Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: HJT Evaluation

  1. #1
    Member Horchheimer's Avatar
    Join Date
    Sep 2005
    Posts
    103
    Points
    0

    Default HJT Evaluation

    Good evening everyone;

    My daughter's laptop has been dogging pretty hard lately, and it's gotten to the point where basic functions like wordpad and simple internet searches are unbearable. I've come to H2G a few times in the past, and you guys have always been a big help and I'm hoping you can assist again.

    I think most of the issues come from some of the games they want to download (I don't live with them full time and monitoring what they install is a chore)

    As requested; all preliminary scans have been done.


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 11/28/2016 at 09:18 PM

    Application Version : 6.0.1228
    Database Version : 13188

    Scan type : Complete Scan
    Total Scan Time : 01:35:06

    Operating System Information
    Windows 8.1 Home 64-bit (Build 6.03.9600)
    UAC On - Limited User

    Memory items scanned : 781
    Memory threats detected : 0
    Registry items scanned : 59529
    Registry threats detected : 0
    File items scanned : 26564
    File threats detected : 495

    Adware.Tracking Cookie
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\4FASWBWX.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\4FASWBWX.txt [ /mathtag.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\JATVC02O.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\JATVC02O.txt [ /domdex.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\CKL4M6V9.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\CKL4M6V9.txt [ /viglink.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\II1MDRO2.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\II1MDRO2.txt [ /bidswitch.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\UZMHU7VV.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\UZMHU7VV.txt [ /intentiq.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\XHQ67KAR.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\XHQ67KAR.txt [ /revsci.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\QAVBBW7C.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\QAVBBW7C.txt [ /pubmatic.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\FAEQCF0I.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\FAEQCF0I.txt [ /bluekai.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\ZNRE8HP3.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\ZNRE8HP3.txt [ /rlcdn.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\REL2205N.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\REL2205N.txt [ /simpli.fi ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\Y0EN8CSV.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\Y0EN8CSV.txt [ /scorecardresearch.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\ZU3441GF.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\ZU3441GF.txt [ /pro-market.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\20F8FE29.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\20F8FE29.txt [ /sitescout.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\O5KI9B4J.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\O5KI9B4J.txt [ /exelator.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\CGRQTCAZ.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\CGRQTCAZ.txt [ /advertising.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\MN00L24T.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\MN00L24T.txt [ /afy11.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\UUAK22PU.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\UUAK22PU.txt [ /crsspxl.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\6S1PQV5P.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\6S1PQV5P.txt [ /serving-sys.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\S3M9N6MR.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\S3M9N6MR.txt [ /rma-api.gravity.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\W72WSOFA.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\W72WSOFA.txt [ /contextweb.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\WK9LB28F.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\WK9LB28F.txt [ /demdex.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\Y9TIN8ZJ.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\Y9TIN8ZJ.txt [ /gravity.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\84IMQLO4.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\84IMQLO4.txt [ /mookie1.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\KB68JCMS.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\KB68JCMS.txt [ /adsrvr.org ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\MN4G22AH.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\MN4G22AH.txt [ /openx.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\LLO0TSYG.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\LLO0TSYG.txt [ /casalemedia.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\FK1J926P.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\FK1J926P.txt [ /adnxs.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\F50MZWZ1.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\F50MZWZ1.txt [ /pixel.rubiconproject.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\TQUKJE91.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\TQUKJE91.txt [ /owneriq.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\P2P8DTM9.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\P2P8DTM9.txt [ /chango.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\YT0MVN7M.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\YT0MVN7M.txt [ /turn.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\9ZQDG1HP.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\9ZQDG1HP.txt [ /eyeota.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\BB7G0M18.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\BB7G0M18.txt [ /adtechus.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\QERJOF8A.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\QERJOF8A.txt [ /adgrx.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\OEX4XRAV.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\OEX4XRAV.txt [ /abmr.net ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\XS58P2FR.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\XS58P2FR.txt [ /rubiconproject.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\7HHYEQDF.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\7HHYEQDF.txt [ /ml314.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\5YM8Q69S.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\5YM8Q69S.txt [ /ads.pubmatic.com ]
    C:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\YRXWFXDN.txtC:\Users\Karla\AppData\Local\Microsoft\Windows\INetCookies\Low\YRXWFXDN.txt [ /doubleclick.net ]
    media6degrees.com/.vstcnt [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\1PKJ5SJB.TXT ]
    media6degrees.com/.clid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\1PKJ5SJB.TXT ]
    media6degrees.com/.acs [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\1PKJ5SJB.TXT ]
    sitescout.com/.ssi [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\20F8FE29.TXT ]
    sitescout.com/._ssum [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\20F8FE29.TXT ]
    mathtag.com/.uuid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\4FASWBWX.TXT ]
    mathtag.com/.HRL8 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\4FASWBWX.TXT ]
    mathtag.com/.mt_mop [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\4FASWBWX.TXT ]
    ads.pubmatic.com/.KCCH [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\5YM8Q69S.TXT ]
    serving-sys.com/.A6 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\6S1PQV5P.TXT ]
    serving-sys.com/.u2 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\6S1PQV5P.TXT ]
    ml314.com/.pi [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\7HHYEQDF.TXT ]
    ml314.com/.tp [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\7HHYEQDF.TXT ]
    mookie1.com/.id [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\84IMQLO4.TXT ]
    mookie1.com/.mdata [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\84IMQLO4.TXT ]
    eyeota.net/.mako_uid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\9ZQDG1HP.TXT ]
    adtechus.com/.JEB2 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\BB7G0M18.TXT ]
    adtechus.com/.ADMARK [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\BB7G0M18.TXT ]
    advertising.com/.CS1 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\CGRQTCAZ.TXT ]
    advertising.com/.JEB2 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\CGRQTCAZ.TXT ]
    advertising.com/.ACID [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\CGRQTCAZ.TXT ]
    advertising.com/.UMAP [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\CGRQTCAZ.TXT ]
    advertising.com/.ADMARK [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\CGRQTCAZ.TXT ]
    viglink.com/.vglnk.Agent.p [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\CKL4M6V9.TXT ]
    pixel.rubiconproject.com/.rpx [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\F50MZWZ1.TXT ]
    bluekai.com/.bkdc [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\FAEQCF0I.TXT ]
    bluekai.com/.bku [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\FAEQCF0I.TXT ]
    adnxs.com/.anj [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\FK1J926P.TXT ]
    adnxs.com/.icu [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\FK1J926P.TXT ]
    adnxs.com/.sess [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\FK1J926P.TXT ]
    adnxs.com/.uuid2 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\FK1J926P.TXT ]
    bidswitch.net/.tuuid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\II1MDRO2.TXT ]
    bidswitch.net/.tuuid_last_update [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\II1MDRO2.TXT ]
    bidswitch.net/.c [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\II1MDRO2.TXT ]
    domdex.com/.PAD [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELtbbtyr [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELnccarkhf [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELehovpba [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELthzthz [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELgncnq [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.lkw [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELpbagrkgjro [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELpnfnyr [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELrkryngr [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELqngbavpf [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    domdex.com/.PIXELivtyvax [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\JATVC02O.TXT ]
    adsrvr.org/.TDID [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\KB68JCMS.TXT ]
    adsrvr.org/.TDCPM [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\KB68JCMS.TXT ]
    casalemedia.com/.CMID [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\LLO0TSYG.TXT ]
    casalemedia.com/.CMPS [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\LLO0TSYG.TXT ]
    casalemedia.com/.CMST [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\LLO0TSYG.TXT ]
    casalemedia.com/.CMRUM3 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\LLO0TSYG.TXT ]
    afy11.net/.a [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\MN00L24T.TXT ]
    openx.net/.i [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\MN4G22AH.TXT ]
    exelator.com/.ud [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\O5KI9B4J.TXT ]
    exelator.com/.EE [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\O5KI9B4J.TXT ]
    abmr.net/.01AI [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\OEX4XRAV.TXT ]
    chango.com/._t [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\P2P8DTM9.TXT ]
    chango.com/._vt [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\P2P8DTM9.TXT ]
    chango.com/._i_aol [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\P2P8DTM9.TXT ]
    chango.com/._i_ca [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\P2P8DTM9.TXT ]
    pubmatic.com/.KTPCACOOKIE [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QAVBBW7C.TXT ]
    pubmatic.com/.PUBMDCID [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QAVBBW7C.TXT ]
    pubmatic.com/.pp [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QAVBBW7C.TXT ]
    pubmatic.com/.pubtime_165279 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QAVBBW7C.TXT ]
    pubmatic.com/.PMDTSHR [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QAVBBW7C.TXT ]
    pubmatic.com/.pi [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QAVBBW7C.TXT ]
    adgrx.com/.ADGRX_UID [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QERJOF8A.TXT ]
    adgrx.com/.ADGRX_CM_CASALE_US_BRIDGED [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QERJOF8A.TXT ]
    adgrx.com/.ADGRX_CM_CASALE_BRIDGED [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QERJOF8A.TXT ]
    simpli.fi/.uid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\REL2205N.TXT ]
    rma-api.gravity.com/.lastUgOutgoingSyncTime [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\S3M9N6MR.TXT ]
    owneriq.net/.p2 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\TQUKJE91.TXT ]
    owneriq.net/.si [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\TQUKJE91.TXT ]
    owneriq.net/.ac [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\TQUKJE91.TXT ]
    crsspxl.com/.uid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UUAK22PU.TXT ]
    crsspxl.com/.uuid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UUAK22PU.TXT ]
    crsspxl.com/.re [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UUAK22PU.TXT ]
    intentiq.com/.IQver [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    intentiq.com/.intentIQ [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    intentiq.com/.AWSELB [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    intentiq.com/.IQRubiconCookieSync [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    intentiq.com/.CSDT [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    intentiq.com/.ASDT [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    intentiq.com/.IQPData [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    intentiq.com/.IQMID [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\UZMHU7VV.TXT ]
    contextweb.com/.V [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\W72WSOFA.TXT ]
    contextweb.com/.pb_rtb_ev [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\W72WSOFA.TXT ]
    contextweb.com/.sto-id-20480-bh [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\W72WSOFA.TXT ]
    dpm.demdex.net/.dpm [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\WFFDKIJG.TXT ]
    demdex.net/.demdex [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\WK9LB28F.TXT ]
    revsci.net/.rts_AAAA [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XHQ67KAR.TXT ]
    rubiconproject.com/.ruid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.ses2 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.ses9 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.vis9 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.vis2 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.ses15 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.vis15 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.rpb [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.sput [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    rubiconproject.com/.khaos [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XS58P2FR.TXT ]
    scorecardresearch.com/.UID [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\Y0EN8CSV.TXT ]
    scorecardresearch.com/.UIDR [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\Y0EN8CSV.TXT ]
    gravity.com/.vaguid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\Y9TIN8ZJ.TXT ]
    gravity.com/._gravity_privacy [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\Y9TIN8ZJ.TXT ]
    doubleclick.net/.id [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\YRXWFXDN.TXT ]
    doubleclick.net/.IDE [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\YRXWFXDN.TXT ]
    turn.com/.uid [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\YT0MVN7M.TXT ]
    rlcdn.com/.ck1 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\ZNRE8HP3.TXT ]
    rlcdn.com/.rlas3 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\ZNRE8HP3.TXT ]
    rlcdn.com/.rtn1 [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\ZNRE8HP3.TXT ]
    pro-market.net/.anSt [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\ZU3441GF.TXT ]
    pro-market.net/.anProfile [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\ZU3441GF.TXT ]
    pro-market.net/.anHistory [ C:\USERS\KARLA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\ZU3441GF.TXT ]
    .abmr.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .lijit.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .iasds01.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adgrx.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adgrx.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adgrx.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adkernel.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    a.komoona.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    s.opendsp.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    s2s.komoona.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    stat.komoona.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    tag.crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .btrll.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .iasds01.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .dotomi.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .exelator.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .eqads.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mathtag.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ligadx.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ligadx.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .reson8.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .reson8.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .reson8.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .swid.switchads.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    match.rundsp.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    match.rundsp.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .krxd.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adsrvr.org [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adsrvr.org [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .tapad.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .tapad.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adsymptotic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ads.stickyadstv.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adfarm1.adition.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .contextweb.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adrta.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adrta.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .eyeviewads.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adblade.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .go.sonobi.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .go.sonobi.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .go.sonobi.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crwdcntrl.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crwdcntrl.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crwdcntrl.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crwdcntrl.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .chango.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .chango.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .chango.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .chango.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .krxd.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .1rx.io [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .sitescout.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .chango.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .tubemogul.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .chango.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .afy11.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .agkn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .owneriq.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adaptv.advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bidr.io [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bluekai.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bluekai.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bizrate.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adhigh.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bidswitch.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .basebanner.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .basebanner.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .basebanner.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .basebanner.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .basebanner.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rlcdn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .wtp101.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .demdex.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pippio.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .dpm.demdex.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    tap.rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .sxp.smartclip.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .udmserve.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ebdr3.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .eyereturn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .everesttech.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .extend.tv [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .turn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    usersync.wdc.sl.rtb.g2trk.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .everesttech.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adhigh.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .gssprt.jp [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ebdr3.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .openx.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mookie1.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .intentiq.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .geo-um.btrll.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .geo-um.btrll.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .komoona.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .komoona.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .lijit.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .lkqd.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .domdex.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .liverail.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .liverail.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .w55c.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .w55c.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .w55c.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .w55c.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mookie1.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adingo.jp [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mathtag.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mathtag.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mxptint.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .nexac.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .netseer.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .opendsp.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .owneriq.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .spotxchange.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .contextweb.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .openx.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .owneriq.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .sxp.smartclip.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ads.pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pubmatic.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    tap-secure.rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pippio.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .gwallet.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .gwallet.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .gwallet.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .turn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .c1exchange.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rlcdn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bizrate.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .owneriq.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .udmserve.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .pixel.rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .turn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adbrn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adaptv.advertising.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rlcdn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .turn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .afy11.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .reson8.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .owneriq.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .skimresources.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .skimresources.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .sitescout.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .sitescout.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .contextweb.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .contextweb.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mookie1.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .tidaltv.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .gssprt.jp [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .teads.tv [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adbrn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ads.kiosked.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bidswitch.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .company-target.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .wtp101.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ad.360yield.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ads.creative-serving.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    prg.kargo.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ads.kiosked.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .bidswitch.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .company-target.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .wtp101.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ad.360yield.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ads.creative-serving.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .agkn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .exelator.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .udmserve.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adform.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .komoona.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .simpli.fi [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .turn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ads.stickyadstv.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .clickonometrics.pl [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .addthis.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ad.360yield.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    prg.kargo.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .ads.kiosked.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    ad.360yield.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .spotxchange.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .agkn.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .crsspxl.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mathtag.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .sxp.smartclip.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .mathtag.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .contextweb.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .rubiconproject.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .gumgum.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .contextweb.com [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]
    .w55c.net [ C:\USERS\KARLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WBPUV9U.DEFAULT\COOKIES.SQLITE ]

    ============
    End of Log
    ============

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/28/2016
    Scan Time: 9:29 PM
    Logfile: Malwarebytes Scan 28.NOV.2016.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.11.29.01
    Rootkit Database: v2016.11.20.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Karla

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 343015
    Time Elapsed: 1 hr, 23 min, 30 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:08:32 PM, on 11/28/2016
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.18123)

    FIREFOX: 50.0 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    C:\Program Files\AVAST Software\Avast\avastUi.exe
    C:\Users\Karla\Desktop\Dad Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\RunOnce: [20161125] "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" "C:\Program Files\AVAST Software\Avast\cad819f6-dfe4-49b0-997d-49ab91b0c1c8\e16f8bba-8671-4924-b030-26f290147131.dll",_stage2@16
    O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    O4 - HKCU\..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A46C576B-BE30-4806-85AF-C9B183E280FB}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A48F2A54-0679-470F-BD7F-91F5E035EBB1}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    O23 - Service: PremierOpinion - Unknown owner - C:\Program Files (x86)\PremierOpinion\pmservice.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

    --
    End of file - 11283 bytes


    Just as an added note; when I ran the HJT log, I received the following message

    "For some reason your system denied write access to the hosts fie. If any hijacked domains are in this file, HJT may NOT beable to fix this"



    Thanks for taking the time to view this. If there is anything else you need, don't hesitate to ask. I did run the Avast scan as requested as well, but didn't post the results because it wasn't asked for. I do have that handy if needed.

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi! My name is zep516 and Welcome to Help2go!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    It looks like you have 2 Anti Virus programs running Avast and McAfee. Only run one Anti Virus program never 2 at once.
    You also have some adware present that Malwarebytes missed. Don't try an fix anything yet.
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    For some reason your system denied write access to the hosts fie. If any hijacked domains are in this file, HJT may NOT beable to fix this"
    That message results if you do not right click on the Hijackthis Icon and choose "Run as administrator" Please run all my tools that way.


    We need to see a different set of scans. We will also run 2 adware scans.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Everything gets download to the desktop and tools are "Run as administrator."

    Note: You need to run the version compatible with your system. "64Bit" version for you.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    Next

    Please download adwCleaner to your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.


    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.
    Last edited by zep516; 11-29-2016 at 04:55 PM.

  3. #3
    Member Horchheimer's Avatar
    Join Date
    Sep 2005
    Posts
    103
    Points
    0

    Default

    Thank you for taking the time to review my case Zep. I'm going to start following your instruction and will post the requested scans.

    One quick question though. How do I uninstall Norton? I've tried getting rid of it in the past (favoring avast) but it always gives me grief trying to do so.

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Uninstall Norton like you would uninstall any other program and then run the Norton Removal tool,
    https://support.norton.com/sp/en/us/...rProfile_en_us

  5. #5
    Member Horchheimer's Avatar
    Join Date
    Sep 2005
    Posts
    103
    Points
    0

    Default

    Thanks Zep. I was able to uninstall that other Anti-Virus.

    As requested, I downloaded the programs, ran them as instructed and saved the logs. Here they are. Just an FYI though, as I was running ADCleaner one, between the cleanup and the secondary logfile; the program got hung up for a long while and it came back with a "Non-Responsive" warning in the header bar. I forced stop it; ran it again from scratch and only got two infected files on the second run (it was like 122 the first time). I finished it successfully the second time but saved as many logs as I could.

    I hope I did everything correctly here.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
    Ran by Karla (administrator) on THEGIRLS (30-11-2016 21:46:05)
    Running from C:\Users\Karla\Desktop
    Loaded Profiles: Karla (Available Profiles: Karla & Mia & Ava)
    Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe
    (Google Inc.) C:\Program Files\AVAST Software\Avast\setup\gtoolbar_setup_14805602236612.exe
    (Google Inc.) C:\Windows\Temp\GoogleUpdateSetup_1.3.21.169.exe
    (Google Inc.) C:\Program Files (x86)\GUM1C13.tmp\GoogleUpdate.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-28] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-25] (Lavasoft)
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-18] (SUPERAntiSpyware)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-28] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{2A9C9541-4C08-415C-9086-02EBE3FADB3B}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{A46C576B-BE30-4806-85AF-C9B183E280FB}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A46C576B-BE30-4806-85AF-C9B183E280FB}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A48F2A54-0679-470F-BD7F-91F5E035EBB1}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A48F2A54-0679-470F-BD7F-91F5E035EBB1}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
    SearchScopes: HKLM -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-2634854318-3727654164-513184927-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2634854318-3727654164-513184927-1001 -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-28] (AVAST Software)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-28] (AVAST Software)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

    FireFox:
    ========
    FF DefaultProfile: 7wbpuv9u.default
    FF ProfilePath: C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\7wbpuv9u.default [2016-11-30]
    FF Extension: (All Aboard) - C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\7wbpuv9u.default\Extensions\@all-aboard-v1-5 [2016-11-27]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-28]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-28]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2016-11-30] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2016-11-30] (Google Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-28] (AVAST Software)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-25] (Lavasoft Limited)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.)
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-28] (AVAST Software)
    S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-11-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-28] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-28] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-28] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-28] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-28] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-11-28] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-28] (AVAST Software)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-30] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
    R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 21:52 - 2016-11-30 21:52 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1480560720
    2016-11-30 21:52 - 2016-11-30 21:52 - 00001066 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-11-30 21:52 - 2016-11-30 21:52 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-11-30 21:48 - 2016-11-30 21:50 - 00000000 ____D C:\ProgramData\Google
    2016-11-30 21:46 - 2016-11-30 21:46 - 00016712 _____ C:\Users\Karla\Desktop\FRST.txt
    2016-11-30 21:45 - 2016-11-30 21:46 - 00000000 ____D C:\FRST
    2016-11-30 21:43 - 2016-11-30 21:44 - 00000000 ____D C:\Program Files (x86)\GUM1C13.tmp
    2016-11-30 21:43 - 2016-11-30 21:43 - 50063360 _____ C:\Program Files (x86)\GUT1C14.tmp
    2016-11-30 21:43 - 2016-11-30 21:43 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-30 21:43 - 2016-11-30 21:43 - 00002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-30 21:36 - 2016-11-30 21:43 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-11-30 21:36 - 2016-11-30 21:42 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-11-30 21:36 - 2016-11-30 21:36 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-11-30 21:36 - 2016-11-30 21:36 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-11-30 21:33 - 2016-11-30 21:42 - 00000000 ____D C:\Program Files (x86)\Google
    2016-11-30 21:29 - 2016-11-30 21:29 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-11-30 19:29 - 2016-11-30 19:31 - 01631928 _____ (Malwarebytes) C:\Users\Karla\Desktop\JRT.exe
    2016-11-30 19:09 - 2016-11-30 19:11 - 03910208 _____ C:\Users\Karla\Desktop\adwcleaner_6.030.exe
    2016-11-30 18:58 - 2016-11-30 19:00 - 02411520 _____ (Farbar) C:\Users\Karla\Desktop\FRST64.exe
    2016-11-28 19:15 - 2016-11-28 19:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Karla\Downloads\HijackThis(1).exe
    2016-11-28 19:01 - 2016-11-28 19:01 - 00000000 ____D C:\Users\Karla\AppData\Roaming\AVAST Software
    2016-11-28 19:01 - 2016-11-28 19:01 - 00000000 ____D C:\Users\Karla\AppData\Local\CEF
    2016-11-28 18:51 - 2016-11-28 18:51 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-11-28 18:51 - 2016-11-28 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-11-28 18:31 - 2016-11-30 21:32 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-11-28 18:31 - 2016-11-28 18:31 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-11-28 18:31 - 2016-11-28 18:31 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-11-28 18:28 - 2016-11-28 18:33 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2016-11-28 18:28 - 2016-11-28 18:33 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2016-11-28 18:28 - 2016-11-28 18:33 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-11-28 18:28 - 2016-11-28 18:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-11-28 18:24 - 2016-11-28 18:24 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-11-28 18:22 - 2016-11-28 18:22 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-11-28 18:18 - 2016-11-30 21:29 - 00000000 ____D C:\Program Files\AVAST Software
    2016-11-28 14:50 - 2016-11-28 14:56 - 00000000 ___HD C:\$SysReset
    2016-11-28 00:29 - 2016-11-30 21:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-11-28 00:25 - 2016-11-30 21:29 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-11-28 00:12 - 2016-11-28 00:12 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-11-28 00:12 - 2016-11-28 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-11-27 23:50 - 2016-11-28 00:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-11-27 23:50 - 2016-11-27 23:50 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-11-27 23:50 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-11-27 23:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-11-27 23:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-11-27 23:29 - 2016-11-27 23:40 - 22851472 _____ (Malwarebytes ) C:\Users\Karla\Downloads\mbam-setup-2.2.1.1043.exe
    2016-11-27 23:16 - 2016-11-30 18:45 - 00000000 ____D C:\Users\Karla\AppData\LocalLow\Mozilla
    2016-11-27 23:14 - 2016-11-27 23:22 - 00000000 ____D C:\Users\Karla\AppData\Local\Mozilla
    2016-11-27 23:14 - 2016-11-27 23:15 - 00000000 ____D C:\Users\Karla\AppData\Roaming\Mozilla
    2016-11-27 23:12 - 2016-11-27 23:12 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-11-27 23:12 - 2016-11-27 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-27 23:07 - 2016-11-27 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-27 21:19 - 2016-11-27 21:19 - 00000000 ____D C:\SUPERDelete
    2016-11-27 21:15 - 2016-11-27 21:15 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7e8d0279-7e0d-4b1c-bd50-0f6c2f813b26.job
    2016-11-27 21:15 - 2016-11-27 21:15 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6ea5824f-ff67-44fc-a808-0540947aa18d.job
    2016-11-27 21:15 - 2016-11-27 21:15 - 00000000 ____D C:\Users\Karla\AppData\Roaming\SUPERAntiSpyware.com
    2016-11-27 21:14 - 2016-11-28 00:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-11-27 21:14 - 2016-11-27 21:14 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-11-27 21:14 - 2016-11-27 21:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2016-11-27 21:14 - 2016-11-27 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-11-27 21:10 - 2016-11-28 23:09 - 00000000 ____D C:\Users\Karla\Desktop\Dad Programs
    2016-11-27 20:48 - 2016-11-27 20:48 - 00117860 _____ C:\Windows\ntbtlog.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 21:45 - 2014-12-26 18:20 - 00000000 ____D C:\Users\Karla\Documents\Youcam
    2016-11-30 21:26 - 2014-12-26 18:25 - 00000000 __RDO C:\Users\Karla\OneDrive
    2016-11-30 21:19 - 2014-08-26 17:59 - 00000000 ____D C:\ProgramData\McAfee
    2016-11-30 21:19 - 2014-08-26 17:59 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-11-30 21:19 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-11-30 20:38 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2016-11-30 20:34 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-11-30 20:34 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
    2016-11-30 20:24 - 2014-12-26 18:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634854318-3727654164-513184927-1001
    2016-11-30 20:19 - 2014-07-18 03:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
    2016-11-30 19:48 - 2014-08-26 17:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-11-30 19:08 - 2014-08-26 17:48 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2016-11-30 19:07 - 2015-09-06 10:55 - 00000000 ____D C:\Users\Karla\AppData\Roaming\WildTangent
    2016-11-30 19:07 - 2014-08-26 17:48 - 00000000 ____D C:\ProgramData\WildTangent
    2016-11-30 09:36 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-11-28 19:27 - 2014-12-26 18:18 - 00000000 ____D C:\Users\Karla\AppData\Local\VirtualStore
    2016-11-28 17:36 - 2014-03-18 04:53 - 00006424 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-11-28 12:57 - 2014-12-26 18:17 - 00000000 ____D C:\Users\Karla
    2016-11-28 12:52 - 2014-12-26 18:26 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EFAE64F1-604C-4CFC-9153-382E59B8A92B}
    2016-11-28 03:22 - 2016-04-19 16:58 - 00000000 ____D C:\ProgramData\bcdbf3d4
    2016-11-27 19:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

    Some files in TEMP:
    ====================
    C:\Users\Karla\AppData\Local\Temp\0143661480554248mcinst.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-28 10:15

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
    Ran by Karla (30-11-2016 21:57:56)
    Running from C:\Users\Karla\Desktop
    Windows 8.1 Connected (Update) (X64) (2014-12-26 23:17:40)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2634854318-3727654164-513184927-500 - Administrator - Disabled)
    Ava (S-1-5-21-2634854318-3727654164-513184927-1005 - Limited - Enabled) => C:\Users\Ava
    Guest (S-1-5-21-2634854318-3727654164-513184927-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2634854318-3727654164-513184927-1003 - Limited - Enabled)
    Karla (S-1-5-21-2634854318-3727654164-513184927-1001 - Administrator - Enabled) => C:\Users\Karla
    Mia (S-1-5-21-2634854318-3727654164-513184927-1004 - Limited - Enabled) => C:\Users\Mia

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
    Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
    Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
    PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
    SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-2 - Wacom Technology Corp.)
    Web Companion (HKLM-x32\...\{fece874c-dead-443e-814d-0e205ba25431}) (Version: 2.1.1265.2535 - Lavasoft)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0EAC5AAB-F2C0-466C-90D7-E7E0AD0C165B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
    Task: {0FF9B25C-F076-4A45-A818-A5A79C228A7B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-11-28] (AVAST Software)
    Task: {1D0B8FAF-A1EC-498C-A9C0-B0E048D659B2} - System32\Tasks\SafeZone scheduled Autoupdate 1480560720 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {1E3F3100-F96A-41A9-8A2F-191978902286} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-30] (Google Inc.)
    Task: {2FCFDAFA-F24D-4469-83C2-8049EB26D499} - \{0D0A0D47-7E0F-7E0A-7811-0F050A7D110E} -> No File <==== ATTENTION
    Task: {3FA5A557-27B7-4340-80AD-B49670E8A04B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
    Task: {4ED1905A-7F56-47D0-8060-254883C2F2FE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
    Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
    Task: {9EEC1811-7E27-43B7-BEB0-CBDEB85F1FD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
    Task: {AD2CB727-6930-4C5C-821C-C6B23C295D28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
    Task: {C71B8B72-FDAA-4279-A57C-4C43964AC8E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
    Task: {C7565D36-367F-42C7-B6AE-99FDAA9FFE97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-30] (Google Inc.)
    Task: {D79FDC4D-B5AA-4560-BF87-5F9DDE0A1F3B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
    Task: {F5442D68-79CA-411C-BE2B-21BAB12CB622} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-28] (AVAST Software)
    Task: {F9ED5983-0FF0-4266-8E6D-45D01FC69670} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6ea5824f-ff67-44fc-a808-0540947aa18d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7e8d0279-7e0d-4b1c-bd50-0f6c2f813b26.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Karla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP

    ==================== Loaded Modules (Whitelisted) ==============

    2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2015-12-25 15:48 - 2015-12-21 13:02 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
    2016-11-28 18:22 - 2016-11-28 18:22 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-11-28 18:28 - 2016-11-28 18:28 - 03134984 _____ () C:\Program Files\AVAST Software\Avast\defs\16112800\algo.dll
    2016-11-28 18:22 - 2016-11-28 18:22 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-11-30 21:30 - 2016-11-30 21:30 - 03133960 _____ () C:\Program Files\AVAST Software\Avast\defs\16113000\algo.dll
    2016-11-28 18:23 - 2016-11-28 18:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karla\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{E429C24F-C4EA-483B-9B39-6C65B5726460}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AF9F377A-C496-4C3D-849F-0D624BEF5B8F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A1092A80-B329-4887-9EA1-E5D6854E566A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{00117B5C-DA93-4B3B-BF2D-C09F5189806A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{984D5434-C1CB-4033-BBD9-E165387AEEFF}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{C4B4740B-01DB-4628-A530-3C87F8A4B1A7}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{6C2EB310-679A-4D93-9CC5-688CB29BC108}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{BCABE6A9-CFD2-471B-B779-24DB811722FC}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{00C2FEF1-1DFD-4BE3-AA6E-C1EE37CF303A}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{4953B3EA-D9D3-4E38-A71E-3B70E0569894}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{C0100F6C-6D30-443E-8BFE-B3B0AC1BF87E}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{1424085B-41CF-43BF-88CB-9FB44CD6369A}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{4983F6AD-FD28-49E8-915D-D633F1D709DD}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{BB682EAB-FB23-46F2-BA13-8947986BD787}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{51477EF5-D1CE-45C4-8047-0640B3A1E6E9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8C653828-DF6B-4057-8876-4CD6B487DE70}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{041F11DC-5949-4D83-9014-A980B03B5815}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/30/2016 09:40:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1278

    Start Time: 01d24b7b629ab541

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 58d39189-b76f-11e6-82ce-8cdcd48e97e1

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (11/30/2016 09:31:18 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (11/30/2016 09:31:11 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (11/30/2016 09:19:50 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
    Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/30/2016 08:03:35 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY)
    Description: Event-ID 5003

    Error: (11/30/2016 07:27:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THEGIRLS)
    Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (11/30/2016 06:39:04 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (11/30/2016 06:38:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

    Error: (11/30/2016 10:07:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LogonUI.exe, version: 6.3.9600.17415, time stamp: 0x5450541b
    Faulting module name: OmniPassCredProv.dll_unloaded, version: 8.0.1.11, time stamp: 0x5335c168
    Exception code: 0xc0000005
    Fault offset: 0x0000000000011c0f
    Faulting process id: 0x21b0
    Faulting application start time: 0x01d24b1b6cc8f930
    Faulting application path: C:\Windows\System32\LogonUI.exe
    Faulting module path: OmniPassCredProv.dll
    Report Id: b8c89291-b70e-11e6-82cd-8cdcd48e97e1
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/30/2016 09:20:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1450

    Start Time: 01d24b1425a717ae

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 1fb14e77-b708-11e6-82cd-8cdcd48e97e1

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


    System errors:
    =============
    Error: (11/30/2016 09:26:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.

    Error: (11/30/2016 09:26:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Search service hung on starting.

    Error: (11/30/2016 09:24:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/30/2016 09:24:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (11/30/2016 09:24:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/30/2016 09:24:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

    Error: (11/30/2016 09:23:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/30/2016 09:23:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (11/30/2016 09:22:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Assistant Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/30/2016 09:22:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.


    CodeIntegrity:
    ===================================
    Date: 2016-11-27 21:07:19.367
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-27 21:07:17.867
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-27 21:07:16.679
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-27 21:07:15.210
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
    Percentage of memory in use: 46%
    Total physical RAM: 3986.95 MB
    Available physical RAM: 2141.7 MB
    Total Virtual: 4690.95 MB
    Available Virtual: 2811.29 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:444.62 GB) (Free:409.73 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    # AdwCleaner v6.030 - Logfile created 30/11/2016 at 22:32:55
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-12-01.1 [Server]
    # Operating System : Windows 8.1 Connected (X64)
    # Username : Karla - THEGIRLS
    # Running from : C:\Users\Karla\Desktop\adwcleaner_6.030.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    Service Found: PremierOpinion
    Service Found: LavasoftTcpService


    ***** [ Folders ] *****

    Folder Found: C:\ProgramData\bcdbf3d4
    Folder Found: C:\Users\Karla\AppData\Roaming\lavasoft\web companion
    Folder Found: C:\ProgramData\lavasoft\web companion
    Folder Found: C:\ProgramData\Application Data\lavasoft\web companion
    Folder Found: C:\Program Files (x86)\lavasoft\web companion


    ***** [ Files ] *****

    File Found: C:\Windows\SysNative\LavasoftTcpService64.dll
    File Found: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
    File Found: C:\Windows\SysWOW64\lavasofttcpservice.dll
    File Found: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
    Key Found: HKLM\SOFTWARE\Lavasoft\Web Companion
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    Key Found: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
    Key Found: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
    Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
    Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Ask.com - What's Your Question?
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Song Lyrics | MetroLyrics
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Coupons and Promo Codes | ShopAtHome.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Ask.com - What's Your Question?
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Song Lyrics | MetroLyrics
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Coupons and Promo Codes | ShopAtHome.com
    Value Found: HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
    Value Found: HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Itibiti.exe]
    Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
    Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
    Value Found: HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
    Value Found: HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
    Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
    Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Key Found: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    # AdwCleaner v6.030 - Logfile created 30/11/2016 at 23:28:03
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-12-01.1 [Server]
    # Operating System : Windows 8.1 Connected (X64)
    # Username : Karla - THEGIRLS
    # Running from : C:\Users\Karla\Desktop\adwcleaner_6.030.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    File Found: C:\Windows\SysNative\LavasoftTcpService64.dll
    File Found: C:\Windows\SysWOW64\lavasofttcpservice.dll


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    No malicious registry entries found.


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [10540 Bytes] - [30/11/2016 22:32:55]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1160 Bytes] - [30/11/2016 23:28:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1233 Bytes] ##########


    C:\AdwCleaner\AdwCleaner[S0].txt - [10210 Bytes] - [30/11/2016 22:32:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10284 Bytes] ##########


    # AdwCleaner v6.030 - Logfile created 30/11/2016 at 23:31:23
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-12-01.1 [Server]
    # Operating System : Windows 8.1 Connected (X64)
    # Username : Karla - THEGIRLS
    # Running from : C:\Users\Karla\Desktop\adwcleaner_6.030.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****

    [#] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
    [#] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****



    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [883 Bytes] - [30/11/2016 23:31:23]
    C:\AdwCleaner\AdwCleaner[S0].txt - [10540 Bytes] - [30/11/2016 22:32:55]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1312 Bytes] - [30/11/2016 23:28:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1102 Bytes] ##########


    # AdwCleaner v6.030 - Logfile created 30/11/2016 at 23:31:23
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-12-01.1 [Server]
    # Operating System : Windows 8.1 Connected (X64)
    # Username : Karla - THEGIRLS
    # Running from : C:\Users\Karla\Desktop\adwcleaner_6.030.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****

    [#] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
    [#] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****



    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [883 Bytes] - [30/11/2016 23:31:23]
    C:\AdwCleaner\AdwCleaner[S0].txt - [10540 Bytes] - [30/11/2016 22:32:55]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1312 Bytes] - [30/11/2016 23:28:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1102 Bytes] ##########





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 8.1 Connected x64
    Ran by Karla (Administrator) on Thu 12/01/2016 at 0:02:36.85
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 1

    Successfully deleted: C:\Program Files (x86)\GUTFDF7.tmp (File)



    Registry: 2

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 12/01/2016 at 0:31:55.13
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    So far so good. I'll get back to you later today.

    Thanks
    Joe

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    AdwCleaner got most of it, just a bit of ordinary adware.

    A few items to fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files (x86)\Lavasoft\Web Companion
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
    Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
    SearchScopes: HKLM -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-2634854318-3727654164-513184927-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2634854318-3727654164-513184927-1001 -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
    2016-11-30 21:43 - 2016-11-30 21:44 - 00000000 ____D C:\Program Files (x86)\GUM1C13.tmp
    2016-11-30 21:43 - 2016-11-30 21:43 - 50063360 _____ C:\Program Files (x86)\GUT1C14.tmp
    2016-11-30 21:19 - 2014-08-26 17:59 - 00000000 ____D C:\ProgramData\McAfee
    2016-11-30 21:19 - 2014-08-26 17:59 - 00000000 ____D C:\Program Files (x86)\McAfee
    C:\Users\Karla\AppData\Local\Temp\0143661480554248mcinst.exe
    Task: {2FCFDAFA-F24D-4469-83C2-8049EB26D499} - \{0D0A0D47-7E0F-7E0A-7811-0F050A7D110E} -> No File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

  8. #8
    Member Horchheimer's Avatar
    Join Date
    Sep 2005
    Posts
    103
    Points
    0

    Default

    Hey there Joe, thank you for the continued assistance.

    Ok, so I had to run your steps twice. The first time I ran it, it got hung up on the reboot for about an hour. I tried to be patient with it, but it wasn't moving at all. So I ran your steps a second time, an it got hung up again, and I went through the whole process again, but this time, I'm not seeing the same message "...such and such not removed" and I thought I would post it for your review.

    Thoughts?


    Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
    Ran by Karla (02-12-2016 12:53:39) Run:2
    Running from C:\Users\Karla\Desktop
    Loaded Profiles: Karla (Available Profiles: Karla & Mia & Ava)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files (x86)\Lavasoft\Web Companion
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
    Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll No File
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-25] (Lavasoft Limited)
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
    SearchScopes: HKLM -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-2634854318-3727654164-513184927-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2634854318-3727654164-513184927-1001 -> {D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
    2016-11-30 21:43 - 2016-11-30 21:44 - 00000000 ____D C:\Program Files (x86)\GUM1C13.tmp
    2016-11-30 21:43 - 2016-11-30 21:43 - 50063360 _____ C:\Program Files (x86)\GUT1C14.tmp
    2016-11-30 21:19 - 2014-08-26 17:59 - 00000000 ____D C:\ProgramData\McAfee
    2016-11-30 21:19 - 2014-08-26 17:59 - 00000000 ____D C:\Program Files (x86)\McAfee
    C:\Users\Karla\AppData\Local\Temp\0143661480554248mcinst.exe
    Task: {2FCFDAFA-F24D-4469-83C2-8049EB26D499} - \{0D0A0D47-7E0F-7E0A-7811-0F050A7D110E} -> No File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "C:\Program Files (x86)\Lavasoft\Web Companion" => not found.
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value not found.
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 => key not found.
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015 => key not found.
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} => key not found.
    HKCR\CLSID\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} => key not found.
    HKCR\Wow6432Node\CLSID\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} => key not found.
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} => key not found.
    HKCR\CLSID\{D17C3FEB-12D9-4D54-B675-4D3DB8D08D2A} => key not found.
    PremierOpinion => service not found.
    "C:\Program Files (x86)\GUM1C13.tmp" => not found.
    "C:\Program Files (x86)\GUT1C14.tmp" => not found.
    "C:\ProgramData\McAfee" => not found.
    "C:\Program Files (x86)\McAfee" => not found.
    "C:\Users\Karla\AppData\Local\Temp\0143661480554248mcinst.exe" => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FCFDAFA-F24D-4469-83C2-8049EB26D499} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D0A0D47-7E0F-7E0A-7811-0F050A7D110E} => key not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => key not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => key not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key not found.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.7.9600 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    {FB6A49D8-5215-427E-8598-A8229FDEEB45} canceled.
    1 out of 1 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========

    Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2123975 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 118557 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 6534120 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 824 B
    NetworkService => 0 B
    Karla => 437350 B
    Mia => 0 B
    Ava => 0 B

    RecycleBin => 12915 B
    EmptyTemp: => 16.8 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:57:03 ====

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    That's the log I expected pretty much. Lets look at a new set of logs and see what's left

    When time permits..

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  10. #10
    Member Horchheimer's Avatar
    Join Date
    Sep 2005
    Posts
    103
    Points
    0

    Default

    Definitely seems to be less laggy... feels like we're making progress...


    Here's those scans Joe


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
    Ran by Karla (administrator) on THEGIRLS (02-12-2016 15:39:45)
    Running from C:\Users\Karla\Desktop
    Loaded Profiles: Karla (Available Profiles: Karla & Mia & Ava)
    Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-28] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-18] (SUPERAntiSpyware)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-28] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{2A9C9541-4C08-415C-9086-02EBE3FADB3B}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{A46C576B-BE30-4806-85AF-C9B183E280FB}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A46C576B-BE30-4806-85AF-C9B183E280FB}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A48F2A54-0679-470F-BD7F-91F5E035EBB1}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A48F2A54-0679-470F-BD7F-91F5E035EBB1}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-28] (AVAST Software)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-30] (Google Inc.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-28] (AVAST Software)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-30] (Google Inc.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-30] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-30] (Google Inc.)

