Search the Community

Showing results for tags '(844) 763-5836'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Malware Removal for Windows
    • Malware Removal for Mac
    • Malware Removal for Mobile
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3
    • Malwarebytes for Mac
    • Malwarebytes for Android
    • False Positives
    • Translator Lounge
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
  • General
    • General Chat
    • Forums Announcements & Feedback

Found 2 results

  1. What is PC Purifier? The Malwarebytes research team has determined that PC Purifier is a fake registry cleaner. These so-called "registry cleaners" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with PC Purifier? This is how the main screen of the registry cleaning application looks: You will find these icons in your taskbar, startmenu, and on your desktop: And see these warnings during install: and this screens when you click "Fix": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did PC Purifier get on my computer? These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from their site. How do I remove PC Purifier? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of PC Purifier? No, Malwarebytes removes PC Purifier completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this registry cleaner. As you can see below the full version of Malwarebytes would have protected you against the PC Purifier installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and it would have blocked internet access to their domain: Technical details for experts You may see these entries in FRST logs: (PCPurifier) C:\Program Files (x86)\PCPurifier\PCPurifier.exe C:\Windows\System32\Tasks\PC Purifier_DEFAULT C:\Windows\System32\Tasks\PC Purifier_UPDATES C:\Windows\Tasks\PC Purifier_UPDATES.job C:\Windows\Tasks\PC Purifier_DEFAULT.job C:\Users\{username}\AppData\Roaming\PC Purifier C:\Windows\System32\Tasks\PC Purifier C:\Users\Public\Desktop\PCPurifier.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCPurifier C:\Program Files (x86)\PCPurifier PCPurifier (HKLM-x32\...\PCPurifier_is1) (Version: 3.6 - www.pcpurifier.co) Task: {01921002-E57B-4E18-86C1-48A9B91AC7FA} - System32\Tasks\PC Purifier_UPDATES => C:\Program Files (x86)\PCPurifier\PCPurifier.exe [2016-12-15] (PCPurifier) Task: {4ADBA2D9-B398-4015-A14C-3F59A5408AD4} - System32\Tasks\PC Purifier => C:\Program Files (x86)\PCPurifier\PCPurifier.exe [2016-12-15] (PCPurifier) Task: {F4F58316-C5D4-47BB-93F4-8EFDE3E3B72A} - System32\Tasks\PC Purifier_DEFAULT => C:\Program Files (x86)\PCPurifier\PCPurifier.exe [2016-12-15] (PCPurifier) Task: C:\Windows\Tasks\PC Purifier_DEFAULT.job => C:\Program Files (x86)\PCPurifier\PCPurifier.exe Task: C:\Windows\Tasks\PC Purifier_UPDATES.job => C:\Program Files (x86)\PCPurifier\PCPurifier.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\PCPurifier Adds the file eng_pcp.ini"="9/23/2016 6:46 PM, 75918 bytes, A Adds the file eng_uninst.ini"="7/18/2016 7:09 PM, 2830 bytes, A Adds the file FileList.pcp"="7/18/2016 7:09 PM, 13612 bytes, A Adds the file French_pcp.ini"="9/23/2016 6:46 PM, 92756 bytes, A Adds the file French_uninst.ini"="7/18/2016 7:09 PM, 3040 bytes, A Adds the file isxdl.dll"="12/15/2016 6:28 PM, 157624 bytes, A Adds the file PCPurifier.exe"="12/15/2016 6:28 PM, 8982984 bytes, A Adds the file PCPUUns.exe"="12/15/2016 6:28 PM, 572856 bytes, A Adds the file RegList.pcp"="7/18/2016 7:09 PM, 92210 bytes, A Adds the file side_img.bmp"="7/27/2016 1:52 PM, 156296 bytes, A Adds the file unins000.dat"="1/20/2017 9:36 AM, 35695 bytes, A Adds the file unins000.exe"="1/20/2017 9:36 AM, 1210808 bytes, A Adds the file unins000.msg"="1/20/2017 9:36 AM, 22701 bytes, A Adds the file xmllite.dll"="7/18/2016 7:09 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCPurifier Adds the file PCPurifier.lnk"="1/20/2017 9:36 AM, 1049 bytes, A Adds the file Register PCPurifier.lnk"="1/20/2017 9:36 AM, 1075 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\PC Purifier Adds the file backup6.bin"="1/20/2017 9:36 AM, 765 bytes, A Adds the file eng_pcp.dat"="1/20/2017 9:36 AM, 29488 bytes, A Adds the file log_01-20-2017.log"="1/20/2017 9:36 AM, 0 bytes, A Adds the file results.pcp"="1/20/2017 9:38 AM, 7528 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file PCPurifier.lnk"="1/20/2017 9:36 AM, 1031 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file PC Purifier"="1/20/2017 9:36 AM, 3106 bytes, A Adds the file PC Purifier_DEFAULT"="1/20/2017 9:37 AM, 3232 bytes, A Adds the file PC Purifier_UPDATES"="1/20/2017 9:37 AM, 3044 bytes, A In the existing folder C:\Windows\Tasks Adds the file PC Purifier_DEFAULT.job"="1/20/2017 9:37 AM, 278 bytes, A Adds the file PC Purifier_UPDATES.job"="1/20/2017 9:37 AM, 286 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "PC Purifier_DEFAULT.job"="REG_BINARY, ................................ "PC Purifier_DEFAULT.job.fp"="REG_DWORD"", 1872578751 "PC Purifier_UPDATES.job"="REG_BINARY, ................................ "PC Purifier_UPDATES.job.fp"="REG_DWORD"", -770245074 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "affiliateid"="REG_SZ"", "" "SPCC"="REG_DWORD"", 1 "utm_campaign"="REG_SZ"", "default" "utm_medium"="REG_SZ"", "newbuild" "utm_source"="REG_SZ"", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCPurifier_is1] "DisplayIcon"="REG_SZ"", "C:\Program Files (x86)\PCPurifier\PCPurifier.exe" "DisplayName"="REG_SZ"", "PCPurifier" "DisplayVersion"="REG_SZ"", "3.6" "EstimatedSize"="REG_DWORD"", 12615 "HelpLink"="REG_SZ"", "http://www.pcpurifier.co" "Inno Setup: App Path"="REG_SZ"", "C:\Program Files (x86)\PCPurifier" "Inno Setup: Icon Group"="REG_SZ"", "PCPurifier" "Inno Setup: Language"="REG_SZ"", "en" "Inno Setup: Setup Version"="REG_SZ"", "5.5.6 (u)" "Inno Setup: User"="REG_SZ"", "{username}" "InstallDate"="REG_SZ"", "20170120" "InstallLocation"="REG_SZ"", "C:\Program Files (x86)\PCPurifier\" "MajorVersion"="REG_DWORD"", 3 "MinorVersion"="REG_DWORD"", 6 "NoModify"="REG_DWORD"", 1 "NoRepair"="REG_DWORD"", 1 "Publisher"="REG_SZ"", "www.pcpurifier.co" "QuietUninstallString"="REG_SZ"", ""C:\Program Files (x86)\PCPurifier\unins000.exe" /SILENT" "UninstallString"="REG_SZ"", ""C:\Program Files (x86)\PCPurifier\unins000.exe" /silent" "URLInfoAbout"="REG_SZ"", "http://www.pcpurifier.co" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC\Purifier\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC Purifier] "Expired"="REG_DWORD"", 0 "FirstTimeASPFired"="REG_DWORD"", 1 "MaxFixLimit"="REG_DWORD"", 15 "PCPURL"="REG_SZ"", "http://www.pcpurifier.co/buynow/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "RENEWALURL"="REG_SZ"", "http://www.pcpurifier.co/renewal/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "ShowExitPage"="REG_DWORD"", 0 "TELNO"="REG_SZ"", "(844) 763-5836" "TELNODE"="REG_SZ"", "(800) 180-6512" "TELNOFR"="REG_SZ"", "01.76.54.27.59" "utm_campaign"="REG_SZ"", "default" "utm_medium"="REG_SZ"", "newbuild" "utm_source"="REG_SZ"", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC Purifier\LANG] "LangID"="REG_DWORD"", 0 [HKEY_CURRENT_USER\Software\PC\Purifier\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\PC Purifier] "1stInstalled_Time"="REG_SZ"", "1/20/2017 9:36:55 AM" "AutoRepair"="REG_DWORD"", 0 "ConfirmBkUps"="REG_DWORD"", 1 "CurrentScanTime"="REG_BINARY, .....&.. "ErrorCount"="REG_DWORD"", 20 "FirstRun"="REG_DWORD"", 1 "GoToSystemTrayOnClose"="REG_DWORD"", 0 "ImprovementProgram"="REG_DWORD"", 1 "NumTimesPCPRunned"="REG_DWORD"", 1 "RegErrFoundTillDate"="REG_DWORD"", 0 "RegErrsFixedLast"="REG_DWORD"", 0 "RegErrsFixedTillDate"="REG_DWORD"", 0 "ScheduledTime"="REG_SZ"", "" "SetChkDontShowRedTrayPopup"="REG_DWORD"", 0 "SetChkREmovableMedia"="REG_DWORD"", 1 "SetChkSkipEmptyKeys"="REG_DWORD"", 1 "SetEnableSound"="REG_DWORD"", 1 "StartAutoScanOnLaunch"="REG_DWORD"", 0 "StartAutoScanPMUI"="REG_DWORD"", 0 "StartMinimized"="REG_DWORD"", 0 "StartScan"="REG_DWORD"", 0 "StartWhenWinBoots"="REG_DWORD"", 1 "StrLastOptimizeTime"="REG_SZ"", "" "StrLastScan"="REG_SZ"", "Fri. January 20, 2017. 09:38 AM" "StrLastScanResults"="REG_SZ"", "20" "StrLastStartupOpt"="REG_SZ"", "" "StrLatestRegDefrag"="REG_SZ"", "" "StrLatestRestorePoint"="REG_SZ"", "" [HKEY_CURRENT_USER\Software\PC Purifier\LANG] "LangCode"="REG_SZ"", "en" "LangID"="REG_DWORD"", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/20/17 Scan Time: 9:50 AM Logfile: mbamPCPurifier.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1062 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 356543 Time Elapsed: 7 min, 13 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\PCPURIFIER\PCPURIFIER.EXE, Quarantined, [2357], [351347],1.0.1062 Module: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\PCPURIFIER\XMLLITE.DLL, Quarantined, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\PCPURIFIER\PCPURIFIER.EXE, Quarantined, [2357], [351347],1.0.1062 PUP.Optional.WinTuneUp, C:\PROGRAM FILES (X86)\PCPURIFIER\ISXDL.DLL, Quarantined, [1809], [332290],1.0.1062 Registry Key: 11 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCPurifier_is1, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\PC\Purifier, Delete-on-Reboot, [2357], [357995],1.0.1062 