Jump to content

Search the Community

Showing results for tags '(855) 761-8856'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 5 results

  1. What is Super Cleanup?The Malwarebytes research team has determined that Super Cleanup is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Super Cleanup?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and these screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did Super Cleanup get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Super Cleanup?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Super Cleanup? No, Malwarebytes removes Super Cleanup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Super Cleanup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (supercleanup.com) C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd C:\Windows\System32\Tasks\Super Cleanup_DEFAULT C:\Windows\System32\Tasks\Super Cleanup C:\Windows\System32\Tasks\Super Cleanup_UPDATES C:\Users\Public\Desktop\Super Cleanup.lnk C:\Windows\Tasks\Super Cleanup_UPDATES.job C:\Windows\Tasks\Super Cleanup_DEFAULT.job C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd (www.supercleanup.com/ ) C:\Users\{username}\Desktop\scupsetup_site.exe Super Cleanup (HKLM-x32\...\Super Cleanup_is1) (Version: 7.27.0.928 - www.supercleanup.com/) Task: {5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF} - System32\Tasks\Super Cleanup => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe [2018-03-26] (supercleanup.com) Task: {BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B} - System32\Tasks\Super Cleanup_DEFAULT => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe [2018-03-26] (supercleanup.com) Task: {F6D671F0-8F5E-4242-8F2B-820DA8D7B40B} - System32\Tasks\Super Cleanup_UPDATES => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe [2018-03-26] (supercleanup.com) Task: C:\Windows\Tasks\Super Cleanup_DEFAULT.job => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe Task: C:\Windows\Tasks\Super Cleanup_UPDATES.job => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd Adds the file app.ico"="6/7/2017 11:02 AM, 34494 bytes, A Adds the file RegList.scup"="5/29/2017 4:05 PM, 93350 bytes, A Adds the file SCUPUns.exe"="3/26/2018 10:11 AM, 574896 bytes, A Adds the file supercleanup.exe"="3/26/2018 10:11 AM, 7621040 bytes, A Adds the file unins000.dat"="5/14/2018 8:31 AM, 44229 bytes, A Adds the file unins000.exe"="5/14/2018 8:31 AM, 1210800 bytes, A Adds the file unins000.msg"="5/14/2018 8:31 AM, 22701 bytes, A Adds the file xmllite.dll"="5/29/2017 4:05 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup Adds the file Register Super Cleanup.lnk"="5/14/2018 8:31 AM, 1267 bytes, A Adds the file Super Cleanup.lnk"="5/14/2018 8:31 AM, 1241 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd Adds the file backup6.bin"="5/14/2018 8:31 AM, 747 bytes, A Adds the file eng_scup.dat"="5/14/2018 8:31 AM, 29938 bytes, A Adds the file log_05-14-2018.log"="5/14/2018 8:31 AM, 0 bytes, A Adds the file results.scup"="5/14/2018 8:33 AM, 6070 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Super Cleanup.lnk"="5/14/2018 8:31 AM, 1223 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Super Cleanup"="5/14/2018 8:31 AM, 3170 bytes, A Adds the file Super Cleanup_DEFAULT"="5/14/2018 8:31 AM, 3288 bytes, A Adds the file Super Cleanup_UPDATES"="5/14/2018 8:31 AM, 3100 bytes, A In the existing folder C:\Windows\Tasks Adds the file Super Cleanup_DEFAULT.job"="5/14/2018 8:31 AM, 334 bytes, A Adds the file Super Cleanup_UPDATES.job"="5/14/2018 8:31 AM, 342 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Super Cleanup_DEFAULT.job"="REG_BINARY, ................................ "Super Cleanup_DEFAULT.job.fp"="REG_DWORD", -1677318068 "Super Cleanup_UPDATES.job"="REG_BINARY, ................................ "Super Cleanup_UPDATES.job.fp"="REG_DWORD", 1213072560 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd] "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "RENEWALURL"="REG_SZ", "http://www.supercleanup.com/renewal/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "SCUPURL"="REG_SZ", "http://www.supercleanup.com/buynow/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "ShowExitPage"="REG_DWORD", 0 "support_email"="REG_SZ", "support@jawego.com" "TELNO"="REG_SZ", "(855) 761-8856" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410" "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "affiliateid"="REG_SZ", "" "SCUP"="REG_DWORD", 1 "SCUPGuid"="REG_SZ", "377db163-6ce4-4e9e-8e7c-4879a2bfd2bd" "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Super Cleanup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe" "DisplayName"="REG_SZ", "Super Cleanup" "DisplayVersion"="REG_SZ", "7.27.0.928" "EstimatedSize"="REG_DWORD", 12843 "HelpLink"="REG_SZ", "http://www.supercleanup.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd" "Inno Setup: Icon Group"="REG_SZ", "Super Cleanup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180514" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\" "MajorVersion"="REG_DWORD", 7 "MinorVersion"="REG_DWORD", 27 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "www.supercleanup.com/" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.supercleanup.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Super\Cleanup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd] "1stInstalled_Time"="REG_SZ", "5/14/2018 8:31:37 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....!.. "ErrorCount"="REG_DWORD", 17 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkPeriodicUpDate"="REG_DWORD", 1 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Mon. May 14, 2018. 08:33 AM" "StrLastScanResults"="REG_SZ", "17" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" [HKEY_CURRENT_USER\Software\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Jawego\Params] "SCUPGuid"="REG_SZ", "377db163-6ce4-4e9e-8e7c-4879a2bfd2bd" [HKEY_CURRENT_USER\Software\Super\Cleanup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/14/18 Scan Time: 8:41 AM Log File: d720e31b-5741-11e8-8a2b-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.5096 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 239521 Threats Detected: 95 Threats Quarantined: 94 Time Elapsed: 2 min, 40 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe, Quarantined, [505], [359444],1.0.5096 Module: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\isxdl.dll, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\xmllite.dll, Quarantined, [505], [359444],1.0.5096 Registry Key: 16 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Cleanup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Cleanup_DEFAULT, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Cleanup_UPDATES, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F6D671F0-8F5E-4242-8F2B-820DA8D7B40B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F6D671F0-8F5E-4242-8F2B-820DA8D7B40B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Super Cleanup_is1, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKCU\SOFTWARE\Jawego, Quarantined, [505], [351909],1.0.5096 PUP.Optional.SuperCleanup, HKCU\SOFTWARE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Quarantined, [3547], [519919],1.0.5096 PUP.Optional.SuperCleanup, HKCU\SOFTWARE\SUPER\Cleanup, Quarantined, [3547], [519921],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\SUPER\Cleanup, Quarantined, [3547], [519922],1.0.5096 Adware.Jawego, HKLM\SOFTWARE\WOW6432NODE\Jawego, Quarantined, [7371], [383598],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Quarantined, [3547], [519920],1.0.5096 Registry Value: 7 PUP.Optional.SuperCleanup, HKCU\SOFTWARE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|SETCHKDONTSHOWREDTRAYPOPUP, Quarantined, [3547], [519919],1.0.5096 PUP.Optional.RegTuneup, HKCU\SOFTWARE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|REGERRFOUNDTILLDATE, Quarantined, [6483], [450413],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|SCUPURL, Quarantined, [3547], [519920],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|RENEWALURL, Quarantined, [3547], [519920],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF}|PATH, Quarantined, [3547], [520040],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B}|PATH, Quarantined, [3547], [520040],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F6D671F0-8F5E-4242-8F2B-820DA8D7B40B}|PATH, Quarantined, [3547], [520040],1.0.5096 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Quarantined, [505], [359444],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\{username}\APPDATA\ROAMING\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Removal Failed, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPER CLEANUP, Quarantined, [3547], [519915],1.0.5096 File: 65 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\isxdl.dll, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\app.ico, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Chinese_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Chinese_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Danish_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Danish_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Dutch_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Dutch_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\eng_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\eng_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\FileList.scup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\korean_scup_ko.