    FireFox:
    ========
    FF DefaultProfile: 7wbpuv9u.default
    FF ProfilePath: C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\7wbpuv9u.default [2016-12-02]
    FF Extension: (All Aboard) - C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\7wbpuv9u.default\Extensions\@all-aboard-v1-5 [2016-11-27]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-28]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-28]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-02] (Google Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

    Chrome:
    =======
    CHR Profile: C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default [2016-12-02]
    CHR Extension: (Docs) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-30]
    CHR Extension: (Google Drive) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-30]
    CHR Extension: (YouTube) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-30]
    CHR Extension: (Gmail) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-30]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-28] (AVAST Software)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-28] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-11-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-28] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-28] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-28] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-28] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-28] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-11-28] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-28] (AVAST Software)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-02] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
    R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-02 12:53 - 2016-12-02 12:57 - 00009194 _____ C:\Users\Karla\Desktop\Fixlog.txt
    2016-12-01 00:31 - 2016-12-01 00:31 - 00000891 _____ C:\Users\Karla\Desktop\JRT.txt
    2016-11-30 23:51 - 2016-11-30 23:51 - 00000000 ____D C:\Users\Karla\AppData\Local\Google
    2016-11-30 22:42 - 2016-11-30 22:42 - 00000000 ____D C:\Program Files (x86)\GUMD8DA.tmp
    2016-11-30 22:04 - 2016-11-30 23:57 - 00000000 ____D C:\AdwCleaner
    2016-11-30 21:57 - 2016-11-30 22:01 - 00026379 _____ C:\Users\Karla\Desktop\Addition.txt
    2016-11-30 21:52 - 2016-12-01 00:32 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1480560720
    2016-11-30 21:52 - 2016-12-01 00:32 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-11-30 21:52 - 2016-11-30 21:52 - 00001066 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-11-30 21:49 - 2016-11-30 21:49 - 00000000 ____D C:\Program Files\Google
    2016-11-30 21:48 - 2016-11-30 21:50 - 00000000 ____D C:\ProgramData\Google
    2016-11-30 21:46 - 2016-12-02 15:40 - 00015373 _____ C:\Users\Karla\Desktop\FRST.txt
    2016-11-30 21:45 - 2016-12-02 15:39 - 00000000 ____D C:\FRST
    2016-11-30 21:43 - 2016-12-02 12:42 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-30 21:43 - 2016-12-02 12:42 - 00002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-30 21:36 - 2016-12-02 15:16 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-11-30 21:36 - 2016-12-02 14:51 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-11-30 21:36 - 2016-12-02 12:46 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-11-30 21:36 - 2016-12-02 12:46 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-11-30 21:33 - 2016-11-30 21:49 - 00000000 ____D C:\Program Files (x86)\Google
    2016-11-30 21:29 - 2016-11-30 21:29 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-11-30 19:29 - 2016-11-30 19:31 - 01631928 _____ (Malwarebytes) C:\Users\Karla\Desktop\JRT.exe
    2016-11-30 19:09 - 2016-11-30 19:11 - 03910208 _____ C:\Users\Karla\Desktop\adwcleaner_6.030.exe
    2016-11-30 18:58 - 2016-11-30 19:00 - 02411520 _____ (Farbar) C:\Users\Karla\Desktop\FRST64.exe
    2016-11-28 19:15 - 2016-11-28 19:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Karla\Downloads\HijackThis(1).exe
    2016-11-28 19:01 - 2016-11-28 19:01 - 00000000 ____D C:\Users\Karla\AppData\Roaming\AVAST Software
    2016-11-28 19:01 - 2016-11-28 19:01 - 00000000 ____D C:\Users\Karla\AppData\Local\CEF
    2016-11-28 18:51 - 2016-11-28 18:51 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-11-28 18:51 - 2016-11-28 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-11-28 18:31 - 2016-11-30 21:32 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-11-28 18:31 - 2016-11-28 18:31 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-11-28 18:31 - 2016-11-28 18:31 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-11-28 18:28 - 2016-11-28 18:33 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2016-11-28 18:28 - 2016-11-28 18:33 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2016-11-28 18:28 - 2016-11-28 18:33 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-11-28 18:28 - 2016-11-28 18:24 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-11-28 18:28 - 2016-11-28 18:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-11-28 18:24 - 2016-11-28 18:24 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-11-28 18:22 - 2016-11-28 18:22 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-11-28 18:18 - 2016-11-30 21:29 - 00000000 ____D C:\Program Files\AVAST Software
    2016-11-28 14:50 - 2016-11-28 14:56 - 00000000 ___HD C:\$SysReset
    2016-11-28 00:29 - 2016-12-02 14:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-11-28 00:25 - 2016-11-30 21:29 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-11-28 00:12 - 2016-11-28 00:12 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-11-28 00:12 - 2016-11-28 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-11-27 23:50 - 2016-11-28 00:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-11-27 23:50 - 2016-11-27 23:50 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-11-27 23:50 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-11-27 23:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-11-27 23:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-11-27 23:29 - 2016-11-27 23:40 - 22851472 _____ (Malwarebytes ) C:\Users\Karla\Downloads\mbam-setup-2.2.1.1043.exe
    2016-11-27 23:16 - 2016-12-02 14:09 - 00000000 ____D C:\Users\Karla\AppData\LocalLow\Mozilla
    2016-11-27 23:14 - 2016-11-27 23:22 - 00000000 ____D C:\Users\Karla\AppData\Local\Mozilla
    2016-11-27 23:14 - 2016-11-27 23:15 - 00000000 ____D C:\Users\Karla\AppData\Roaming\Mozilla
    2016-11-27 23:12 - 2016-12-01 00:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-27 23:12 - 2016-11-27 23:12 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-11-27 23:07 - 2016-12-02 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-27 21:19 - 2016-11-27 21:19 - 00000000 ____D C:\SUPERDelete
    2016-11-27 21:15 - 2016-11-27 21:15 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7e8d0279-7e0d-4b1c-bd50-0f6c2f813b26.job
    2016-11-27 21:15 - 2016-11-27 21:15 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6ea5824f-ff67-44fc-a808-0540947aa18d.job
    2016-11-27 21:15 - 2016-11-27 21:15 - 00000000 ____D C:\Users\Karla\AppData\Roaming\SUPERAntiSpyware.com
    2016-11-27 21:14 - 2016-11-28 00:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-11-27 21:14 - 2016-11-27 21:14 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-11-27 21:14 - 2016-11-27 21:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2016-11-27 21:14 - 2016-11-27 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-11-27 21:10 - 2016-12-02 12:52 - 00000000 ____D C:\Users\Karla\Desktop\Dad Programs
    2016-11-27 20:48 - 2016-11-27 20:48 - 00117860 _____ C:\Windows\ntbtlog.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-02 15:26 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-12-02 15:24 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-12-02 15:23 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-12-02 14:11 - 2014-12-26 18:20 - 00000000 ____D C:\Users\Karla\Documents\Youcam
    2016-12-02 14:08 - 2014-12-26 18:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634854318-3727654164-513184927-1001
    2016-12-02 14:08 - 2014-03-18 04:53 - 00006428 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-12-02 14:04 - 2014-12-26 18:25 - 00000000 __RDO C:\Users\Karla\OneDrive
    2016-12-02 14:00 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-12-02 13:00 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2016-11-30 23:50 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
    2016-11-30 22:43 - 2015-12-25 16:25 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2016-11-30 22:42 - 2015-12-25 16:26 - 00000000 ____D C:\Users\Karla\AppData\Roaming\Lavasoft
    2016-11-30 22:42 - 2015-12-25 16:25 - 00000000 ____D C:\ProgramData\Lavasoft
    2016-11-30 20:34 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-11-30 20:19 - 2014-07-18 03:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
    2016-11-30 19:48 - 2014-08-26 17:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-11-30 19:08 - 2014-08-26 17:48 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2016-11-30 19:07 - 2015-09-06 10:55 - 00000000 ____D C:\Users\Karla\AppData\Roaming\WildTangent
    2016-11-30 19:07 - 2014-08-26 17:48 - 00000000 ____D C:\ProgramData\WildTangent
    2016-11-28 19:27 - 2014-12-26 18:18 - 00000000 ____D C:\Users\Karla\AppData\Local\VirtualStore
    2016-11-28 12:57 - 2014-12-26 18:17 - 00000000 ____D C:\Users\Karla
    2016-11-28 12:52 - 2014-12-26 18:26 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EFAE64F1-604C-4CFC-9153-382E59B8A92B}
    2016-11-27 19:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-28 10:15