PUP.Optional.PCPurifier, HKCU\SOFTWARE\PC PURIFIER, Delete-on-Reboot, [1671], [336206],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Purifier, Delete-on-Reboot, [1671], [348999],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Purifier_DEFAULT, Delete-on-Reboot, [1671], [348999],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Purifier_UPDATES, Delete-on-Reboot, [1671], [348999],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{01921002-E57B-4E18-86C1-48A9B91AC7FA}, Delete-on-Reboot, [1671], [348998],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4ADBA2D9-B398-4015-A14C-3F59A5408AD4}, Delete-on-Reboot, [1671], [348998],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F4F58316-C5D4-47BB-93F4-8EFDE3E3B72A}, Delete-on-Reboot, [1671], [348998],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\WOW6432NODE\PC PURIFIER, Delete-on-Reboot, [1671], [331841],1.0.1062 PUP.Optional.PCPurifier, HKCU\SOFTWARE\PC\Purifier, Delete-on-Reboot, [1671], [336208],1.0.1062 Registry Value: 5 PUP.Optional.PCPurifier, HKCU\SOFTWARE\PC PURIFIER|GOTOSYSTEMTRAYONCLOSE, Delete-on-Reboot, [1671], [336206],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{01921002-E57B-4E18-86C1-48A9B91AC7FA}|PATH, Delete-on-Reboot, [1671], [348998],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4ADBA2D9-B398-4015-A14C-3F59A5408AD4}|PATH, Delete-on-Reboot, [1671], [348998],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F4F58316-C5D4-47BB-93F4-8EFDE3E3B72A}|PATH, Delete-on-Reboot, [1671], [348998],1.0.1062 PUP.Optional.PCPurifier, HKLM\SOFTWARE\WOW6432NODE\PC PURIFIER|TELNO, Delete-on-Reboot, [1671], [331841],1.0.1062 Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\PCPurifier, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.PCPurifier, C:\USERS\{username}\APPDATA\ROAMING\PC PURIFIER, Delete-on-Reboot, [1671], [336202],1.0.1062 PUP.Optional.Jawego, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PCPURIFIER, Delete-on-Reboot, [2357], [357490],1.0.1062 File: 63 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\PCPURIFIER\XMLLITE.DLL, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\PCPURIFIER\PCPURIFIER.EXE, Delete-on-Reboot, [2357], [351347],1.0.1062 PUP.Optional.WinTuneUp, C:\PROGRAM FILES (X86)\PCPURIFIER\ISXDL.DLL, Delete-on-Reboot, [1809], [332290],1.0.1062 PUP.Optional.Jawego, C:\USERS\{username}\DESKTOP\PCPUSETUP.EXE, Delete-on-Reboot, [2357], [349696],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Finnish_uninst_fi.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Chinese_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Chinese_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Danish_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Danish_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Dutch_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Dutch_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\eng_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\eng_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\FileList.pcp, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Finnish_pcp_fi.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\korean_pcp_ko.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\korean_uninst_ko.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Norwegian_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Norwegian_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\PCPUUns.exe, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\polish_pcp_pl.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\polish_uninst_pl.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\portugese_pcp_pt.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\portugese_uninst_pt.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Portuguese_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Portuguese_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\French_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\French_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\German_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\German_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\greek_pcp_el.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\greek_uninst_el.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Italian_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Italian_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Japanese_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Japanese_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\RegList.pcp, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\russian_pcp_ru.