD0229}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2017 12:02:49 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Teacher\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (05/21/2017 04:19:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpqWmiEx.exe, version: 4.6.10.1, time stamp: 0x5048beb6
Faulting module name: hpqWmiEx.exe, version: 4.6.10.1, time stamp: 0x5048beb6
Exception code: 0xc0000005
Fault offset: 0x00044dba
Faulting process id: 0xdc8
Faulting application start time: 0x01d2c9957cb266ab
Faulting application path: C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
Faulting module path: C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
Report Id: 23dd362c-3e6b-11e7-a74b-cc52af856c97

Error: (05/13/2017 02:59:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/05/2017 09:31:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 53.0.0.6312, time stamp: 0x58f0428a
Faulting module name: xul.dll, version: 53.0.0.6312, time stamp: 0x58f046bd
Exception code: 0x80000003
Fault offset: 0x00886df8
Faulting process id: 0x113c
Faulting application start time: 0x01d2c509499cb449
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\xul.dll
Report Id: 121942c7-3204-11e7-8ce5-cc52af856c97

Error: (03/27/2017 03:21:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7a0

Start Time: 01d2a737928e8ade

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: e7c9c235-132a-11e7-ba2d-cc52af856c97

Error: (03/18/2017 04:08:25 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (01/13/2017 07:36:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (12/14/2016 02:41:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (12/07/2016 09:02:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.0.0.6152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c444

Start Time: 01d248ee5d97ba23

Termination Time: 295

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 6281363d-bcea-11e6-a032-cc52af856c97

Error: (11/28/2016 02:04:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 84dc

Start Time: 01d2480727574220

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (06/11/2017 12:30:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Default.

Error: (06/11/2017 12:30:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Default.

Error: (06/11/2017 12:30:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Default.

Error: (06/11/2017 12:30:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Default.

Error: (06/11/2017 11:51:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (06/11/2017 11:51:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (06/11/2017 12:46:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/11/2017 12:46:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/11/2017 12:46:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/11/2017 12:46:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================
  Date: 2017-06-11 12:52:14.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-11 11:54:19.993
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 23:25:37.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 21:34:18.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 21:31:30.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:41:03.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:36:22.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:36:21.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestacap.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:32:50.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-10 20:32:46.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 2996.04 MB
Available physical RAM: 1724.84 MB
Total Virtual: 5990.39 MB
Available Virtual: 4511.64 MB

==================== Drives ================================

Drive c: (Default) (Fixed) (Total:232.88 GB) (Free:202.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B08384BF)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#13
zep516
Posted 11 June 2017 - 02:45 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Is system restore turned on ?
http://helpdeskgeek....system-restore/

Lets also Check the Disk for Errors

Open the Command Prompt as Administrator, to do that--> click start > in the search box type CMD, then right click on CMD in the list and "Run as admin".
type the command: or just copy an paste it into the black command prompt window.
chkdsk C: /f /x
Note: When it ask if you want to checked the volume next time the system restarts answer Yes
Restart the Computer and let the check run during boot.

Next,

download ListChkdskResult https://www.dropbox....Result.exe?dl=1
execute the file and accept all the windows prompts to authorize the program to run
Notepad will open with a report showing the chkdsk result
copy & paste the log to your reply
  • 0

#14
Krueg9651
Posted 11 June 2017 - 03:11 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

A few corrections:  This computer is from 2009.  So far, it's been picking up speed after I restart it in Normal mode!

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 6/11/2017 4:08:05 PM >------
Category: 0
Computer Name: MININT-CSRN707
Event Code: 1001
Record Number: 19411
Source Name: Microsoft-Windows-Wininit
Time Written: 06-11-2017 @ 21:06:05
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is Default.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x438ff8 for possibly 0x31 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x26431 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 156721.
  241408 file records processed.                                        

File verification completed.
  632 large file records processed.                                  

  0 bad file records processed.                                    

  6 EA records processed.                                          

  44 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
Index entry Report.wer of index $I30 in file 0x246e5 points to unused file 0x26437.
Deleting index entry Report.wer in index $I30 of file 149221.
  285586 index entries processed.                                       

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file APPCRA~4 (149221) into directory file 1105.
Recovering orphaned file AppCrash_c0000185_527d3ae4857ee3c17b123f7227aaf8386dbab6_bd86c102 (149221) into directory file 1105.
  3 unindexed files scanned.                                       

Recovering orphaned file recovery.bak (156721) into directory file 2723.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  241408 file SDs/SIDs processed.                                       

Cleaning up 2796 unused index entries from index $SII of file 0x9.
Cleaning up 2796 unused index entries from index $SDH of file 0x9.
Cleaning up 2796 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 156721.
  22091 data files processed.                                          

CHKDSK is verifying Usn Journal...
  40954216 USN bytes processed.                                           

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 244196535 KB total disk space.
  31806080 KB in 103644 files.
     71344 KB in 22092 indexes.
         0 KB in bad sectors.
    358435 KB in use by the system.
     65536 KB occupied by the log file.
 211960676 KB available on disk.

      4096 bytes in each allocation unit.
  61049133 total allocation units on disk.
  52990169 allocation units available on disk.

Internal Info:
00 af 03 00 33 eb 01 00 f9 77 03 00 00 00 00 00  ....3....w......
7b 56 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  {V..,...........
68 59 07 00 50 01 05 00 f0 17 05 00 00 00 05 00  hY..P...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


  • 0

#15
Krueg9651
Posted 11 June 2017 - 03:13 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

also, I tried System Restore, and here's what I received:

Attached Thumbnails

  • system restore pic.PNG
  • system restore message.PNG
  • system restore message 2 .JPG

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP