Jump to content

Search the Community

Showing results for tags 'pup.optional.jawego'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 10 results

  1. What is Driver Tonic? Driver Tonic is a system optimizer that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog. How do I know if I am affected by Driver Tonic? This is how the main screen of the computer cleaner looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and this type of screens during operations: You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did Driver Tonic get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website. How do I remove Driver Tonic? Our program Malwarebytes can detect and remove this PUP. It is advisable to use the built-in uninstaller first for a more complete removal. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Driver Tonic? No, Malwarebytes removes Driver Tonic completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. What if I want to keep Driver Tonic? Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it. Open Malwarebytes for Windows. Click the Detection History Click the Allow List To add an item to the Allow List, click Add. Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep. Repeat this for any secondary files or folder(s) that belong to the software. If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you in dealing with this registry cleaner. As you can see below the full version of Malwarebytes would have warned you against the Driver Tonic installer. Technical details for experts You may see these entries in FRST logs: (DRIVER TONIC -> drivertonics.com) C:\Program Files\Driver Tonic\dtn.exe Task: {902B98EC-E803-4C12-829D-387A478E9045} - System32\Tasks\Driver Tonic_Logon => C:\Program Files\Driver Tonic\dtn.exe [3917384 2019-06-15] (DRIVER TONIC -> drivertonics.com) C:\Users\{username}\AppData\Roaming\PCTonics.com C:\ProgramData\PCTonics.com C:\Users\Public\Desktop\Driver Tonic.lnk C:\ProgramData\Desktop\Driver Tonic.lnk C:\Windows\system32\Tasks\Driver Tonic_Logon C:\Users\{username}\AppData\Roaming\drivertonics.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tonic C:\ProgramData\drivertonics.com C:\Program Files\Driver Tonic Driver Tonic (HKLM\...\{4C7CA6F1-4691-449D-B574-559726CDA825}_is1) (Version: 1.0.2.2 - drivertonics.com) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Driver Tonic Adds the file Application_icon.png"="9/11/2018 1:07 PM, 3459 bytes, A Adds the file Delimon.Win32.IO.dll"="6/15/2019 1:32 PM, 963656 bytes, A Adds the file dtn.exe"="6/15/2019 1:32 PM, 3917384 bytes, A Adds the file dtn.exe.config"="6/1/2019 4:42 PM, 3729 bytes, A Adds the file dtonic.ttf"="3/28/2019 4:15 PM, 44296 bytes, A Adds the file HtmlRenderer.dll"="6/15/2019 1:32 PM, 235080 bytes, A Adds the file HtmlRenderer.WPF.dll"="6/15/2019 1:32 PM, 61512 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="6/15/2019 1:32 PM, 62536 bytes, A Adds the file langs.db"="6/4/2019 8:00 PM, 1420288 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="6/15/2019 1:32 PM, 184392 bytes, A Adds the file Microsoft.WindowsAPICodePack.dll"="6/15/2019 1:32 PM, 111688 bytes, A Adds the file Microsoft.WindowsAPICodePack.Shell.dll"="6/15/2019 1:32 PM, 555592 bytes, A Adds the file Newtonsoft.Json.dll"="6/15/2019 1:32 PM, 474184 bytes, A Adds the file PresentationCore.dll"="6/15/2019 1:32 PM, 1426504 bytes, A Adds the file System.Data.SQLite.DLL"="6/15/2019 1:32 PM, 345160 bytes, A Adds the file System.Threading.dll"="9/11/2018 1:07 PM, 387408 bytes, A Adds the file TAFactory.IconPack.dll"="6/15/2019 1:32 PM, 50248 bytes, A Adds the file unins000.dat"="11/24/2020 9:12 AM, 70071 bytes, A Adds the file unins000.exe"="11/24/2020 9:12 AM, 1244744 