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
    Ran by Karla (02-12-2016 15:41:12)
    Running from C:\Users\Karla\Desktop
    Windows 8.1 Connected (Update) (X64) (2014-12-26 23:17:40)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2634854318-3727654164-513184927-500 - Administrator - Disabled)
    Ava (S-1-5-21-2634854318-3727654164-513184927-1005 - Limited - Enabled) => C:\Users\Ava
    Guest (S-1-5-21-2634854318-3727654164-513184927-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2634854318-3727654164-513184927-1003 - Limited - Enabled)
    Karla (S-1-5-21-2634854318-3727654164-513184927-1001 - Administrator - Enabled) => C:\Users\Karla
    Mia (S-1-5-21-2634854318-3727654164-513184927-1004 - Limited - Enabled) => C:\Users\Mia

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
    Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
    Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
    PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
    SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-2 - Wacom Technology Corp.)
    Web Companion (HKLM-x32\...\{fece874c-dead-443e-814d-0e205ba25431}) (Version: 2.1.1265.2535 - Lavasoft)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0EAC5AAB-F2C0-466C-90D7-E7E0AD0C165B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
    Task: {0FF9B25C-F076-4A45-A818-A5A79C228A7B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-11-28] (AVAST Software)
    Task: {1E3F3100-F96A-41A9-8A2F-191978902286} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-02] (Google Inc.)
    Task: {3FA5A557-27B7-4340-80AD-B49670E8A04B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
    Task: {4ED1905A-7F56-47D0-8060-254883C2F2FE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
    Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
    Task: {9EEC1811-7E27-43B7-BEB0-CBDEB85F1FD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
    Task: {AD2CB727-6930-4C5C-821C-C6B23C295D28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
    Task: {B7291BD7-602F-4DB1-BF1A-235850D003D6} - System32\Tasks\SafeZone scheduled Autoupdate 1480560720 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
    Task: {C71B8B72-FDAA-4279-A57C-4C43964AC8E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
    Task: {C7565D36-367F-42C7-B6AE-99FDAA9FFE97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-02] (Google Inc.)
    Task: {D79FDC4D-B5AA-4560-BF87-5F9DDE0A1F3B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
    Task: {F5442D68-79CA-411C-BE2B-21BAB12CB622} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-28] (AVAST Software)
    Task: {F9ED5983-0FF0-4266-8E6D-45D01FC69670} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6ea5824f-ff67-44fc-a808-0540947aa18d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7e8d0279-7e0d-4b1c-bd50-0f6c2f813b26.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2015-12-25 15:48 - 2015-12-21 13:02 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
    2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2016-11-28 18:22 - 2016-11-28 18:22 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-12-02 10:47 - 2016-12-02 10:47 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16120100\algo.dll
    2016-11-28 18:22 - 2016-11-28 18:22 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-11-28 18:23 - 2016-11-28 18:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2634854318-3727654164-513184927-1001\...\localhost -> localhost

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2016-12-02 12:56 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2634854318-3727654164-513184927-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karla\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{E429C24F-C4EA-483B-9B39-6C65B5726460}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AF9F377A-C496-4C3D-849F-0D624BEF5B8F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A1092A80-B329-4887-9EA1-E5D6854E566A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{00117B5C-DA93-4B3B-BF2D-C09F5189806A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{984D5434-C1CB-4033-BBD9-E165387AEEFF}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{C4B4740B-01DB-4628-A530-3C87F8A4B1A7}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{6C2EB310-679A-4D93-9CC5-688CB29BC108}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{BCABE6A9-CFD2-471B-B779-24DB811722FC}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{00C2FEF1-1DFD-4BE3-AA6E-C1EE37CF303A}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{4953B3EA-D9D3-4E38-A71E-3B70E0569894}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{C0100F6C-6D30-443E-8BFE-B3B0AC1BF87E}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{1424085B-41CF-43BF-88CB-9FB44CD6369A}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{4983F6AD-FD28-49E8-915D-D633F1D709DD}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{BB682EAB-FB23-46F2-BA13-8947986BD787}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{51477EF5-D1CE-45C4-8047-0640B3A1E6E9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8C653828-DF6B-4057-8876-4CD6B487DE70}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{041F11DC-5949-4D83-9014-A980B03B5815}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    01-12-2016 00:02:47 JRT Pre-Junkware Removal
    02-12-2016 12:53:49 Restore Point Created by FRST

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/02/2016 02:08:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (12/02/2016 02:08:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (12/02/2016 12:53:47 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {d5571797-243b-4f36-a5a5-bc99bc8d1e14}

    Error: (12/02/2016 12:42:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (12/02/2016 12:42:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (12/02/2016 12:41:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 300

    Start Time: 01d24cc27c98f813

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 716a86f5-b8b6-11e6-82d0-8cdcd48e97e1

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (12/02/2016 12:34:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WTabletServicePro.exe, version: 6.3.15.2, time stamp: 0x56783dd7
    Faulting module name: WTabletServicePro.exe, version: 6.3.15.2, time stamp: 0x56783dd7
    Exception code: 0xc0000005
    Fault offset: 0x000000000005391a
    Faulting process id: 0x470
    Faulting application start time: 0x01d24cc251788ab3
    Faulting application path: C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    Faulting module path: C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    Report Id: 98de4ad1-b8b5-11e6-82d0-8cdcd48e97e1
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/02/2016 10:56:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 173c

    Start Time: 01d24cb3d127f4cf

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: ca6e713a-b8a7-11e6-82cf-8cdcd48e97e1

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (12/01/2016 12:01:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (12/01/2016 12:01:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


    System errors:
    =============
    Error: (12/02/2016 01:00:36 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

    Error: (12/02/2016 01:00:03 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (12/02/2016 12:55:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (12/02/2016 12:54:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (12/02/2016 12:53:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/02/2016 12:53:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (12/02/2016 12:53:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (12/02/2016 12:53:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (12/02/2016 12:53:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (12/02/2016 12:53:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-11-27 21:07:19.367
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-27 21:07:17.867
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-27 21:07:16.679
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-27 21:07:15.210
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
    Percentage of memory in use: 46%
    Total physical RAM: 3986.95 MB
    Available physical RAM: 2126.77 MB
    Total Virtual: 4690.95 MB
    Available Virtual: 2649.71 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:444.62 GB) (Free:408 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB)

    Partition: GPT.

    ==================== End of Addition.txt ============================

Page 1 of 2 12 LastLast