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\russian_uninst_ru.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\side_img.bmp, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Spanish_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\spanish_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Swedish_pcp.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\swedish_uninst.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\TraditionalCn_pcp_zh-tw.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\traditionalcn_uninst_zh-tw.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\turkish_pcp_tr.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\Turkish_uninst_tr.ini, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\unins000.dat, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\unins000.exe, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\Program Files (x86)\PCPurifier\unins000.msg, Delete-on-Reboot, [2357], [357489],1.0.1062 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\PCPURIFIER.LNK, Delete-on-Reboot, [2357], [357488],1.0.1062 PUP.Optional.PCPurifier, C:\USERS\{username}\APPDATA\ROAMING\PC PURIFIER\RESULTS.PCP, Delete-on-Reboot, [1671], [336202],1.0.1062 PUP.Optional.PCPurifier, C:\Users\{username}\AppData\Roaming\PC Purifier\backup6.bin, Delete-on-Reboot, [1671], [336202],1.0.1062 PUP.Optional.PCPurifier, C:\Users\{username}\AppData\Roaming\PC Purifier\eng_pcp.dat, Delete-on-Reboot, [1671], [336202],1.0.1062 PUP.Optional.PCPurifier, C:\Users\{username}\AppData\Roaming\PC Purifier\log_01-20-2017.log, Delete-on-Reboot, [1671], [336202],1.0.1062 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCPurifier\PCPurifier.lnk, Delete-on-Reboot, [2357], [357490],1.0.1062 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCPurifier\Register PCPurifier.lnk, Delete-on-Reboot, [2357], [357490],1.0.1062 PUP.Optional.PCPurifier, C:\WINDOWS\SYSTEM32\TASKS\PC PURIFIER, Delete-on-Reboot, [1671], [349002],1.0.1062 PUP.Optional.PCPurifier, C:\WINDOWS\TASKS\PC PURIFIER_DEFAULT.JOB, Delete-on-Reboot, [1671], [349000],1.0.1062 PUP.Optional.PCPurifier, C:\WINDOWS\TASKS\PC PURIFIER_UPDATES.JOB, Delete-on-Reboot, [1671], [349000],1.0.1062 PUP.Optional.PCPurifier, C:\WINDOWS\SYSTEM32\TASKS\PC PURIFIER_DEFAULT, Delete-on-Reboot, [1671], [349002],1.0.1062 PUP.Optional.PCPurifier, C:\WINDOWS\SYSTEM32\TASKS\PC PURIFIER_UPDATES, Delete-on-Reboot, [1671], [349002],1.0.1062 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Secure PC Tuneup? The Malwarebytes research team has determined that Secure PC Tuneup is a "system optimizer". These so-called "system optimizer" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Unpacked blog. How do I know if I am infected with Secure PC Tuneup? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and on your desktop: and see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Secure PC Tuneup get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Secure PC Tuneup? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-{version}.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to: Launch Malwarebytes Anti-Malware Then click Finish. Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu. If an update is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Secure PC Tuneup? No, Malwarebytes' Anti-Malware removes Secure PC Tuneup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Secure PC Tuneup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (Secure PC Tuneup) C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe () C:\Users\{username}\AppData\Roaming\System Monitor\sm.exe C:\Windows\System32\Tasks\Secure PC Tuneup_DEFAULT C:\Windows\System32\Tasks\Secure PC Tuneup_UPDATES C:\Windows\Tasks\Secure PC Tuneup_UPDATES.job C:\Windows\Tasks\Secure PC Tuneup_DEFAULT.job C:\Users\{username}\AppData\Roaming\SecurePCTuneup C:\Windows\System32\Tasks\Secure PC Tuneup C:\Windows\System32\Tasks\RunAtStartup C:\Users\Public\Desktop\SecurePCTuneup.lnk C:\Users\{username}\AppData\Roaming\System Monitor C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecurePCTuneup C:\Program Files (x86)\SecurePCTuneup SecurePCTuneup (HKLM-x32\...\SecurePCTuneup_is1) (Version: 5.4 - www.securepctuneup.com) Task: {043CF42D-5E25-4255-BDED-AF527256D33A} - System32\Tasks\Secure PC Tuneup => C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe [2016-11-29] (Secure PC Tuneup) Task: {AA67C9F2-1FD8-4AD4-97E7-A31D0BC2F625} - System32\Tasks\Secure PC Tuneup_DEFAULT => C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe [2016-11-29] (Secure PC Tuneup) Task: {B3AE31CF-0737-4F12-B82D-665654DB2F2C} - System32\Tasks\RunAtStartup => C:\Users\{username}\AppData\Roaming\System Monitor\sm.exe [2016-11-25] () Task: {FDDEE7B8-84B3-48C7-A224-A0BA2BA23E4F} - System32\Tasks\Secure PC Tuneup_UPDATES => C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe [2016-11-29] (Secure PC Tuneup) Task: C:\Windows\Tasks\Secure PC Tuneup_DEFAULT.job => C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe Task: C:\Windows\Tasks\Secure PC Tuneup_UPDATES.job => C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\SecurePCTuneup Adds the file Chinese_pcp.ini"="11/18/2016 5:52 PM, 39470 bytes, A Adds the file Chinese_uninst.ini"="11/18/2016 5:39 PM, 2646 bytes, A Adds the file Danish_pcp.ini"="11/18/2016 5:52 PM, 82794 bytes, A Adds the file Danish_uninst.ini"="11/18/2016 5:39 PM, 2948 bytes, A Adds the file Dutch_pcp.ini"="11/18/2016 5:52 PM, 87054 bytes, A Adds the file Dutch_uninst.ini"="11/18/2016 5:39 PM, 2944 bytes, A Adds the file eng_pcp.ini"="11/18/2016 5:52 PM, 76258 bytes, A Adds the file eng_uninst.ini"="11/18/2016 5:39 PM, 2830 bytes, A Adds the file FileList.pcp"="11/18/2016 5:39 PM, 13612 bytes, A Adds the file Finnish_pcp_fi.ini"="11/18/2016 5:52 PM, 80252 bytes, A Adds the file Finnish_uninst_fi.ini"="11/18/2016 5:39 PM, 3024 bytes, A Adds the file French_pcp.ini"="11/18/2016 5:52 PM, 93086 bytes, A Adds the file French_uninst.ini"="11/18/2016 5:39 PM, 3040 bytes, A Adds the file German_pcp.ini"="11/18/2016 5:52 PM, 92532 bytes, A Adds the file German_uninst.ini"="11/18/2016 5:39 PM, 3382 bytes, A Adds the file greek_pcp_el.ini"="11/18/2016 5:52 PM, 91736 bytes, A Adds the file greek_uninst_el.ini"="11/18/2016 5:39 PM, 3206 bytes, A Adds the file isxdl.dll"="11/29/2016 6:35 PM, 157616 bytes, A Adds the file Italian_pcp.ini"="11/18/2016 5:52 PM, 89426 bytes, A Adds the file Italian_uninst.ini"="11/18/2016 5:39 PM, 2948 bytes, A Adds the file Japanese_pcp.ini"="11/18/2016 5:52 PM, 52284 bytes, A Adds the file Japanese_uninst.ini"="11/18/2016 5:39 PM, 2404 bytes, A Adds the file korean_pcp_ko.ini"="11/18/2016 5:52 PM, 60888 bytes, A Adds the file korean_uninst_ko.ini"="11/18/2016 5:39 PM, 2712 bytes, A Adds the file leftbmp.bmp"="11/18/2016 5:39 PM, 156296 bytes, A Adds the file Norwegian_pcp.ini"="11/18/2016 5:52 PM, 79186 bytes, A Adds the file Norwegian_uninst.ini"="11/18/2016 5:39 PM, 2888 bytes, A Adds the file polish_pcp_pl.ini"="11/18/2016 5:52 PM, 82744 bytes, A Adds the file polish_uninst_pl.ini"="11/18/2016 5:39 PM, 3066 bytes, A Adds the file portugese_pcp_pt.ini"="11/18/2016 5:52 PM, 86048 bytes, A Adds the file portugese_uninst_pt.ini"="11/18/2016 5:39 PM, 2950 bytes, A Adds the file Portuguese_pcp.ini"="11/18/2016 5:52 PM, 83668 bytes, A Adds the file Portuguese_uninst.ini"="11/18/2016 5:39 PM, 2950 bytes, A Adds the file RegList.pcp"="11/18/2016 5:39 PM, 92210 bytes, A Adds the file russian_pcp_ru.ini"="11/18/2016 5:52 PM, 86026 bytes, A Adds the file russian_uninst_ru.ini"="11/18/2016 5:39 PM, 3214 bytes, A Adds the file SecurePCTuneup.exe"="11/29/2016 6:35 PM, 8983984 bytes, A Adds the file smsetup.exe"="11/25/2016 7:07 PM, 1272608 bytes, A Adds the file Spanish_pcp.ini"="11/18/2016 5:52 PM, 87658 bytes, A Adds the file spanish_uninst.ini"="11/18/2016 5:39 PM, 3086 bytes, A Adds the file SPTUUns.exe"="11/29/2016 6:35 PM, 572848 bytes, A Adds the file Swedish_pcp.ini"="11/18/2016 5:52 PM, 77944 bytes, A Adds the file swedish_uninst.ini"="11/18/2016 5:39 PM, 2962 bytes, A Adds the file TraditionalCn_pcp_zh-tw.ini"="11/18/2016 5:52 PM, 39540 bytes, A Adds the file traditionalcn_uninst_zh-tw.ini"="11/18/2016 5:39 PM, 2654 bytes, A Adds the file turkish_pcp_tr.ini"="11/18/2016 5:52 PM, 83522 bytes, A Adds the file Turkish_uninst_tr.ini"="11/18/2016 5:39 PM, 3060 bytes, A Adds the file unins000.dat"="11/30/2016 9:14 AM, 35259 bytes, A Adds the file unins000.exe"="11/30/2016 9:14 AM, 1210800 bytes, A Adds the file unins000.msg"="11/30/2016 9:14 AM, 22701 bytes, A Adds the file xmllite.dll"="11/18/2016 5:39 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecurePCTuneup Adds the file Register SecurePCTuneup.lnk"="11/30/2016 9:14 AM, 1123 bytes, A Adds the file SecurePCTuneup.lnk"="11/30/2016 9:14 AM, 1097 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SecurePCTuneup Adds the file backup6.bin"="11/30/2016 9:14 AM, 753 bytes, A Adds the file eng_pcp.dat"="11/30/2016 9:14 AM, 29546 bytes, A Adds the file ipini.ini"="11/30/2016 9:14 AM, 15 bytes, A Adds the file