bytes, A Adds the file unins000.msg"="11/24/2020 9:12 AM, 22715 bytes, A Adds the file WPFToolkit.dll"="9/11/2018 1:07 PM, 467288 bytes, A Adds the folder C:\Program Files\Driver Tonic\dp Adds the file 7z.dll"="6/15/2019 1:32 PM, 1087048 bytes, A Adds the file 7z.exe"="6/15/2019 1:32 PM, 278600 bytes, A Adds the file difxapi.dll"="9/11/2018 1:09 PM, 323464 bytes, A Adds the file difxapi64.dll"="9/11/2018 1:09 PM, 519048 bytes, A Adds the file DPInst32.exe"="6/15/2019 1:32 PM, 558664 bytes, A Adds the file DPInst64.exe"="6/15/2019 1:32 PM, 684104 bytes, A Adds the file DrvReposPath.exe"="6/15/2019 1:33 PM, 272456 bytes, A Adds the file DrvSignerVerifier.exe"="6/15/2019 1:33 PM, 280648 bytes, A Adds the folder C:\Program Files\Driver Tonic\websec Adds the file ICSharpCode.SharpZipLib.dll"="6/15/2019 1:32 PM, 205896 bytes, A Adds the file langs.db"="11/7/2017 11:09 AM, 65536 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="6/15/2019 1:32 PM, 184392 bytes, A Adds the file Newtonsoft.Json.dll"="6/15/2019 1:32 PM, 460872 bytes, A Adds the file System.Data.SQLite.DLL"="6/15/2019 1:32 PM, 345160 bytes, A Adds the file System.Data.SQLite.Linq.dll"="6/15/2019 1:32 PM, 209992 bytes, A Adds the file System.Threading.dll"="9/11/2018 1:07 PM, 387408 bytes, A Adds the file TAFactory.IconPack.dll"="6/15/2019 1:32 PM, 50248 bytes, A Adds the file WebExtNotifier.exe"="6/15/2019 1:32 PM, 1005128 bytes, A Adds the file WebExtNotifier.exe.config"="9/22/2017 5:16 PM, 1321 bytes, A Adds the folder C:\Program Files\Driver Tonic\websec\x64 Adds the file SQLite.Interop.dll"="6/15/2019 1:32 PM, 1493576 bytes, A Adds the folder C:\Program Files\Driver Tonic\websec\x86 Adds the file SQLite.Interop.dll"="6/15/2019 1:32 PM, 1060424 bytes, A Adds the folder C:\Program Files\Driver Tonic\x64 Adds the file SQLite.Interop.dll"="6/15/2019 1:32 PM, 1493576 bytes, A Adds the folder C:\Program Files\Driver Tonic\x86 Adds the file SQLite.Interop.dll"="6/15/2019 1:32 PM, 1060424 bytes, A Adds the folder C:\ProgramData\drivertonics.com\Driver Tonic Adds the file mdb.db"="2/20/2018 7:15 PM, 838656 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tonic Adds the file Buy Driver Tonic.lnk"="11/24/2020 9:12 AM, 837 bytes, A Adds the file Driver Tonic.lnk"="11/24/2020 9:12 AM, 827 bytes, A Adds the file Uninstall Driver Tonic.lnk"="11/24/2020 9:12 AM, 858 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\drivertonics.com\Ad-BlockerPro Adds the file langs.db"="11/7/2017 11:09 AM, 65536 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\drivertonics.com\Driver Tonic Adds the file bkp.xml"="11/24/2020 9:16 AM, 374 bytes, A Adds the file Errorlog.txt"="11/24/2020 9:19 AM, 96492 bytes, A Adds the file exlist.bin"="11/24/2020 9:12 AM, 275673 bytes, A Adds the file notifier.xml"="11/24/2020 9:13 AM, 428 bytes, A Adds the file res.bin"="11/24/2020 9:12 AM, 31256 bytes, A Adds the file Result.cb"="11/24/2020 9:19 AM, 38557 bytes, A Adds the file update.xml"="11/24/2020 9:12 AM, 1270 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\drivertonics.com\Driver Tonic\Backups Adds the file dtcbackup_24112020_091422.zip"="11/24/2020 9:16 AM, 18939532 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\drivertonics.com\Driver Tonic\DrvBackups Adds the folder C:\Users\{username}\AppData\Roaming\drivertonics.com\Driver Tonic\DrvDownload Adds the folder C:\Users\{username}\AppData\Roaming\drivertonics.com\Driver Tonic\icon Adds the file 091950.ico"="11/24/2020 9:19 AM, 62627 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Driver Tonic.lnk"="11/24/2020 9:19 AM, 1852 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Driver Tonic_Logon"="11/24/2020 9:12 AM, 3028 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\drivertonics.com\Driver Tonic] "affired"="REG_DWORD", 0 "afterInstallUrl"="REG_SZ", "https://ins.drivertonics.com/install/ndtn/?" "apst"="REG_DWORD", 0 "bdInst"="REG_DWORD", 0 "btnid"="REG_SZ", "" "cclst"="REG_SZ", "" "country"="REG_SZ", "" "cta"="REG_DWORD", 0 "delay"="REG_DWORD", 0 "expired"="REG_DWORD", 0 "hdata"="REG_BINARY, ................................................................ "hdinstpg"="REG_DWORD", 0 "hdunistpg"="REG_DWORD", 0 "InstallString"="REG_SZ", "C:\Program Files\Driver Tonic" "ipaddrurl"="REG_SZ", "http://ins.drivertonics.com/getip/" "isinstfont"="REG_DWORD", 1 "isSchedule"="REG_DWORD", 0 "issilent"="REG_DWORD", 0 "ISTELNO"="REG_DWORD", 0 "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "lstscnsett"="REG_BINARY, ............................................................. "nointernetdrvrslt"="REG_DWORD", 1 "ovoffdis"="REG_DWORD", 0 "paramurl"="REG_SZ", "http://trkr.drivertonics.com/ipfiles/" "playsound"="REG_DWORD", 0 "ppid"="REG_DWORD", 66 "ppinag"="REG_DWORD", 0 "prereg"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "https://store.drivertonics.com/dtn/plan/" "pxl"="REG_SZ", "wtsite" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "https://store.drivertonics.com/dtn/renewal/" "runcam"="REG_DWORD", 1 "runpixel"="REG_DWORD", 1 "runpub"="REG_DWORD", 1 "runsrc"="REG_DWORD", 1 "scntype"="REG_DWORD", 0 "showpriceplan"="REG_DWORD", 4 "showtn"="REG_DWORD", 0 "showunins"="REG_DWORD", 0 "showwfo"="REG_DWORD", 1 "shwtutrl"="REG_DWORD", 0 "stdismax"="REG_DWORD", -1 "supporturl"="REG_SZ", "http://www.drivertonics.com/support/" "tcfl"="REG_DWORD", 0 "TELNO"="REG_SZ", "" "utm_campaign"="REG_SZ", "site" "utm_medium"="REG_SZ", "default" "utm_source"="REG_SZ", "site" "vendorLogo"="REG_SZ", "common_logo.jpg" "WebURL"="REG_SZ", "http://www.drivertonics.com/" "wfoset"="REG_DWORD", 1 "x-at"="REG_SZ", "" "x-base"="REG_SZ", "" "x-ccode"="REG_SZ", "nl" "x-context"="REG_SZ", "" "x-datetime"="REG_SZ", "" "x-fetch"="REG_SZ", "0" "x-ip"="REG_SZ", "90_145_230_242" "x-plt"="REG_SZ", "" "x-uid"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\dtc-pr] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "phone"="REG_SZ", "" "referurl"="REG_SZ", "" "utm_medium"="REG_SZ", "default" "utm_pubid"="REG_SZ", "" "x-at"="REG_SZ", "" "x-base"="REG_SZ", "" "x-context"="REG_SZ", "" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C7CA6F1-4691-449D-B574-559726CDA825}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Driver Tonic\dtn.exe" "DisplayName"="REG_SZ", "Driver Tonic" "DisplayVersion"="REG_SZ", "1.0.2.2" "EstimatedSize"="REG_DWORD", 32233 "HelpLink"="REG_SZ", "http://www.drivertonics.com/support/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Driver Tonic" "Inno Setup: Icon Group"="REG_SZ", "Driver Tonic" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20201124" "InstallLocation"="REG_SZ", "C:\Program Files\Driver Tonic\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "drivertonics.com" "QuietUninstallString"="REG_SZ", ""C:\Program Files\Driver Tonic\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Driver Tonic\unins000.exe" /SILENT" "URLInfoAbout"="REG_SZ", "http://www.drivertonics.com/" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\ZHJpdmVydG9uaWNzLmNvbQ==\RHJpdmVyIFRvbmlj\ACT] "data"="REG_BINARY, .................................................................................... [HKEY_CURRENT_USER\Software\drivertonics.com\Driver Tonic] "InstallString"="REG_SZ", "C:\Program Files\Driver Tonic" "LangCode"="REG_SZ", "en" "pxl"="REG_SZ", "wtsite" "utm_campaign"="REG_SZ", "site" "utm_medium"="REG_SZ", "default" "utm_source"="REG_SZ", "site" "x-base"="REG_SZ", "" "x-datetime"="REG_SZ", "" "x-fetch"="REG_SZ", "0" "x-ip"="REG_SZ", "90_145_230_242" [HKEY_CURRENT_USER\Software\drivertonics.com\Driver