[Resolved - K] pop ups, adware, program asking to change my computer

  • 43 Replies
  • 9499 Views
*

Offline lmummaw

  • Bronze Member
  • 25
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 11/8/2013 2:06:16 AM
System Uptime: 3/13/2014 12:00:26 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 188B
Processor: AMD E-300 APU with Radeon(tm) HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 274 GiB total, 228.17 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 2.825 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 2/18/2014 2:28:00 PM - Windows Update
RP17: 3/10/2014 3:38:37 AM - Uniblue SpeedUpMyPC installation
RP18: 3/12/2014 11:50:45 PM - Removed SpyHunter
.
==== Installed Programs ======================
.
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
Apple Mobile Device Support
avast! Internet Security
Bonjour
ccc-utility64
Energy Star
Epson Customer Participation
EPSON WF-2540 Series Printer Uninstall
HP Postscript Converter
HP Registration Service
iTunes
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
SpyHunter
Synaptics Pointing Device Driver
Windows Live Language Selector
.
==== Event Viewer Messages From Past Week ========
.
3/13/2014 12:01:30 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WajamUpdaterV3 service to connect.
3/13/2014 12:01:30 AM, Error: Service Control Manager [7000]  - The WajamUpdaterV3 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/13/2014 12:00:32 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
3/12/2014 9:58:46 PM, Error: Service Control Manager [7034]  - The KDUpdater service terminated unexpectedly.  It has done this 1 time(s).
3/11/2014 7:21:24 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user LINDAS\Linda SID (S-1-5-21-3867312339-2564169600-2956045165-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
3/10/2014 6:39:24 AM, Error: Service Control Manager [7031]  - The Update EnhanceTronic service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/10/2014 6:39:23 AM, Error: Service Control Manager [7031]  - The Util EnhanceTronic service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/10/2014 6:38:20 AM, Error: Service Control Manager [7034]  - The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
3/10/2014 3:00:22 AM, Error: Service Control Manager [7030]  - The KDUpdater service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/10/2014 2:58:36 AM, Error: Service Control Manager [7030]  - The OutfoxTvService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================


I don't know how to zip a file, here is the DDS file:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798
Run by Linda at 0:27:16 on 2014-03-13
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.2129 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\KeyPlayer-soft\KeyPlayer_wd.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Users\Linda\AppData\Local\Temp\KDUpdSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\Linda\AppData\Roaming\ContentExplorer\ContentExplorer.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.windstream.net
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_11_ie&cd=2XzuyEtN2Y1L1QzutB0CyDzy0EyD0AyEtCtB0EyEyCyC0C0CtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytC0CtAyEzz0EtGzztBtAyEtGyB0CyCyBtGzz0EtD0DtGtB0CtD0C0CyEtAyEyC0EtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtB0AtBtC0FtBtAtGyDyE0AzytG0FtAyC0FtGtD0CtCzytGtD0FtB0Czzzy0Fzy0B0Dzy0D2Q&cr=2028122858&ir=
uProxyServer = hxxp=127.0.0.1:63527;https=127.0.0.1:63527
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series"
uRun: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
uRun: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
uRun: [ContentExplorer] "C:\Users\Linda\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ShopAtHomeWatcher] C:\Users\Linda\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [ShopAtHomeUpdater] C:\Users\Linda\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [fst_us_10] <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A123A544-DCC1-4346-830C-33C570B210C7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A123A544-DCC1-4346-830C-33C570B210C7}\F4E6024786560274F602D4966496024343445402355636572756 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_11_ie&cd=2XzuyEtN2Y1L1QzutB0CyDzy0EyD0AyEtCtB0EyEyCyC0C0CtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytC0CtAyEzz0EtGzztBtAyEtGyB0CyCyBtGzz0EtD0DtGtB0CtD0C0CyEtAyEyC0EtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtB0AtBtC0FtBtAtGyDyE0AzytG0FtAyC0FtGtD0CtCzytGtD0FtB0Czzzy0Fzy0B0Dzy0D2Q&cr=2028122858&ir=
x64-BHO: media enhance: {11111111-1111-1111-1111-110411411150} -
x64-BHO: hdshop: {11111111-1111-1111-1111-110511281100} -
x64-BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll
x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-23 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-23 26280]
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-3-10 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-3-10 207904]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2014-3-10 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswndisflt.sys [2014-3-10 440672]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2014-3-10 1038072]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2014-3-10 421704]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-4-18 92536]
R1 hlnfd;hlnfd;C:\Windows\System32\Drivers\hlnfd.sys [2014-2-5 58256]
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2012-7-25 51712]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-4-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-2 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-3-10 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-10 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-3-10 113704]
R2 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [2014-1-28 252928]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-12-17 135824]
R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2014-2-5 273000]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 KDUpdater;KDUpdater;C:\Users\Linda\AppData\Local\Temp\KDUpdSrv.exe [2014-2-6 213824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-12 701512]
R2 NewPlayerUpdaterService;NewPlayer Updater Service;C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [2014-2-25 11776]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R3 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-3-10 80184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-3-12 25928]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-4-18 266896]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-4-18 683664]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-4-18 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S2 WajamUpdaterV3;WajamUpdaterV3;C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [2014-1-6 114176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-4-18 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-18 43832]
.
=============== Created Last 30 ================
.
2014-03-13 02:05:27   110080   ----a-r-   C:\Users\Linda\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-03-13 02:05:27   110080   ----a-r-   C:\Users\Linda\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-03-13 02:05:27   110080   ----a-r-   C:\Users\Linda\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-03-13 02:05:25   --------   d-----w-   C:\sh4ldr
2014-03-13 02:05:25   --------   d-----w-   C:\Program Files\Enigma Software Group
2014-03-13 02:01:03   --------   d-----w-   C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-13 02:00:58   --------   d-----w-   C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-12 19:20:10   --------   d-----w-   C:\Users\Linda\AppData\Roaming\Malwarebytes
2014-03-12 19:19:51   --------   d-----w-   C:\ProgramData\Malwarebytes
2014-03-12 19:19:47   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-03-12 19:19:46   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 18:47:20   --------   d-----w-   C:\Users\Linda\AppData\Roaming\LVMaintenance
2014-03-11 03:51:01   --------   d-----w-   C:\Users\Linda\AppData\Roaming\AVAST Software
2014-03-11 03:49:23   440672   ----a-w-   C:\Windows\System32\drivers\aswndisflt.sys
2014-03-11 03:48:53   92544   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2014-03-11 03:48:53   80184   ----a-w-   C:\Windows\System32\drivers\aswStm.sys
2014-03-11 03:48:53   78648   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-11 03:48:53   65776   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2014-03-11 03:48:53   28184   ----a-w-   C:\Windows\System32\drivers\aswKbd.sys
2014-03-11 03:48:53   207904   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2014-03-11 03:48:53   1038072   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2014-03-11 03:48:38   43152   ----a-w-   C:\Windows\avastSS.scr
2014-03-11 03:46:45   --------   d-----w-   C:\Program Files\AVAST Software
2014-03-11 03:31:26   --------   d-----w-   C:\ProgramData\AVAST Software
2014-03-10 18:36:35   10536864   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FEB07810-EC86-48E2-8B00-08337088D33B}\mpengine.dll
2014-03-10 10:36:52   --------   d-----w-   C:\Program Files (x86)\predm
2014-03-10 08:00:17   18816   ----a-w-   C:\Windows\System32\roboot64.exe
2014-03-10 08:00:00   --------   d-----w-   C:\Program Files (x86)\RegClean Pro
2014-03-10 07:59:58   --------   d-----w-   C:\Users\Linda\AppData\Roaming\systweak
2014-03-10 07:59:42   --------   d-----w-   C:\Users\Linda\AppData\Roaming\ContentExplorer
2014-03-10 07:58:44   --------   d-----w-   C:\ProgramData\MovieMode
2014-03-10 07:57:59   --------   d-----w-   C:\Program Files (x86)\File Type Helper
2014-03-10 07:57:54   --------   d-----w-   C:\Program Files (x86)\Convert Files for Free
2014-03-10 07:57:30   --------   d-----w-   C:\Users\Linda\AppData\Local\IsolatedStorage
2014-03-10 07:57:13   1122960   ----a-w-   C:\Users\Linda\AppData\Local\AnyProtectScannerSetup.exe
2014-03-10 07:47:01   --------   d-----w-   C:\Users\Linda\AppData\Local\Tuguu_SL
2014-03-10 07:46:47   --------   d-----w-   C:\Program Files (x86)\Uninstaller
2014-03-10 07:44:48   1122960   ----a-w-   C:\Users\Linda\AppData\Local\nssDBC1.tmp
2014-03-10 07:44:25   1122960   ----a-w-   C:\Users\Linda\AppData\Local\nss7E37.tmp
2014-03-10 07:44:23   --------   d-----w-   C:\Program Files (x86)\AnyProtectEx
2014-03-10 07:43:12   --------   d-----w-   C:\Users\Linda\AppData\Local\newplayer
2014-03-10 07:40:32   --------   d-----w-   C:\Program Files (x86)\NewPlayer
2014-03-10 07:38:25   --------   d-----w-   C:\Program Files (x86)\SearchProtect
2014-03-10 07:38:22   --------   d-----w-   C:\Program Files (x86)\Wajam
2014-03-10 07:35:19   --------   d-----w-   C:\Users\Linda\AppData\Local\SearchProtect
2014-03-10 07:04:08   --------   d-----w-   C:\Users\Linda\AppData\Roaming\Optimizer Pro
2014-03-10 07:00:07   --------   d-----w-   C:\Program Files (x86)\Flash Player Pro
2014-03-10 07:00:03   --------   d-----w-   C:\Program Files (x86)\KeyDownload
2014-03-10 06:59:53   --------   d-----w-   C:\Users\Linda\AppData\Local\32207
2014-03-10 06:58:48   --------   d-----w-   C:\Program Files (x86)\KeyPlayer-soft
2014-03-10 06:57:44   --------   d-----w-   C:\Program Files (x86)\Optimizer Pro
2014-03-10 06:57:42   --------   d-----w-   C:\ProgramData\ZalmanInstaller_5343
2014-03-10 06:57:17   --------   d-----w-   C:\Users\Linda\AppData\Local\Programs
2014-03-10 06:54:55   --------   d-----w-   C:\Users\Linda\AppData\Roaming\RealNetworks
2014-03-10 06:53:58   --------   d-----w-   C:\Program Files (x86)\RealNetworks
2014-03-10 06:53:52   --------   d-----w-   C:\ProgramData\RealNetworks
2014-03-10 06:53:25   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2014-03-09 20:40:37   10536864   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-09 06:56:59   --------   d-----w-   C:\Users\Linda\AppData\Roaming\PC Health Kit
2014-03-09 06:55:56   --------   d-----w-   C:\Program Files\Highlightly
2014-03-09 06:55:52   --------   d-----w-   C:\ProgramData\UAB
2014-03-09 06:55:51   --------   d-----w-   C:\Program Files (x86)\Highlightly
2014-03-09 06:55:45   --------   d-----w-   C:\Users\Linda\AppData\Local\PC_Drivers_Headquarters
2014-03-09 06:54:40   --------   d-----w-   C:\ProgramData\Driver Restore
2014-03-09 06:54:17   --------   d-----w-   C:\Program Files (x86)\Driver Restore
2014-03-09 06:52:59   --------   d-----w-   C:\Program Files (x86)\HiDefMedia
2014-03-07 04:51:06   252080   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10235.bin
2014-02-12 00:49:40   583680   ----a-w-   C:\Windows\System32\msdrm.dll
2014-02-12 00:49:40   451072   ----a-w-   C:\Windows\SysWow64\msdrm.dll
2014-02-11 22:57:59   148992   ----a-w-   C:\Program Files\Internet Explorer\jsdebuggeride.dll
2014-02-11 22:56:43   3960320   ----a-w-   C:\Windows\System32\jscript9.dll
2014-02-11 22:56:41   2877952   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-02-11 22:56:13   108032   ----a-w-   C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-02-11 22:53:07   1845248   ----a-w-   C:\Windows\System32\msxml3.dll
2014-02-11 22:53:06   1419264   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2014-02-11 22:52:40   2232664   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2014-02-11 22:51:28   600064   ----a-w-   C:\Windows\System32\vbscript.dll
2014-02-11 22:51:27   523776   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-02-11 22:51:00   83968   ----a-w-   C:\Windows\System32\drivers\hidclass.sys
2014-02-11 22:42:50   3842560   ----a-w-   C:\Windows\System32\d2d1.dll
2014-02-11 22:42:50   2238976   ----a-w-   C:\Windows\System32\d3d10warp.dll
2014-02-11 22:42:49   3288576   ----a-w-   C:\Windows\SysWow64\d2d1.dll
2014-02-11 22:42:48   2032640   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
.
==================== Find3M  ====================
.
2014-03-10 06:52:47   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2014-03-10 06:52:47   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2014-02-17 22:03:37   78304   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03:37   694240   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-10 23:32:54   1152656   ----a-w-   C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll
2014-02-05 23:10:32   58256   ----a-w-   C:\Windows\System32\drivers\hlnfd.sys
2014-02-01 09:19:49   2241536   ----a-w-   C:\Windows\System32\wininet.dll
2014-02-01 09:19:36   915968   ----a-w-   C:\Windows\System32\uxtheme.dll
2014-02-01 09:19:36   53760   ----a-w-   C:\Windows\System32\UXInit.dll
2014-02-01 09:18:21   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2014-02-01 09:18:21   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2014-02-01 07:58:31   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-02-01 07:58:24   44032   ----a-w-   C:\Windows\SysWow64\UXInit.dll
2014-02-01 07:57:16   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-02-01 07:57:16   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-02-01 07:34:53   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52   534528   ----a-w-   C:\Windows\SysWow64\uxtheme.dll
2014-01-19 07:33:29   270496   ------w-   C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  0:28:03.76 ===============
« Last Edit: March 28, 2014, 08:28:44 AM by kevinf80 »

*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #1 on: March 12, 2014, 11:21:44 PM »
The one popup that keeps asking me if I want to make changes to my computer is this:   publisher Lake Ventures LLC. Program name is LVMaintenace.

I might have accidentally clicked yes on this, so tired of clicking no.   


First time I was on this site I clicked on a link that said free forum software, and it took me to a program called Spy Hunter 4.  I loaded it and started scanning but stopped the scan after a friend asked id I did the DDS program.    I also have Windows defenders, Avast and Malwarebytes Anti-Malware installed.

Thanks in advance!!

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #2 on: March 13, 2014, 01:59:42 AM »
Hello lmummaw and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go here:  http://support.microsoft.com/kb/971759 and follow the instructions specific for your operating system.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

I`ve merged you`re two threads, please do not not start a new thread each time you reply...

There is a proxy server running on your system, did you set up up the proxy? Continue and run the following:

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log

Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Let me see those logs in next reply, also tell me if you are aware of the proxy server..

Thanks,

Kevin..

*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #3 on: March 13, 2014, 03:25:47 PM »
Hi Kevin,  It's about 5 pm EST.  I have some things I need to do, but I will get on later and do what you asked for.  I have another laptop that the screen is broken and I'm going to try hooking that up to a monitor I have from a computer tower that got fried when I had water damage.  I'm going to try and do everything else important from that computer.  Should I go through and change all my passwords to banking items and other sites that I need a password to sign in?  Also I just got a smart phone 2 weeks ago, could I have infected that?   This all started on March 10th when I was playing Candy Crush and there was a post for bonus items, and the website seemed legit until the last one said to click on a "link" to actually claim the prize.  I have been so careful not to click on links that aren't familiar but didn't pay attention to my gut feeling on this one.
Thanks,
Linda

*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #4 on: March 13, 2014, 04:55:47 PM »
Kevin,
an answer to the one question a while that I was supposed to let you know a while.  The Proxy server.  That started popping up recently:

The proxy server isn't responding

•Check your proxy settings. Go to Tools > Internet Options > Connections. If you are on a LAN, click "LAN settings".
•Make sure your firewall settings aren't blocking your web access.
•Ask your system administrator for help

When the above happens I went to the connections and guessed about changing it from proxy settings to automatically detect.  I managed to get my regular homepage to come up again, but when I try to switch to another window or open a different site this pops up about the proxy server.


*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #5 on: March 13, 2014, 05:04:49 PM »
Hiya Linda,

Regarding the passwords, yes I would change those as long its done on a known clean PC... Don`t worry about the proxy, that can be fixed once the logs i`ve requested are posted..

My local time is 23:00, i`ll be online maybe one more hour..

Kevin

*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #6 on: March 14, 2014, 11:19:43 AM »
Kevin,
I couldn't get my clean laptop to work, apparently my monitor got fried also.  So I copied everything in this post and put it in notepad.  I got stuck trying to find the link to back up my windows 8 software.  I was searching and couldn't find it.  Will try again but if you or anybody else has an idea I would appreciate it.  I can probably print most of my documents out once I get my printer hooked up to my new wi fi connection.  Just got it 2 weeks ago and all this stuff happening makes me want to knock my head against a wall.
Linda


*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #8 on: March 15, 2014, 03:41:09 AM »
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
http://www.malwarebytes.org

Database version: v2014.03.15.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Linda :: LINDAS [administrator]

Protection: Enabled

3/15/2014 5:22:41 AM
mbam-log-2014-03-15 (05-22-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242583
Time elapsed: 11 minute(s), 56 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> 2124 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 18
HKCU\SOFTWARE\InstalledBrowserExtensions\21636 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\hdshop (PUP.Optional.HDShop.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\media enhance (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\freeven (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\KeyDownload (PUP.Optional.KeyDownload.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstalledBrowserExtensions\21636 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLSVC (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\Software\hdshop (PUP.Optional.HDShop.A) -> Quarantined and deleted successfully.
HKLM\Software\media enhance (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0F1L1J1E1U2Z0C1F1L1R0C1L2Wzr2W -> Quarantined and deleted successfully.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 7001 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ShopAtHomeWatcher (PUP.Optional.ShopAtHome.A) -> Data: C:\Users\Linda\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ShopAtHomeUpdater (PUP.Optional.ShopAtHome.A) -> Data: C:\Users\Linda\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 4 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc|DisplayName (PUP.Optional.Highlightly) -> Data: Highlightly Client Service -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=cmi_14_11_ie&cd=2XzuyEtN2Y1L1QzutB0CyDzy0EyD0AyEtCtB0EyEyCyC0C0CtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytC0CtAyEzz0EtGzztBtAyEtGyB0CyCyBtGzz0EtD0DtGtB0CtD0C0CyEtAyEyC0EtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtB0AtBtC0FtBtAtGyDyE0AzytG0FtAyC0FtGtD0CtCzytGtD0FtB0Czzzy0Fzy0B0Dzy0D2Q&cr=2028122858&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 31
C:\Program Files (x86)\RegClean Pro (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Linda\AppData\Roaming\systweak\regclean pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Highlightly (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files\Highlightly\IE (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly (PUP.Optional.Highlightly.A) -> Delete on reboot.
C:\Program Files (x86)\Highlightly\3rd Party Licenses (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\IE (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service (PUP.Optional.Highlightly.A) -> Delete on reboot.

Files Detected: 138
C:\Windows\System32\MovieMode.48CA2AEFA22D.dll (Adware.SaMon) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\eng_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\German_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\greek_rcp_el.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\install_left_image.bmp (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Italian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\portugese_rcp_pt.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Portuguese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Spanish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Swedish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\unins000.dat (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\unins000.msg (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> Delete on reboot.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\amazon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\argos.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\ask.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\bestbuy.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\bing.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\ebay.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\etsy.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\facebook.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\favicon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\google.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\homedepot.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\ikea.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\imdb.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\lowes.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\mercado.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\mysearchweb.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\myshopping.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\searchresult.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\sears.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\setting.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\settings.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\shopping.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\target.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\tesco.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\tripadvisor.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\twitter.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\wajam.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\walmart.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\wiki.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\yahoo.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\zalando.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\terms-of-service.rtf (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Uninstall.exe (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\UAC-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.

(end)

*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #9 on: March 15, 2014, 03:59:06 AM »
I posted the log from the quick malwarebytes scan.  After I checked remove all, it said to restart computer.  I wasn't sure if I was suppose to do that.  So I'm putting my computer to sleep to wait and find out if I am to restart it before I download Junkware  Removal Tool.
Linda

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #10 on: March 15, 2014, 04:50:23 AM »
Hello Linda,

Yes please re-boot to complete the cleaning process, then continue with the other steps..

Kevin.... :t


*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #11 on: March 16, 2014, 02:57:05 PM »
JRT Text
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Linda on Sat 03/15/2014 at 17:04:20.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] 70e6ca8c



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3867312339-2564169600-2956045165-1002\Software\wajam
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\systweak
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455415550}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550555285500}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466416650}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566286600}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444414450}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544284400}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455415550}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550555285500}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466416650}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660566286600}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444414450}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544284400}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550555285500}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566286600}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544284400}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455415550}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550555285500}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466416650}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660566286600}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444414450}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544284400}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Failed to delete: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Linda\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Linda\AppData\Roaming\pc health kit"
Successfully deleted: [Folder] "C:\Users\Linda\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Linda\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Linda\appdata\locallow\mysearchdial"
Failed to delete: [Folder] "C:\Program Files (x86)\file type helper"
Failed to delete: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/15/2014 at 17:26:32.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #12 on: March 16, 2014, 03:22:43 PM »
Have you also ran FRST?

*

Offline lmummaw

  • Bronze Member
  • 25
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #13 on: March 16, 2014, 03:25:48 PM »
yes, not allowing me to post

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] pop ups, adware, program asking to change my computer
« Reply #14 on: March 16, 2014, 03:31:49 PM »
Zip the files and attach them...