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\korean_uninst_ko.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\leftbmp.bmp, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Norwegian_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Norwegian_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\PCO_En.wav, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\polish_scup_pl.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\polish_uninst_pl.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\portugese_scup_pt.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\portugese_uninst_pt.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Portuguese_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Portuguese_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\RegList.scup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Finnish_scup_fi.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Finnish_uninst_fi.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\French_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\French_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\German_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\German_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\greek_scup_el.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\greek_uninst_el.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Italian_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Italian_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Japanese_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Japanese_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\russian_scup_ru.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\russian_uninst_ru.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\SCUPUns.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Spanish_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\spanish_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Swedish_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\swedish_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\TraditionalCn_scup_zh-tw.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\traditionalcn_uninst_zh-tw.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\turkish_scup_tr.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Turkish_uninst_tr.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.dat, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.msg, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\xmllite.dll, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\Super Cleanup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\Super Cleanup_DEFAULT, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\Super Cleanup_UPDATES, Quarantined, [505], [359444],1.0.5096 PUP.Optional.SuperCleanup, C:\WINDOWS\TASKS\Super Cleanup_DEFAULT.job, Quarantined, [3547], [520039],1.0.5096 PUP.Optional.SuperCleanup, C:\WINDOWS\TASKS\Super Cleanup_UPDATES.job, Quarantined, [3547], [520039],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\{username}\APPDATA\ROAMING\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\results.scup, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\backup6.bin, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\eng_scup.dat, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\log_05-14-2018.log, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\PUBLIC\DESKTOP\SUPER CLEANUP.LNK, Quarantined, [3547], [519933],1.0.5096 PUP.Optional.SuperCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup\Register Super Cleanup.lnk, Quarantined, [3547], [519915],1.0.5096 PUP.Optional.SuperCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup\Super Cleanup.lnk, Quarantined, [3547], [519915],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\{username}\DESKTOP\SCUPSETUP_SITE.EXE, Quarantined, [3547], [519924],1.0.5096 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Win Tuneup Pro? The Malwarebytes research team has determined that Win Tuneup Pro is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Win Tuneup Pro? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and on your desktop: and see these warnings during install: and this screen during "operations": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Win Tuneup Pro get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Win Tuneup Pro? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Win Tuneup Pro? No, Malwarebytes removes Win Tuneup Pro completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Win Tuneup Pro installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (Win Tuneup Pro) C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe () C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe C:\Windows\System32\Tasks\Win Tuneup Pro_DEFAULT C:\Windows\System32\Tasks\Win Tuneup Pro_UPDATES C:\Windows\Tasks\Win Tuneup Pro_UPDATES.job C:\Windows\Tasks\Win Tuneup Pro_DEFAULT.job C:\Windows\System32\Tasks\Win Tuneup Pro C:\Windows\System32\Tasks\RunAtStartup C:\Users\Public\Desktop\Win Tuneup Pro.lnk C:\Users\{username}\AppData\Roaming\SysMon C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5 C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5 Win Tuneup Pro (HKLM-x32\...\Win Tuneup Pro_is1) (Version: 2.7.36.559 - hxxp://www.wintuneuppro.com/) Task: {2BB7B82C-0D26-414A-8140-23A27E47CCD9} - System32\Tasks\Win Tuneup Pro => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe [2017-01-06] (Win Tuneup Pro) Task: {385673EB-B2FE-4F75-90D7-494319927222} - System32\Tasks\Win Tuneup Pro_DEFAULT => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe [2017-01-06] (Win Tuneup Pro) Task: {71C96698-A0DC-4A37-96F4-1FCC5E9923ED} - System32\Tasks\RunAtStartup => C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe [2016-12-09] () Task: {B0A283A4-D522-4979-B968-633E0F4AE60D} - System32\Tasks\Win Tuneup Pro_UPDATES => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe [2017-01-06] (Win Tuneup Pro) Task: C:\Windows\Tasks\Win Tuneup Pro_DEFAULT.job => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe Task: C:\Windows\Tasks\Win Tuneup Pro_UPDATES.job => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5 Adds the file Danish_uninst.ini"="11/30/2016 12:04 PM, 2948 bytes, A Adds the file Danish_wtupr.ini"="12/6/2016 6:23 PM, 82682 bytes, A Adds the file FileList.wtupr"="11/30/2016 12:04 PM, 13618 bytes, A Adds the file isxdl.dll"="1/6/2017 10:59 AM, 157648 bytes, A Adds the file RegList.wtupr"="11/30/2016 12:04 PM, 93350 bytes, A Adds the file sysmon.exe"="1/6/2017 10:59 AM, 1258736 bytes, A Adds the file unins000.dat"="1/13/2017 9:54 AM, 40591 bytes, A Adds the file unins000.exe"="1/13/2017 9:52 AM, 1210832 bytes, A Adds the file unins000.msg"="1/13/2017 9:54 AM, 22701 bytes, A Adds the file WinTuneupPro.exe"="1/6/2017 10:59 AM, 9007056 bytes, A Adds the file WTUPRUns.exe"="1/6/2017 10:59 AM, 572880 bytes, A Adds the file xmllite.dll"="11/30/2016 12:04 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro Adds the file Register Win Tuneup Pro.lnk"="1/13/2017 9:54 AM, 1267 bytes, A Adds the file Win Tuneup Pro.lnk"="1/13/2017 9:54 AM, 1241 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5 Adds the file backup6.bin"="1/13/2017 9:54 AM, 728 bytes, A Adds the file eng_wtupr.dat"="1/13/2017 9:54 AM, 29582 bytes, A Adds the file ip.ini"="1/13/2017 9:52 AM, 7894 bytes, A Adds the file log_01-13-2017.log"="1/13/2017 9:54 AM, 0 bytes, A Adds the file results.wtupr"="1/13/2017 9:56 AM, 7194 bytes, A Adds the file sfuni.ini"="1/13/2017 9:52 AM, 7894 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SysMon Adds the file eng_sm.ini"="12/9/2016 5:53 PM, 620 bytes, A Adds the file French_sm.ini"="12/9/2016 5:53 PM, 648 bytes, A Adds the file German_sm.ini"="12/9/2016 5:53 PM, 704 bytes, A Adds the file ininotfound0.ini"="1/13/2017 9:54 AM, 172 bytes, A Adds the file isxdl.dll"="12/9/2016 6:31 PM, 157632 bytes, A Adds the file japan_sm.ini"="12/9/2016 5:53 PM, 548 bytes, A Adds the file sysmon.exe"="12/9/2016 6:31 PM, 3058624 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Win Tuneup Pro.lnk"="1/13/2017 9:54 AM, 1223 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file RunAtStartup"="1/13/2017 9:54 AM, 3006 bytes, A Adds the file Win Tuneup Pro"="1/13/2017 9:54 AM, 3174 bytes, A Adds the file Win Tuneup Pro_DEFAULT"="1/13/2017 9:55 AM, 3288 bytes, A Adds the file Win Tuneup Pro_UPDATES"="1/13/2017 9:55 AM, 3100 bytes, A In the existing folder C:\Windows\Tasks Adds the file Win Tuneup Pro_DEFAULT.job"="1/13/2017 9:55 AM, 334 bytes, A Adds the file Win Tuneup Pro_UPDATES.job"="1/13/2017 9:55 AM, 342 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Win Tuneup Pro_DEFAULT.job"="REG_BINARY, ................................ "Win Tuneup Pro_DEFAULT.job.fp"="REG_DWORD", -1618755786 "Win Tuneup Pro_UPDATES.job"="REG_BINARY, ................................ "Win Tuneup Pro_UPDATES.job.fp"="REG_DWORD", 358340627 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "WTUPR"="REG_DWORD", 1 "WTUPRGuid"="REG_SZ", "bc0223e2-8ece-4a9d-b436-94115ec78fe5" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Win Tuneup Pro_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe" "DisplayName"="REG_SZ", "Win Tuneup Pro" "DisplayVersion"="REG_SZ", "2.7.36.559" "EstimatedSize"="REG_DWORD", 13720 "HelpLink"="REG_SZ", "http://www.wintuneuppro.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5" "Inno Setup: Icon Group"="REG_SZ", "Win Tuneup Pro" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170113" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\" "MajorVersion"="REG_DWORD", 2 "MinorVersion"="REG_DWORD", 7 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "http://www.wintuneuppro.com/" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.wintuneuppro.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon] "first"="REG_DWORD", 1 "TELNO"="REG_SZ", "(844) 763-5838" "TELNOAU"="REG_SZ", "1800 154 231" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.05.61" "TELNOJP"="REG_SZ", "03-5050-1410" "TELNOUK"="REG_SZ", "0800 031 4657" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Win\Tuneup\Pro\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\bc0223e2-8ece-4a9d-b436-94115ec78fe5] "1stInstalled_Time"="REG_SZ", "1/13/2017 9:54:47 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....8.. "ErrorCount"="REG_DWORD", 19 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Fri. January 13, 2017. 09:56 AM" "StrLastScanResults"="REG_SZ", "19" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" "TrialType"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\bc0223e2-8ece-4a9d-b436-94115ec78fe5\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Jawego\Params] "WTUPRGuid"="REG_SZ", "bc0223e2-8ece-4a9d-b436-94115ec78fe5" [HKEY_CURRENT_USER\Software\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Win\Tuneup\Pro\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/13/17 Scan Time: 10:06 AM Logfile: mbamWinTuneupPro.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1000 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 355644 Time Elapsed: 7 min, 41 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 2 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe, Quarantined, [2342], [359078],1.0.1000 Module: 5 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\isxdl.dll, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\xmllite.dll, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SYSMON\ISXDL.DLL, Quarantined, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe, Quarantined, [2342], [359078],1.0.1000 Registry Key: 10 PUP.Optional.Jawego, HKCU\SOFTWARE\Jawego, Delete-on-Reboot, [2342], [351909],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Win Tuneup Pro_is1, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2BB7B82C-0D26-414A-8140-23A27E47CCD9}, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{385673EB-B2FE-4F75-90D7-494319927222}, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{71C96698-A0DC-4A37-96F4-1FCC5E9923ED}, Delete-on-Reboot, [3030], [351914],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B0A283A4-D522-4979-B968-633E0F4AE60D}, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RunAtStartup, Delete-on-Reboot, [3030], [351913],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Win Tuneup Pro, Delete-on-Reboot, [2342], [358612],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Win Tuneup Pro_DEFAULT, Delete-on-Reboot, [2342], [358612],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Win Tuneup Pro_UPDATES, Delete-on-Reboot, [2342], [358612],1.0.1000 Registry Value: 4 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2BB7B82C-0D26-414A-8140-23A27E47CCD9}|PATH, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{385673EB-B2FE-4F75-90D7-494319927222}|PATH, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{71C96698-A0DC-4A37-96F4-1FCC5E9923ED}|PATH, Delete-on-Reboot, [3030], [351914],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B0A283A4-D522-4979-B968-633E0F4AE60D}|PATH, Delete-on-Reboot, [2342], [358613],1.0.1000 Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\BC0223E2-8ECE-4A9D-B436-94115EC78FE5, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIN TUNEUP PRO, Delete-on-Reboot, [2342], [358609],1.0.1000 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SYSMON, Delete-on-Reboot, [2342], [359078],1.0.1000 File: 73 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\BC0223E2-8ECE-4A9D-B436-94115EC78FE5\ENG_WTUPR.DAT, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\backup6.bin, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\ip.ini, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\log_01-13-2017.log, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\results.wtupr, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\sfuni.ini, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\DESKTOP\SETUP.EXE, Delete-on-Reboot, [2342], [358622],1.0.1000 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\WIN TUNEUP PRO.LNK, Delete-on-Reboot, [2342], [358607],1.0.1000 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro\Register Win Tuneup Pro.lnk, Delete-on-Reboot, [2342], [358609],1.0.1000 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro\Win Tuneup Pro.lnk, Delete-on-Reboot, [2342], [358609],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\TASKS\WIN TUNEUP PRO_DEFAULT.JOB, Delete-on-Reboot, [2342], [358610],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\WIN TUNEUP PRO_UPDATES, Delete-on-Reboot, [2342], [358611],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\WIN TUNEUP PRO_DEFAULT, Delete-on-Reboot, [2342], [358611],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\TASKS\WIN TUNEUP PRO_UPDATES.JOB, Delete-on-Reboot, [2342], [358610],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\WIN TUNEUP PRO, Delete-on-Reboot, [2342], [358611],1.0.1000 PUP.Optional.SysTweak.Generic, C:\WINDOWS\SYSTEM32\TASKS\RUNATSTARTUP, Delete-on-Reboot, [3030], [351912],1.0.1000 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\isxdl.dll, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Chinese_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Chinese_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Danish_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Danish_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Dutch_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Dutch_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\eng_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\eng_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\FileList.wtupr, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\korean_uninst_ko.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\korean_wtupr_ko.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Norwegian_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Norwegian_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\polish_uninst_pl.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\polish_wtupr_pl.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\portugese_uninst_pt.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\portugese_wtupr_pt.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Portuguese_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Portuguese_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\RegList.wtupr, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\russian_uninst_ru.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Finnish_uninst_fi.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Finnish_wtupr_fi.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\French_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\French_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\German_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\German_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\greek_uninst_el.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\greek_wtupr_el.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Italian_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Italian_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Japanese_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\spanish_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Spanish_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\swedish_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Swedish_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\sysmon.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\traditionalcn_uninst_zh-tw.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\TraditionalCn_wtupr_zh-tw.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Turkish_uninst_tr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\turkish_wtupr_tr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.dat, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.msg, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WTUPRUns.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\xmllite.dll, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Japanese_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\russian_wtupr_ru.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SYSMON\ISXDL.DLL, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\eng_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\French_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\German_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\ininotfound0.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\japan_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe, Delete-on-Reboot, [2342], [359078],1.0.1000 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Reg Tuneup? The Malwarebytes research team has determined that Reg Tuneup is a fake registry cleaner. These so-called "registry cleaners" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Reg Tuneup? This is how the main screen of the registry cleaning application looks: You will find these icons in your startmenu, taskbar, and on your desktop: And see these warnings during install: You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Reg Tuneup get on my computer? These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from their website. How do I remove Reg Tuneup? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Reg Tuneup? No, Malwarebytes' Anti-Malware removes Reg Tuneup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this registry cleaner. As you can see below the full version of Malwarebytes would have protected you against the Reg Tuneup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block traffic to their domain: Technical details for experts You may see these entries in FRST logs: (Reg Tuneup) C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe C:\Users\{username}\AppData\Roaming\7200c83b-a5d5-400a-b1b7-be1cb3cba95c C:\Windows\System32\Tasks\Reg Tuneup_DEFAULT C:\Windows\System32\Tasks\Reg Tuneup C:\Windows\System32\Tasks\Reg Tuneup_UPDATES C:\Users\Public\Desktop\Reg Tuneup.lnk C:\Windows\Tasks\Reg Tuneup_UPDATES.job C:\Windows\Tasks\Reg Tuneup_DEFAULT.job C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c (hxxp://www.regtuneup.com/ ) C:\Users\{username}\Desktop\regtusetup_site.exe Reg Tuneup (HKLM-x32\...\Reg Tuneup_is1) (Version: 3.6.18.560 - hxxp://www.regtuneup.com/) Task: {41DA5632-B982-4C35-9C9A-779EEB10A4DF} - System32\Tasks\Reg Tuneup => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe [2017-01-06] (Reg Tuneup) Task: {4A7A53FF-5734-420B-B100-3166F7EA2E75} - System32\Tasks\Reg Tuneup_UPDATES => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe [2017-01-06] (Reg Tuneup) Task: {5C6F7F48-8E0A-487B-96E4-3ACEF1EDCC52} - System32\Tasks\Reg Tuneup_DEFAULT => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe [2017-01-06] (Reg Tuneup) Task: C:\Windows\Tasks\Reg Tuneup_DEFAULT.job => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe Task: C:\Windows\Tasks\Reg Tuneup_UPDATES.job => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c Adds the file eng_regtu.ini"="12/9/2016 6:00 PM, 75856 bytes, A Adds the file eng_uninst.ini"="12/2/2016 3:05 PM, 2830 bytes, A Adds the file FileList.regtu"="12/2/2016 3:05 PM, 13618 bytes, A Adds the file isxdl.dll"="1/6/2017 10:49 AM, 157632 bytes, A Adds the file RegList.regtu"="12/2/2016 3:05 PM, 93350 bytes, A Adds the file RegTuneup.exe"="1/6/2017 10:49 AM, 8909760 bytes, A Adds the file REGTUUns.exe"="1/6/2017 10:49 AM, 572864 bytes, A Adds the file Spanish_regtu.ini"="12/6/2016 6:47 PM, 87276 bytes, A Adds the file spanish_uninst.ini"="12/2/2016 3:05 PM, 3086 bytes, A Adds the file unins000.dat"="1/9/2017 8:13 AM, 40731 bytes, A Adds the file unins000.exe"="1/9/2017 8:12 AM, 1210816 bytes, A Adds the file unins000.msg"="1/9/2017 8:13 AM, 22701 bytes, A Adds the file xmllite.dll"="12/2/2016 3:05 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup Adds the file Reg Tuneup.lnk"="1/9/2017 8:13 AM, 1226 bytes, A Adds the file Register Reg Tuneup.lnk"="1/9/2017 8:13 AM, 1252 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\7200c83b-a5d5-400a-b1b7-be1cb3cba95c Adds the file backup6.bin"="1/9/2017 8:13 AM, 534 bytes, A Adds the file eng_regtu.dat"="1/9/2017 8:13 AM, 29542 bytes, A Adds the file log_01-09-2017.log"="1/9/2017 8:13 AM, 0 bytes, A Adds the file results.regtu"="1/9/2017 8:14 AM, 7194 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Reg Tuneup.lnk"="1/9/2017 8:13 AM, 1208 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Reg Tuneup"="1/9/2017 8:13 AM, 3152 bytes, A Adds the file Reg Tuneup_DEFAULT"="1/9/2017 8:13 AM, 3282 bytes, A Adds the file Reg Tuneup_UPDATES"="1/9/2017 8:13 AM, 3094 bytes, A In the existing folder C:\Windows\Tasks Adds the file Reg Tuneup_DEFAULT.job"="1/9/2017 8:13 AM, 328 bytes, A Adds the file Reg Tuneup_UPDATES.job"="1/9/2017 8:13 AM, 336 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Reg Tuneup_DEFAULT.job"="REG_BINARY, ................................ "Reg Tuneup_DEFAULT.job.fp"="REG_DWORD", -479819351 "Reg Tuneup_UPDATES.job"="REG_BINARY, ................................ "Reg Tuneup_UPDATES.job.fp"="REG_DWORD", -408786923 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\7200c83b-a5d5-400a-b1b7-be1cb3cba95c] "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "REGTUURL"="REG_SZ", "http://www.regtuneup.com/buynow/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "RENEWALURL"="REG_SZ", "http://www.regtuneup.com/renewal/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "ShowExitPage"="REG_DWORD", 0 "TELNO"="REG_SZ", "(855) 761-8856" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410 " "TrialType"="REG_DWORD", 0 "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "REGTU"="REG_DWORD", 1 "REGTUGuid"="REG_SZ", "7200c83b-a5d5-400a-b1b7-be1cb3cba95c" "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Reg Tuneup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe" "DisplayName"="REG_SZ", "Reg Tuneup" "DisplayVersion"="REG_SZ", "3.6.18.560" "EstimatedSize"="REG_DWORD", 12391 "HelpLink"="REG_SZ", "http://www.regtuneup.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c" "Inno Setup: Icon Group"="REG_SZ", "Reg Tuneup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170109" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 6 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "http://www.regtuneup.com/" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.regtuneup.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Reg\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\7200c83b-a5d5-400a-b1b7-be1cb3cba95c] "1stInstalled_Time"="REG_SZ", "1/9/2017 8:13:27 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, ........ "ErrorCount"="REG_DWORD", 19 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Mon. January 09, 2017. 08:14 AM" "StrLastScanResults"="REG_SZ", "19" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" "TrialType"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Jawego\Params] "REGTUGuid"="REG_SZ", "7200c83b-a5d5-400a-b1b7-be1cb3cba95c" [HKEY_CURRENT_USER\Software\Reg\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/9/17 Scan Time: 8:26 AM Logfile: mbamRegTuneup.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.955 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {Computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 354615 Time Elapsed: 7 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUNEUP.EXE, Quarantined, [2343], [351347],1.0.955 Module: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUNEUP.EXE, Quarantined, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\ISXDL.DLL, Quarantined, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\xmllite.dll, Quarantined, [2343], [358615],1.0.955 Registry Key: 8 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Reg Tuneup_is1, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reg Tuneup, Delete-on-Reboot, [2343], [358619],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reg Tuneup_DEFAULT, Delete-on-Reboot, [2343], [358619],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reg Tuneup_UPDATES, Delete-on-Reboot, [2343], [358619],1.0.955 PUP.Optional.Jawego, HKCU\SOFTWARE\Jawego, Delete-on-Reboot, [2343], [351909],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41DA5632-B982-4C35-9C9A-779EEB10A4DF}, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4A7A53FF-5734-420B-B100-3166F7EA2E75}, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C6F7F48-8E0A-487B-96E4-3ACEF1EDCC52}, Delete-on-Reboot, [2343], [358620],1.0.955 Registry Value: 3 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41DA5632-B982-4C35-9C9A-779EEB10A4DF}|PATH, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4A7A53FF-5734-420B-B100-3166F7EA2E75}|PATH, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C6F7F48-8E0A-487B-96E4-3ACEF1EDCC52}|PATH, Delete-on-Reboot, [2343], [358620],1.0.955 Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Jawego, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REG TUNEUP, Delete-on-Reboot, [2343], [358616],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C, Delete-on-Reboot, [2343], [358615],1.0.955 File: 58 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUNEUP.EXE, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\ISXDL.DLL, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\USERS\{Username}\DESKTOP\REGTUSETUP_SITE.EXE, Delete-on-Reboot, [2343], [358621],1.0.955 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\REG TUNEUP.LNK, Delete-on-Reboot, [2343], [358614],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUUNS.EXE, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\UNINS000.EXE, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup\Reg Tuneup.lnk, Delete-on-Reboot, [2343], [358616],1.0.955 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup\Register Reg Tuneup.lnk, Delete-on-Reboot, [2343], [358616],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\TASKS\REG TUNEUP_DEFAULT.JOB, Delete-on-Reboot, [2343], [358617],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\REG TUNEUP_DEFAULT, Delete-on-Reboot, [2343], [358618],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\TASKS\REG TUNEUP_UPDATES.JOB, Delete-on-Reboot, [2343], [358617],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\REG TUNEUP_UPDATES, Delete-on-Reboot, [2343], [358618],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\REG TUNEUP, Delete-on-Reboot, [2343], [358618],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Chinese_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Chinese_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Danish_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Danish_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Dutch_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Dutch_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\eng_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\eng_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\FileList.regtu, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Japanese_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\korean_regtu_ko.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\korean_uninst_ko.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Norwegian_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Norwegian_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\polish_regtu_pl.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\polish_uninst_pl.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\portugese_regtu_pt.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\portugese_uninst_pt.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Portuguese_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Portuguese_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Finnish_regtu_fi.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Finnish_uninst_fi.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\French_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\French_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\German_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\German_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\greek_regtu_el.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\greek_uninst_el.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Italian_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Italian_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\russian_regtu_ru.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\russian_uninst_ru.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Spanish_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\spanish_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Swedish_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\swedish_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\TraditionalCn_regtu_zh-tw.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\traditionalcn_uninst_zh-tw.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\turkish_regtu_tr.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Turkish_uninst_tr.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.dat, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.msg, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\xmllite.dll, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Japanese_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegList.regtu, Delete-on-Reboot, [2343], [358615],1.0.955 Physical Sector: 0 (No malicious items detected) (end)9:10 9-1-2017 As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Advanced PC Tuneup? The Malwarebytes research team has determined that Advanced PC Tuneup is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Advanced PC Tuneup? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and startmenu, and on your desktop: and see these warnings during install: and this screen when you try to fix "things": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Advanced PC Tuneup get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Advanced PC Tuneup? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application. Please download Malwarebytes Anti-Malware to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Advanced PC Tuneup? No, Malwarebytes' Anti-Malware removes Advanced PC Tuneup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Advanced PC Tuneup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (AdvancedPCTuneup.com) C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe () C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe C:\Windows\System32\Tasks\Advanced PC Tuneup_DEFAULT C:\Windows\System32\Tasks\Advanced PC Tuneup C:\Windows\System32\Tasks\Advanced PC Tuneup_UPDATES C:\Windows\System32\Tasks\RunAtStartup C:\Users\Public\Desktop\Advanced PC Tuneup.lnk C:\Windows\Tasks\Advanced PC Tuneup_UPDATES.job C:\Windows\Tasks\Advanced PC Tuneup_DEFAULT.job C:\Users\{username}\AppData\Roaming\SysMon C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tuneup C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F C:\Users\{username}\AppData\Roaming\6dc835e1-049b-4fe5-9825-b51fe4f7057f Advanced PC Tuneup (HKLM-x32\...\Advanced PC Tuneup_is1) (Version: 6.3.45.516 - www.advancedpctuneup.com) Task: {31473DA2-99AF-4A06-9656-68F29BE85DF9} - System32\Tasks\Advanced PC Tuneup_DEFAULT => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com) Task: {50B00273-6B7E-4668-9BB6-5851DB3B7FC5} - System32\Tasks\RunAtStartup => C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe [2016-12-09] () Task: {7D751A0B-5AE6-44F6-8B5D-82BF0E7EC027} - System32\Tasks\Advanced PC Tuneup => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com) Task: {B64C0B9D-2A08-48EA-83E6-C41E47A14FDE} - System32\Tasks\Advanced PC Tuneup_UPDATES => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com) Task: C:\Windows\Tasks\Advanced PC Tuneup_DEFAULT.job => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe Task: C:\Windows\Tasks\Advanced PC Tuneup_UPDATES.job => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F Adds the file AdvancedPCTuneup.exe"="12/9/2016 7:10 PM, 9124824 bytes, A Adds the file APCTUUns.exe"="12/9/2016 7:10 PM, 572888 bytes, A Adds the file Chinese_apct.ini"="11/29/2016 6:05 PM, 39614 bytes, A Adds the file Chinese_uninst.ini"="11/18/2016 4:24 PM, 2646 bytes, A Adds the file FileList.apctu"="11/29/2016 4:55 PM, 13618 bytes, A Adds the file isxdl.dll"="12/9/2016 7:10 PM, 157656 bytes, A Adds the file leftbmp.bmp"="11/21/2016 5:08 PM, 156296 bytes, A Adds the file RegList.apctu"="11/29/2016 4:55 PM, 93350 bytes, A Adds the file sysmon.exe"="12/9/2016 7:09 PM, 1258720 bytes, A Adds the file unins000.dat"="12/13/2016 7:53 AM, 40751 bytes, A Adds the file unins000.exe"="12/13/2016 7:52 AM, 1210840 bytes, A Adds the file unins000.msg"="12/13/2016 7:53 AM, 22701 bytes, A Adds the file xmllite.dll"="11/18/2016 4:24 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tuneup Adds the file Advanced PC Tuneup.lnk"="12/13/2016 7:53 AM, 1261 bytes, A Adds the file Register Advanced PC Tuneup.lnk"="12/13/2016 7:53 AM, 1287 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\6dc835e1-049b-4fe5-9825-b51fe4f7057f Adds the file backup6.bin"="12/13/2016 7:53 AM, 640 bytes, A Adds the file eng_apct.dat"="12/13/2016 7:53 AM, 29624 bytes, A Adds the file log_12-13-2016.log"="12/13/2016 7:53 AM, 0 bytes, A Adds the file results.apctu"="12/13/2016 7:55 AM, 6844 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SysMon Adds the file eng_sm.ini"="12/9/2016 5:53 PM, 620 bytes, A Adds the file French_sm.ini"="12/9/2016 5:53 PM, 648 bytes, A Adds the file German_sm.ini"="12/9/2016 5:53 PM, 704 bytes, A Adds the file ininotfound0.ini"="12/13/2016 7:53 AM, 172 bytes, A Adds the file isxdl.dll"="12/9/2016 6:31 PM, 157632 bytes, A Adds the file japan_sm.ini"="12/9/2016 5:53 PM, 548 bytes, A Adds the file sysmon.exe"="12/9/2016 6:31 PM, 3058624 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Advanced PC Tuneup.lnk"="12/13/2016 7:53 AM, 1243 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Advanced PC Tuneup"="12/13/2016 7:53 AM, 3234 bytes, A Adds the file Advanced PC Tuneup_DEFAULT"="12/13/2016 7:53 AM, 3296 bytes, A Adds the file Advanced PC Tuneup_UPDATES"="12/13/2016 7:53 AM, 3108 bytes, A Adds the file RunAtStartup"="12/13/2016 7:53 AM, 3006 bytes, A In the existing folder C:\Windows\Tasks Adds the file Advanced PC Tuneup_DEFAULT.job"="12/13/2016 7:53 AM, 342 bytes, A Adds the file Advanced PC Tuneup_UPDATES.job"="12/13/2016 7:53 AM, 350 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Advanced PC Tuneup_DEFAULT.job"="REG_BINARY, ................................ "Advanced PC Tuneup_DEFAULT.job.fp"="REG_DWORD", -414750731 "Advanced PC Tuneup_UPDATES.job"="REG_BINARY, ................................ "Advanced PC Tuneup_UPDATES.job.fp"="REG_DWORD", -1680533218 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\6dc835e1-049b-4fe5-9825-b51fe4f7057f] "APCTUURL"="REG_SZ", "http://www.advancedpctuneup.com/buynow/?" "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "RENEWALURL"="REG_SZ", "http://www.advancedpctuneup.com/renewal/?" "ShowExitPage"="REG_DWORD", 0 "TELNO"="REG_SZ", "(855) 761-8856" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\6dc835e1-049b-4fe5-9825-b51fe4f7057f\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Advanced\PC\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "APCTU"="REG_DWORD", 1 "APCTUGuid"="REG_SZ", "6dc835e1-049b-4fe5-9825-b51fe4f7057f" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced PC Tuneup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe" "DisplayName"="REG_SZ", "Advanced PC Tuneup" "DisplayVersion"="REG_SZ", "6.3.45.516" "EstimatedSize"="REG_DWORD", 13993 "HelpLink"="REG_SZ", "www.advancedpctuneup.com" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F" "Inno Setup: Icon Group"="REG_SZ", "Advanced PC Tuneup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20161213" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\" "MajorVersion"="REG_DWORD", 6 "MinorVersion"="REG_DWORD", 3 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "www.advancedpctuneup.com" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "www.advancedpctuneup.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon] "first"="REG_DWORD", 1 "TELNO"="REG_SZ", "(844) 763-5838" "TELNOAU"="REG_SZ", "1800 154 231" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.05.61" "TELNOJP"="REG_SZ", "03-5050-1410" "TELNOUK"="REG_SZ", "0800 031 4657" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\6dc835e1-049b-4fe5-9825-b51fe4f7057f] "1stInstalled_Time"="REG_SZ", "12/13/2016 7:53:25 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....7.. "ErrorCount"="REG_DWORD", 18 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Tue. December 13, 2016. 07:55 AM" "StrLastScanResults"="REG_SZ", "18" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" [HKEY_CURRENT_USER\Software\6dc835e1-049b-4fe5-9825-b51fe4f7057f\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Advanced\PC\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\Jawego\Params] "APCTUGuid"="REG_SZ", "6dc835e1-049b-4fe5-9825-b51fe4f7057f" [HKEY_CURRENT_USER\Software\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 Malwarebytes Anti-Malware log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/13/16 Scan Time: 1:14 PM Logfile: mbamAdvancedPCTuneup.txt Administrator: Yes -Software Information- Version: 3.0.4.1269 Components Version: 1.0.39 Update Package Version: 1.0.717 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: METALLICA-PC\Metallica -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351328 Time Elapsed: 7 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\ADVANCEDPCTUNEUP.EXE, Quarantined, [2313], [351907],1.0.717 Module: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\ADVANCEDPCTUNEUP.EXE, Quarantined, [2313], [351907],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\isxdl.dll, Quarantined, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\xmllite.dll, Quarantined, [2313], [352634],1.0.717 Registry Key: 10 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Advanced PC Tuneup_is1, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D5E6D2B-E090-4CC5-8EF6-18F020408253}, Delete-on-Reboot, [2764], [351914],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{117CAF5C-F0D2-49D8-BE70-EC1465BEB3C6}, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75304679-4E6F-49AF-8E72-76698E4AFF82}, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CADB70F7-69C6-4844-B3A0-243DDD1169B6}, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced PC Tuneup, Delete-on-Reboot, [2313], [351903],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced PC Tuneup_DEFAULT, Delete-on-Reboot, [2313], [351903],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced PC Tuneup_UPDATES, Delete-on-Reboot, [2313], [351903],1.0.717 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RunAtStartup, Delete-on-Reboot, [2764], [351913],1.0.717 PUP.Optional.Jawego, HKU\S-1-5-21-1350903546-318028887-1286703239-1003\SOFTWARE\Jawego, Delete-on-Reboot, [2313], [351909],1.0.717 Registry Value: 4 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D5E6D2B-E090-4CC5-8EF6-18F020408253}|PATH, Delete-on-Reboot, [2764], [351914],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{117CAF5C-F0D2-49D8-BE70-EC1465BEB3C6}|PATH, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75304679-4E6F-49AF-8E72-76698E4AFF82}|PATH, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CADB70F7-69C6-4844-B3A0-243DDD1169B6}|PATH, Delete-on-Reboot, [2313], [351904],1.0.717 Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F, Delete-on-Reboot, [2313], [352634],1.0.717 File: 59 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\ADVANCEDPCTUNEUP.EXE, Delete-on-Reboot, [2313], [351907],1.0.717 PUP.Optional.Jawego, C:\USERS\METALLICA\DESKTOP\SETUP.EXE, Delete-on-Reboot, [2313], [351908],1.0.717 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\ADVANCED PC TUNEUP.LNK, Delete-on-Reboot, [2313], [351905],1.0.717 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\APCTUUNS.EXE, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\isxdl.dll, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Chinese_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Chinese_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Danish_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Danish_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Dutch_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Dutch_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\eng_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\eng_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Italian_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Italian_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Japanese_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Japanese_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\korean_apct_ko.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\korean_uninst_ko.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\leftbmp.bmp, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Norwegian_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Norwegian_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\polish_apct_pl.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\polish_uninst_pl.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\portugese_apct_pt.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\portugese_uninst_pt.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Portuguese_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Portuguese_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\FileList.apctu, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Finnish_apct_fi.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Finnish_uninst_fi.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\French_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\French_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\German_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\German_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\greek_apct_el.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\greek_uninst_el.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\RegList.apctu, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\russian_apct_ru.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\russian_uninst_ru.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Spanish_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\spanish_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Swedish_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\swedish_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\sysmon.exe, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\TraditionalCn_apct_zh-tw.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\traditionalcn_uninst_zh-tw.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\turkish_apct_tr.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Turkish_uninst_tr.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.dat, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.exe, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.msg, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\xmllite.dll, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\TASKS\ADVANCED PC TUNEUP_UPDATES.JOB, Delete-on-Reboot, [2313], [351901],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\TASKS\ADVANCED PC TUNEUP_DEFAULT.JOB, Delete-on-Reboot, [2313], [351901],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\ADVANCED PC TUNEUP, Delete-on-Reboot, [2313], [351902],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\ADVANCED PC TUNEUP_DEFAULT, Delete-on-Reboot, [2313], [351902],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\ADVANCED PC TUNEUP_UPDATES, Delete-on-Reboot, [2313], [351902],1.0.717 PUP.Optional.SysTweak.Generic, C:\WINDOWS\SYSTEM32\TASKS\RUNATSTARTUP, Delete-on-Reboot, [2764], [351912],1.0.717 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is Super PC Cleanup? The Malwarebytes research team has determined that Super PC Cleanup is a "system optimizer". These so-called "system optimizer" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Unpacked blog. How do I know if I am infected with Super PC Cleanup? This is how the main screen of the sytem optimizer looks: You will find this icon in your startmenu and on your desktop: And see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Super PC Cleanup get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was installed by a bundler. How do I remove Super PC Cleanup? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-{version}.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to: Launch Malwarebytes Anti-Malware Then click Finish. Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu. If an update is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Super PC Cleanup? No, Malwarebytes' Anti-Malware removes Super PC Cleanup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Super PC Cleanup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (Super PC Cleanup) C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe C:\Windows\System32\Tasks\Super PC Cleanup C:\Users\Public\Desktop\Super PC Cleanup.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super PC Cleanup C:\Program Files (x86)\Super PC Cleanup C:\Windows\System32\Tasks\Super PC Cleanup_DEFAULT C:\Windows\System32\Tasks\Super PC Cleanup_UPDATES C:\Windows\Tasks\Super PC Cleanup_UPDATES.job C:\Windows\Tasks\Super PC Cleanup_DEFAULT.job C:\Users\{username}\AppData\Roaming\Super PC Cleanup Super PC Cleanup (HKLM-x32\...\Super PC Cleanup_is1) (Version: 1.8 - hxxp://www.superpccleanup.com/) Task: {6B592836-BC01-48CB-984F-C254285E78A2} - System32\Tasks\Super PC Cleanup_UPDATES => C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe [2016-11-21] (Super PC Cleanup) Task: {D720090B-D465-4E31-BF37-CC7E51A5A3F2} - System32\Tasks\Super PC Cleanup_DEFAULT => C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe [2016-11-21] (Super PC Cleanup) Task: {E17C1573-0CA2-4C90-A70F-C878F0F7D3A9} - System32\Tasks\Super PC Cleanup => C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe [2016-11-21] (Super PC Cleanup) Task: C:\Windows\Tasks\Super PC Cleanup_DEFAULT.job => C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe Task: C:\Windows\Tasks\Super PC Cleanup_UPDATES.job => C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Super PC Cleanup Adds the file eng_pcp.ini"="11/17/2016 5:59 PM, 76252 bytes, A Adds the file eng_uninst.ini"="10/18/2016 4:17 PM, 2830 bytes, A Adds the file FileList.pcp"="11/14/2016 6:08 PM, 13618 bytes, A Adds the file Finnish_pcp_fi.ini"="11/17/2016 5:59 PM, 80244 bytes, A Adds the file Finnish_uninst_fi.ini"="10/18/2016 4:17 PM, 3024 bytes, A Adds the file unins000.dat"="11/24/2016 9:41 AM, 68836 bytes, A Adds the file unins000.exe"="11/24/2016 9:40 AM, 1211080 bytes, A Adds the file unins000.msg"="11/24/2016 9:41 AM, 22701 bytes, A Adds the file xmllite.dll"="10/18/2016 4:17 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super PC Cleanup Adds the file Register Super PC Cleanup.lnk"="11/24/2016 9:41 AM, 1137 bytes, A Adds the file Super PC Cleanup.lnk"="11/24/2016 9:41 AM, 1111 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Super PC Cleanup Adds the file backup0.bin"="11/24/2016 9:45 AM, 568 bytes, A Adds the file backup3.bin"="11/24/2016 9:41 AM, 661 bytes, A Adds the file backup6.bin"="11/24/2016 9:41 AM, 607 bytes, A Adds the file eng_pcp.dat"="11/24/2016 9:41 AM, 38626 bytes, A Adds the file ExcludeList.pcp"="11/24/2016 9:41 AM, 6 bytes, A Adds the file ip.ini"="11/24/2016 9:34 AM, 7933 bytes, A Adds the file log_11-24-2016.log"="11/24/2016 9:41 AM, 9486 bytes, A Adds the file pcpupdate.ini"="11/24/2016 9:41 AM, 0 bytes, A Adds the file results.pcp"="11/24/2016 9:43 AM, 6844 bytes, A Adds the file TempHLList.pcp"="11/24/2016 9:41 AM, 6 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Super PC Cleanup\Partial Backups In the existing folder C:\Users\Public\Desktop Adds the file Super PC Cleanup.lnk"="11/24/2016 9:41 AM, 1093 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Super PC Cleanup"="11/24/2016 9:41 AM, 3146 bytes, A Adds the file Super PC Cleanup_DEFAULT"="11/24/2016 9:36 AM, 3252 bytes, A Adds the file Super PC Cleanup_UPDATES"="11/24/2016 9:36 AM, 3064 bytes, A In the existing folder C:\Windows\Tasks Adds the file Super PC Cleanup_DEFAULT.job"="11/24/2016 9:36 AM, 298 bytes, A Adds the file Super PC Cleanup_UPDATES.job"="11/24/2016 9:36 AM, 306 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Super PC Cleanup_DEFAULT.job"="REG_BINARY, ................................ "Super PC Cleanup_DEFAULT.job.fp"="REG_DWORD", 1877959763 "Super PC Cleanup_UPDATES.job"="REG_BINARY, ................................ "Super PC Cleanup_UPDATES.job.fp"="REG_DWORD", 1178598402 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "SUPPC"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Super PC Cleanup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe" "DisplayName"="REG_SZ", "Super PC Cleanup" "DisplayVersion"="REG_SZ", "1.8" "EstimatedSize"="REG_DWORD", 13947 "HelpLink"="REG_SZ", "http://www.superpccleanup.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Super PC Cleanup" "Inno Setup: Icon Group"="REG_SZ", "Super PC Cleanup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20161124" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Super PC Cleanup\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 8 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "http://www.superpccleanup.com/" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Super PC Cleanup\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Super PC Cleanup\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.superpccleanup.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Super\PC\cleanup\key\0] "(Default)"="REG_BINARY, ................................................................................................................................................................................................................................................................ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Super\PC\cleanup\key\3] "(Default)"="REG_BINARY, ................................................................................................................................................................................................................................................................ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Super\PC\cleanup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Super PC Cleanup] "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "PCPURL"="REG_SZ", "http://www.superpccleanup.com/buynow/?" "RENEWALURL"="REG_SZ", "http://www.superpccleanup.com/renewal/?" "ShowExitPage"="REG_DWORD", 0 "TELNO"="REG_SZ", "(855) 761-8856" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410 " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Super PC Cleanup\LANG] "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Super\PC\cleanup\key\0] "(Default)"="REG_BINARY, ................................................................................................................................................................................................................................................................ [HKEY_CURRENT_USER\Software\Super\PC\cleanup\key\3] "(Default)"="REG_BINARY, ................................................................................................................................................................................................................................................................ [HKEY_CURRENT_USER\Software\Super\PC\cleanup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\Super PC Cleanup] "1stInstalled_Time"="REG_SZ", "11/24/2016 9:36:04 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....