log_11-30-2016.log"="11/30/2016 9:14 AM, 0 bytes, A Adds the file results.pcp"="11/30/2016 9:15 AM, 7178 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\System Monitor Adds the file eng_em.ini"="6/17/2016 12:42 PM, 636 bytes, A Adds the file French_em.ini"="6/17/2016 12:42 PM, 664 bytes, A Adds the file German_em.ini"="6/17/2016 12:43 PM, 720 bytes, A Adds the file ininotfound0.ini"="11/30/2016 9:14 AM, 172 bytes, A Adds the file isxdl.dll"="11/25/2016 7:07 PM, 157640 bytes, A Adds the file japan_em.ini"="6/17/2016 12:42 PM, 564 bytes, A Adds the file sm.exe"="11/25/2016 7:07 PM, 2933192 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file SecurePCTuneup.lnk"="11/30/2016 9:14 AM, 1079 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file RunAtStartup"="11/30/2016 9:14 AM, 3014 bytes, A Adds the file Secure PC Tuneup"="11/30/2016 9:14 AM, 3142 bytes, A Adds the file Secure PC Tuneup_DEFAULT"="11/30/2016 9:15 AM, 3248 bytes, A Adds the file Secure PC Tuneup_UPDATES"="11/30/2016 9:15 AM, 3060 bytes, A In the existing folder C:\Windows\Tasks Adds the file Secure PC Tuneup_DEFAULT.job"="11/30/2016 9:15 AM, 294 bytes, A Adds the file Secure PC Tuneup_UPDATES.job"="11/30/2016 9:15 AM, 302 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Secure PC Tuneup_DEFAULT.job"="REG_BINARY, ................................ "Secure PC Tuneup_DEFAULT.job.fp"="REG_DWORD", -159504095 "Secure PC Tuneup_UPDATES.job"="REG_BINARY, ................................ "Secure PC Tuneup_UPDATES.job.fp"="REG_DWORD", -1056520787 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "SPTU"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SecurePCTuneup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe" "DisplayName"="REG_SZ", "SecurePCTuneup" "DisplayVersion"="REG_SZ", "5.4" "EstimatedSize"="REG_DWORD", 13865 "HelpLink"="REG_SZ", "www.securepctuneup.com" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\SecurePCTuneup" "Inno Setup: Icon Group"="REG_SZ", "SecurePCTuneup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20161130" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\SecurePCTuneup\" "MajorVersion"="REG_DWORD", 5 "MinorVersion"="REG_DWORD", 4 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "www.securepctuneup.com" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\SecurePCTuneup\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\SecurePCTuneup\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "www.securepctuneup.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Secure\PC\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SecurePCTuneup] "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "PCPURL"="REG_SZ", "http://www.securepctuneup.com/buynow/?" "RENEWALURL"="REG_SZ", "http://www.securepctuneup.com/renewal/?" "ShowExitPage"="REG_DWORD", 0 "TELNO"="REG_SZ", "(844) 763-5836" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410 " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SecurePCTuneup\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\System Monitor] "bShowCongratsAfterUpdateRestart"="REG_DWORD", 0 "Expired"="REG_DWORD", 0 "first"="REG_DWORD", 1 "TELNO"="REG_SZ", "(844) 763-5838" "TELNOAU"="REG_SZ", "1800 154 231" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.05.61" "TELNOJP"="REG_SZ", "03-5050-1410 " "TELNOUK"="REG_SZ", "0800 031 4657" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\System Monitor\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Secure\PC\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\SecurePCTuneup] "1stInstalled_Time"="REG_SZ", "11/30/2016 9:14:49 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "CanScanOnLaunch"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, ......0. "ErrorCount"="REG_DWORD", 19 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Wed. November 30, 2016. 09:15 AM" "StrLastScanResults"="REG_SZ", "19" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" [HKEY_CURRENT_USER\Software\SecurePCTuneup\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\System Monitor\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 Malwarebytes Anti-Malware log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/30/2016 Scan Time: 9:27 AM Logfile: mbamSecurePCTuneup.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.30.04 Rootkit Database: v2016.11.20.