+/. "ErrorCount"="REG_DWORD", 18 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "LastScanResultsForNag"="REG_DWORD", 3 "NumTimesPCPRunned"="REG_DWORD", 2 "RegErrFoundTillDate"="REG_DWORD", 36 "RegErrsFixedLast"="REG_DWORD", 15 "RegErrsFixedTillDate"="REG_DWORD", 15 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Thu. November 24, 2016. 09:43 AM" "StrLastScanResults"="REG_SZ", "18" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" "TrialType"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Super PC Cleanup\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Super PC Cleanup\SYSRES] "LastRestorePointTime"="REG_BINARY, .....-.. Malwarebytes Anti-Malware log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/24/2016 Scan Time: 9:54 AM Logfile: mbamSuperPCCleaner.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.24.03 Rootkit Database: v2016.11.20.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 302374 Time Elapsed: 8 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe, 2112, Delete-on-Reboot, [14ffedd7c3d75adcb692a43aeb1849b7] Modules: 2 PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\isxdl.dll, Delete-on-Reboot, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\xmllite.dll, Delete-on-Reboot, [14ffedd7c3d75adcb692a43aeb1849b7], Registry Keys: 7 PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6B592836-BC01-48CB-984F-C254285E78A2}, Delete-on-Reboot, [bf54d2f2e5b51323e06effdf38cb6898], PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D720090B-D465-4E31-BF37-CC7E51A5A3F2}, Delete-on-Reboot, [2ae93391ccce0135df6f5f7f22e117e9], PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E17C1573-0CA2-4C90-A70F-C878F0F7D3A9}, Delete-on-Reboot, [0a09ab196238cc6ab39b489623e02dd3], PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super PC Cleanup, Delete-on-Reboot, [a073368e54461a1c74d9f4ea5ba8ed13], PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super PC Cleanup_DEFAULT, Delete-on-Reboot, [db38863e15858fa77cd1e9f547bc3fc1], PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super PC Cleanup_UPDATES, Delete-on-Reboot, [898af6ce7f1b45f151fc7e600ff4f10f], PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Super PC Cleanup_is1, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], Registry Values: 3 PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6B592836-BC01-48CB-984F-C254285E78A2}|Path, \Super PC Cleanup_UPDATES, Delete-on-Reboot, [bf54d2f2e5b51323e06effdf38cb6898] PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D720090B-D465-4E31-BF37-CC7E51A5A3F2}|Path, \Super PC Cleanup_DEFAULT, Delete-on-Reboot, [2ae93391ccce0135df6f5f7f22e117e9] PUP.Optional.SuperPCCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E17C1573-0CA2-4C90-A70F-C878F0F7D3A9}|Path, \Super PC Cleanup, Delete-on-Reboot, [0a09ab196238cc6ab39b489623e02dd3] Registry Data: 0 (No malicious items detected) Folders: 4 PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup, Delete-on-Reboot, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super PC Cleanup, Quarantined, [5eb5299bbddd87af5bee09d5a45f748c], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup, Delete-on-Reboot, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\Partial Backups, Quarantined, [3bd84381277316200d3df1ed19ea6b95], Files: 70 PUP.Optional.SuperPCCleanup, C:\Users\{username}\Desktop\install.exe, Quarantined, [6aa94b797822ae88c085eaf4659e7888], PUP.Optional.SuperPCCleanup, C:\Users\Public\Desktop\Super PC Cleanup.lnk, Quarantined, [f71cdde72476cc6ae5625589aa598b75], PUP.Optional.SuperPCCleanup, C:\Windows\Tasks\Super PC Cleanup_DEFAULT.job, Quarantined, [af6402c25545bd79d07bbd214ab98878], PUP.Optional.SuperPCCleanup, C:\Windows\Tasks\Super PC Cleanup_UPDATES.job, Quarantined, [ab68e4e0603aee48a6a5b9253cc7867a], PUP.Optional.SuperPCCleanup, C:\Windows\System32\Tasks\Super PC Cleanup, Quarantined, [6ea58f35c0da270fa4a8a13da2612ed2], PUP.Optional.SuperPCCleanup, C:\Windows\System32\Tasks\Super PC Cleanup_DEFAULT, Quarantined, [40d3378da2f810260a42429cb94a7090], PUP.Optional.SuperPCCleanup, C:\Windows\System32\Tasks\Super PC Cleanup_UPDATES, Quarantined, [050e0eb66c2eb284f7551bc38b78f010], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Finnish_pcp_fi.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Chinese_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Chinese_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Danish_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Danish_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Dutch_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Dutch_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\eng_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\eng_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\FileList.pcp, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Japanese_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Japanese_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\korean_pcp_ko.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\korean_uninst_ko.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Norwegian_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Norwegian_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\polish_pcp_pl.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\polish_uninst_pl.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\portugese_pcp_pt.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\portugese_uninst_pt.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Portuguese_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Portuguese_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Finnish_uninst_fi.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\French_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\French_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\German_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\German_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\greek_pcp_el.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\greek_uninst_el.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\isxdl.dll, Delete-on-Reboot, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Italian_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Italian_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\RegList.pcp, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\russian_pcp_ru.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\russian_uninst_ru.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Spanish_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\spanish_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\SUPCCUns.exe, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\SuperPCCleanup.exe, Delete-on-Reboot, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Swedish_pcp.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\swedish_uninst.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\TraditionalCn_pcp_zh-tw.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\traditionalcn_uninst_zh-tw.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\turkish_pcp_tr.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\Turkish_uninst_tr.ini, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\unins000.dat, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\unins000.exe, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\unins000.msg, Quarantined, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\Program Files (x86)\Super PC Cleanup\xmllite.dll, Delete-on-Reboot, [14ffedd7c3d75adcb692a43aeb1849b7], PUP.Optional.SuperPCCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super PC Cleanup\Register Super PC Cleanup.lnk, Quarantined, [5eb5299bbddd87af5bee09d5a45f748c], PUP.Optional.SuperPCCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super PC Cleanup\Super PC Cleanup.lnk, Quarantined, [5eb5299bbddd87af5bee09d5a45f748c], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\backup0.bin, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\backup3.bin, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\backup6.bin, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\eng_pcp.dat, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\ExcludeList.pcp, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\ip.ini, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\log_11-24-2016.log, Delete-on-Reboot, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\pcpupdate.ini, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\results.pcp, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\TempHLList.pcp, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\Partial Backups\00000001.rmx, Quarantined, [3bd84381277316200d3df1ed19ea6b95], PUP.Optional.SuperPCCleanup, C:\Users\{username}\AppData\Roaming\Super PC Cleanup\Partial Backups\00000001.rxb, Quarantined, [3bd84381277316200d3df1ed19ea6b95], Physical Sectors: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.