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 303584 Time Elapsed: 8 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\sm.exe, 3588, Delete-on-Reboot, [313be7df9ffb7abc1ff33276887bf709] PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe, 1700, Delete-on-Reboot, [56169f273367d4624b94f7eea45f8779] Modules: 3 PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\isxdl.dll, Delete-on-Reboot, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\isxdl.dll, Delete-on-Reboot, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\xmllite.dll, Delete-on-Reboot, [56169f273367d4624b94f7eea45f8779], Registry Keys: 9 PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{043CF42D-5E25-4255-BDED-AF527256D33A}, Delete-on-Reboot, [cf9d40868e0c0d297c682abbe320b749], PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA67C9F2-1FD8-4AD4-97E7-A31D0BC2F625}, Delete-on-Reboot, [4c20dcea0595e65040a41fc6c53e1ce4], PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FDDEE7B8-84B3-48C7-A224-A0BA2BA23E4F}, Delete-on-Reboot, [de8e8b3bd2c8ba7c03e1ffe6f90a4ab6], PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Secure PC Tuneup, Delete-on-Reboot, [92daf7cf168492a440a345a0af546898], PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Secure PC Tuneup_DEFAULT, Delete-on-Reboot, [1458a2240f8bc373eef512d3c43f05fb], PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Secure PC Tuneup_UPDATES, Delete-on-Reboot, [66064284c8d256e0a63ddf0658ab26da], PUP.Optional.SystemMonitor, HKLM\SOFTWARE\WOW6432NODE\SYSTEM MONITOR, Quarantined, [eb81ab1b6b2f7fb7a66f3e6ae51e08f8], PUP.Optional.SystemMonitor, HKCU\SOFTWARE\SYSTEM MONITOR\LANG, Quarantined, [e68671554e4cef479398396f13f04eb2], PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SecurePCTuneup_is1, Quarantined, [56169f273367d4624b94f7eea45f8779], Registry Values: 5 PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{043CF42D-5E25-4255-BDED-AF527256D33A}|Path, \Secure PC Tuneup, Delete-on-Reboot, [cf9d40868e0c0d297c682abbe320b749] PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA67C9F2-1FD8-4AD4-97E7-A31D0BC2F625}|Path, \Secure PC Tuneup_DEFAULT, Delete-on-Reboot, [4c20dcea0595e65040a41fc6c53e1ce4] PUP.Optional.SecurePCTuneup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FDDEE7B8-84B3-48C7-A224-A0BA2BA23E4F}|Path, \Secure PC Tuneup_UPDATES, Delete-on-Reboot, [de8e8b3bd2c8ba7c03e1ffe6f90a4ab6] PUP.Optional.SystemMonitor, HKLM\SOFTWARE\WOW6432NODE\SYSTEM MONITOR|TELNO, (844) 763-5838, Quarantined, [eb81ab1b6b2f7fb7a66f3e6ae51e08f8] PUP.Optional.SystemMonitor, HKCU\SOFTWARE\SYSTEM MONITOR\LANG|LangID, 0, Quarantined, [e68671554e4cef479398396f13f04eb2] Registry Data: 0 (No malicious items detected) Folders: 4 PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor, Delete-on-Reboot, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup, Delete-on-Reboot, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecurePCTuneup, Quarantined, [da92e1e57e1c59dd33ad4f96be451ae6], PUP.Optional.SecurePCTuneup, C:\Users\{username}\AppData\Roaming\SecurePCTuneup, Delete-on-Reboot, [c1ab4b7b7d1d9b9b965040a581822dd3], Files: 73 PUP.Optional.SecurePCTuneup, C:\Users\{username}\Desktop\setup.exe, Quarantined, [5d0fccfa1783f6404099d411c241e818], PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\eng_em.ini, Quarantined, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\French_em.ini, Quarantined, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\German_em.ini, Quarantined, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\ininotfound0.ini, Quarantined, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\isxdl.dll, Delete-on-Reboot, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\japan_em.ini, Quarantined, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SystemMonitor, C:\Users\{username}\AppData\Roaming\System Monitor\sm.exe, Delete-on-Reboot, [313be7df9ffb7abc1ff33276887bf709], PUP.Optional.SecurePCTuneup, C:\Users\Public\Desktop\SecurePCTuneup.lnk, Quarantined, [96d6cff75b3f50e600de6d78798a6799], PUP.Optional.SecurePCTuneup, C:\Windows\Tasks\Secure PC Tuneup_DEFAULT.job, Quarantined, [1d4f6e58acee77bf548d4a9b778c53ad], PUP.Optional.SecurePCTuneup, C:\Windows\Tasks\Secure PC Tuneup_UPDATES.job, Quarantined, [0a62f2d458423204a73a598c31d239c7], PUP.Optional.SecurePCTuneup, C:\Windows\System32\Tasks\Secure PC Tuneup, Quarantined, [d29abd099802f83ed012786dcf34f20e], PUP.Optional.SecurePCTuneup, C:\Windows\System32\Tasks\Secure PC Tuneup_DEFAULT, Quarantined, [e58726a0f0aab5817a6803e2f60dbd43], PUP.Optional.SecurePCTuneup, C:\Windows\System32\Tasks\Secure PC Tuneup_UPDATES, Quarantined, [204cb0166634a1959e447d68d92a9b65], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Finnish_uninst_fi.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Japanese_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\RegList.pcp, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Chinese_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Chinese_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Danish_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Danish_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Dutch_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Dutch_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\eng_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\eng_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\FileList.pcp, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Finnish_pcp_fi.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Japanese_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\korean_pcp_ko.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\korean_uninst_ko.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\leftbmp.bmp, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Norwegian_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Norwegian_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\polish_pcp_pl.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\polish_uninst_pl.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\portugese_pcp_pt.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\portugese_uninst_pt.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Portuguese_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Portuguese_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\French_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\French_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\German_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\German_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\greek_pcp_el.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\greek_uninst_el.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\isxdl.dll, Delete-on-Reboot, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Italian_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Italian_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\russian_pcp_ru.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\russian_uninst_ru.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\SecurePCTuneup.exe, Delete-on-Reboot, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\smsetup.exe, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Spanish_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\spanish_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\SPTUUns.exe, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Swedish_pcp.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\swedish_uninst.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\TraditionalCn_pcp_zh-tw.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\traditionalcn_uninst_zh-tw.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\turkish_pcp_tr.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\Turkish_uninst_tr.ini, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\unins000.dat, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\unins000.exe, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\unins000.msg, Quarantined, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\Program Files (x86)\SecurePCTuneup\xmllite.dll, Delete-on-Reboot, [56169f273367d4624b94f7eea45f8779], PUP.Optional.SecurePCTuneup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecurePCTuneup\Register SecurePCTuneup.lnk, Quarantined, [da92e1e57e1c59dd33ad4f96be451ae6], PUP.Optional.SecurePCTuneup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecurePCTuneup\SecurePCTuneup.lnk, Quarantined, [da92e1e57e1c59dd33ad4f96be451ae6], PUP.Optional.SecurePCTuneup, C:\Users\{username}\AppData\Roaming\SecurePCTuneup\1480494393.reg, Quarantined, [c1ab4b7b7d1d9b9b965040a581822dd3], PUP.Optional.SecurePCTuneup, C:\Users\{username}\AppData\Roaming\SecurePCTuneup\backup6.bin, Quarantined, [c1ab4b7b7d1d9b9b965040a581822dd3], PUP.Optional.SecurePCTuneup, C:\Users\{username}\AppData\Roaming\SecurePCTuneup\eng_pcp.dat, Quarantined, [c1ab4b7b7d1d9b9b965040a581822dd3], PUP.Optional.SecurePCTuneup, C:\Users\{username}\AppData\Roaming\SecurePCTuneup\ipini.ini, Quarantined, [c1ab4b7b7d1d9b9b965040a581822dd3], PUP.Optional.SecurePCTuneup, C:\Users\{username}\AppData\Roaming\SecurePCTuneup\log_11-30-2016.log, Delete-on-Reboot, [c1ab4b7b7d1d9b9b965040a581822dd3], PUP.Optional.SecurePCTuneup, C:\Users\{username}\AppData\Roaming\SecurePCTuneup\results.pcp, Quarantined, [c1ab4b7b7d1d9b9b965040a581822dd3], Physical Sectors: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.