Tonic\1.0.2.2] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/24/20 Scan Time: 9:31 AM Log File: 77a11992-2e2f-11eb-929f-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33340 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232095 Threats Detected: 37 Threats Quarantined: 36 Time Elapsed: 3 min, 8 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\DTN.EXE, Quarantined, 4474, 690348, , , , , 9913639A3353A14084B3EA5C4D04538A, 69ED4FA613890D9FA4FF0DB3F4B73EDBC9E2D5A5CD1B0A27FA340A2FDF70D6CC Module: 8 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Quarantined, 4474, 690348, , , , , 5BED8199F86CEAAC7E2C937D45533587, E3F25D36D20C1D243C7541382D6819BB42F587846955BF83A23278385D8DBB8A PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\DTN.EXE, Quarantined, 4474, 690348, , , , , 9913639A3353A14084B3EA5C4D04538A, 69ED4FA613890D9FA4FF0DB3F4B73EDBC9E2D5A5CD1B0A27FA340A2FDF70D6CC PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\SYSTEM.DATA.SQLITE.DLL, Quarantined, 4474, 833649, , , , , 4BABC3FACA305CE2718A463602FBF839, 91023DE7D13146ADD9E0F11E22F02933029BBE94B8BB6F361A9F979F49712524 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\INTEROP.IWSHRUNTIMELIBRARY.DLL, Quarantined, 4474, 690348, , , , , D0C36F2CE6E7052452CFA2A1B29CCE96, CF7A464EFC8FB2CAF7D293DBCE12E1639C0DA04CBC0390225E823FE2F3370C82 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\TAFACTORY.ICONPACK.DLL, Quarantined, 4474, 833649, , , , , 9A98FABEC41926888B1B5C47E8E9EB68, 7028205C645C7D2C58303E6C292B08B156B2A2FE8E7CD163392F40DE882685DD PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\X64\SQLITE.INTEROP.DLL, Quarantined, 4474, 833649, , , , , 6160A04F6E53D90D88148C888C58B348, 15C883254D3D77E056164C4D5355114EDA65CB58905060F50155388B12A00A47 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\HTMLRENDERER.WPF.DLL, Quarantined, 4474, 690348, , , , , 7C21BD745B22083BF366FB07FCBB1102, 384DB519F890F7148D39343FEB35729CE5777E396967D789D9620F2C127D675F PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\HTMLRENDERER.DLL, Quarantined, 4474, 690348, , , , , FF0086DFA77824F5746B84F0EBDC45AE, 8B062327764FF0178EFC1E13E456E89777EF70F18BF428AE5B9C79272D65A786 Registry Key: 8 PUP.Optional.DriverTonic, HKLM\SOFTWARE\drivertonics.com, Quarantined, 4474, 689703, 1.0.33340, , ame, , , PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Driver Tonic_Logon, Quarantined, 4474, 582490, , , , , , PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{902B98EC-E803-4C12-829D-387A478E9045}, Quarantined, 4474, 582490, , , , , , PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{902B98EC-E803-4C12-829D-387A478E9045}, Quarantined, 4474, 582490, , , , , , PUP.Optional.PCVARK, HKLM\SOFTWARE\ZHJpdmVydG9uaWNzLmNvbQ==, Quarantined, 530, 706567, 1.0.33340, , ame, , , PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4C7CA6F1-4691-449D-B574-559726CDA825}_IS1, Quarantined, 4474, 505864, 1.0.33340, , ame, , , PUP.Optional.DriverTonic, HKCU\SOFTWARE\drivertonics.com, Quarantined, 4474, 689704, 1.0.33340, , ame, , , PUP.Optional.Jawego, HKLM\SOFTWARE\DTC-PR, Quarantined, 709, 543113, 1.0.33340, , ame, , , Registry Value: 3 PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4C7CA6F1-4691-449D-B574-559726CDA825}_IS1|DISPLAYNAME, Quarantined, 4474, 505864, 1.0.33340, , ame, , , PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{902B98EC-E803-4C12-829D-387A478E9045}|PATH, Quarantined, 4474, 582488, 1.0.33340, , ame, , , PUP.Optional.Jawego, HKLM\SOFTWARE\DTC-PR|AFFILIATEID, Quarantined, 709, 543113, 1.0.33340, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.DriverTonic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER TONIC, Quarantined, 4474, 833648, 1.0.33340, , ame, , , PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC, Delete-on-Reboot, 4474, 833649, 1.0.33340, , ame, , , PUP.Optional.DriverTonic, C:\PROGRAMDATA\DRIVERTONICS.COM, Delete-on-Reboot, 4474, 833655, 1.0.33340, , ame, , , PUP.Optional.DriverTonic, C:\USERS\{username}\APPDATA\ROAMING\DRIVERTONICS.COM, Delete-on-Reboot, 4474, 833655, 1.0.33340, , ame, , , File: 12 PUP.Optional.DriverTonic, C:\USERS\PUBLIC\DESKTOP\DRIVER TONIC.LNK, Quarantined, 4474, 505861, 1.0.33340, , ame, , E9D2DB8DC2792356379EFEBFC346AD3F, B84C29A29B938C3D58A32C3A7ADE42FF8AB6664A97A3009F50CAF6018D442340 PUP.Optional.DriverTonic, C:\WINDOWS\SYSTEM32\TASKS\Driver Tonic_Logon, Quarantined, 4474, 582490, 1.0.33340, , ame, , A1004018D49CF3ED9B99BD720A3471BA, 8676031E4905C304D6E46BB3976867D73F5FD974A2EFBA0E1C9667BB41CB2517 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Delete-on-Reboot, 4474, 690348, 1.0.33340, , ame, , 5BED8199F86CEAAC7E2C937D45533587, E3F25D36D20C1D243C7541382D6819BB42F587846955BF83A23278385D8DBB8A PUP.Optional.DriverTonic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Driver Tonic.lnk, Removal Failed, 4474, 690348, , , , , E9D2DB8DC2792356379EFEBFC346AD3F, B84C29A29B938C3D58A32C3A7ADE42FF8AB6664A97A3009F50CAF6018D442340 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\DTN.EXE, Delete-on-Reboot, 4474, 690348, 1.0.33340, , ame, , 9913639A3353A14084B3EA5C4D04538A, 69ED4FA613890D9FA4FF0DB3F4B73EDBC9E2D5A5CD1B0A27FA340A2FDF70D6CC PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\SYSTEM.DATA.SQLITE.DLL, Delete-on-Reboot, 4474, 833649, 1.0.33340, , ame, , 4BABC3FACA305CE2718A463602FBF839, 91023DE7D13146ADD9E0F11E22F02933029BBE94B8BB6F361A9F979F49712524 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\INTEROP.IWSHRUNTIMELIBRARY.DLL, Delete-on-Reboot, 4474, 690348, 1.0.33340, , ame, , D0C36F2CE6E7052452CFA2A1B29CCE96, CF7A464EFC8FB2CAF7D293DBCE12E1639C0DA04CBC0390225E823FE2F3370C82 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\TAFACTORY.ICONPACK.DLL, Delete-on-Reboot, 4474, 833649, 1.0.33340, , ame, , 9A98FABEC41926888B1B5C47E8E9EB68, 7028205C645C7D2C58303E6C292B08B156B2A2FE8E7CD163392F40DE882685DD PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\X64\SQLITE.INTEROP.DLL, Delete-on-Reboot, 4474, 833649, 1.0.33340, , ame, , 6160A04F6E53D90D88148C888C58B348, 15C883254D3D77E056164C4D5355114EDA65CB58905060F50155388B12A00A47 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\HTMLRENDERER.WPF.DLL, Delete-on-Reboot, 4474, 690348, 1.0.33340, , ame, , 7C21BD745B22083BF366FB07FCBB1102, 384DB519F890F7148D39343FEB35729CE5777E396967D789D9620F2C127D675F PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC\HTMLRENDERER.DLL, Delete-on-Reboot, 4474, 690348, 1.0.33340, , ame, , FF0086DFA77824F5746B84F0EBDC45AE, 8B062327764FF0178EFC1E13E456E89777EF70F18BF428AE5B9C79272D65A786 PUP.Optional.DriverTonic, C:\USERS\{username}\DOWNLOADS\DRIVERTONIC.EXE, Quarantined, 4474, 690348, 1.0.33340, , ame, , 04BC872421E5762EC8BC898912BA1067, 2C21A020524D5561069A17B2679DD5DBDA90DCF48DA9B274A5E46A70E44EFAFF Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Secure Driver Updater?Secure Driver Updater is a driver updater that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.How do I know if I am affected by Secure Driver Updater?This is how the main screen of the driver updater looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this type of windows during install:and this type of screens during operations:You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did Secure Driver Updater get on my computer?These so-called driver updaters use different methods of getting installed. This particular one was installed by a bundler.How do I remove Secure Driver Updater?Our program Malwarebytes can detect and remove this PUP. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Secure Driver Updater? No, Malwarebytes removes Secure Driver Updater completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. What if I want to keep Secure Driver Updater?Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it. Open Malwarebytes for Windows. Click the Detection History Click the Allow List To add an item to the Allow List, click Add. Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep. Repeat this for any secondary files or folder(s) that belong to the software. If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you in dealing with this registry cleaner.As you can see below the full version of Malwarebytes would have warned you against the Secure Driver Updater installer. Technical details for expertsYou may see these entries in FRST logs: (Jawego Partners LLC -> Secure Driver Updater.) C:\Program Files (x86)\Secure Driver Updater\SDU.exe Task: {41434C76-7D03-4CFE-B6AE-DDB2C52450FA} - System32\Tasks\SecureDriverUpdaterRunAtStartup => C:\Program Files (x86)\Secure Driver Updater\SDU.exe [20982728 2018-11-05] (Jawego Partners LLC -> Secure Driver Updater.) Task: {583FFED4-2BF6-4C9D-88C1-70C7E7F2C731} - System32\Tasks\SecureDriverUpdater_UPDATES => C:\Program Files (x86)\Secure Driver Updater\SDU.exe [20982728 2018-11-05] (Jawego Partners LLC -> Secure Driver Updater.) Task: {741EE097-AEDA-439E-9D35-1D1CFACFEE19} - System32\Tasks\_UPDATES => C:\Users\{username}\Desktop\setup.exe [20079568 2020-10-29] (Secure Driver Updater.) [File not signed] Task: {E3A51A71-A695-40E7-8C20-C52A563F9F24} - System32\Tasks\SecureDriverUpdater_DEFAULT => C:\Program Files (x86)\Secure Driver Updater\SDU.exe [20982728 2018-11-05] (Jawego Partners LLC -> Secure Driver Updater.) Task: C:\Windows\Tasks\SecureDriverUpdater_DEFAULT.job => C:\Program Files (x86)\Secure Driver Updater\SDU.exe Task: C:\Windows\Tasks\SecureDriverUpdater_UPDATES.job => C:\Program Files (x86)\Secure Driver Updater\SDU.exe Task: C:\Windows\Tasks\_UPDATES.job => C:\Users\{username}\Desktop\setup.exe C:\Windows\system32\Tasks\SecureDriverUpdater_DEFAULT C:\Windows\system32\Tasks\SecureDriverUpdaterRunAtStartup C:\Windows\system32\Tasks\SecureDriverUpdater_UPDATES C:\Users\Public\Desktop\Secure Driver Updater.lnk C:\ProgramData\Desktop\Secure Driver Updater.lnk C:\Windows\Tasks\SecureDriverUpdater_UPDATES.job C:\Windows\Tasks\SecureDriverUpdater_DEFAULT.job C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Driver Updater C:\Program Files (x86)\Secure Driver Updater C:\Users\{username}\AppData\Roaming\sdu Secure Driver Updater (HKLM-x32\...\Secure Driver Updater_is1) (Version: 2.18.1086.17687 - Secure Driver Updater) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Secure Driver Updater Adds the file Chinese_sdu.ini"="11/29/2017 6:05 PM, 83102 bytes, A Adds the file Chinese_uninst.ini"="11/29/2017 6:17 PM, 2822 bytes, A Adds the file difxapi.dll"="11/29/2017 6:17 PM, 323464 bytes, A Adds the file difxapi64.dll"="11/29/2017 6:17 PM, 519048 bytes, A Adds the file DSTPJb4u.exe"="11/5/2018 11:18 AM, 574920 bytes, A Adds the file install_left_image.bmp"="11/29/2017 6:17 PM, 156296 bytes, A Adds the file isxdl.dll"="11/5/2018 11:18 AM, 156616 bytes, A Adds the file SDU.exe"="11/5/2018 11:18 AM, 20982728 bytes, A Adds the file traditionalcn_uninst_zh-tw.ini"="11/29/2017 6:17 PM, 2830 bytes, A Adds the file unins000.dat"="10/29/2020 9:08 AM, 72507 bytes, A Adds the file unins000.exe"="10/29/2020 9:07 AM, 1196488 bytes, A Adds the file unins000.msg"="10/29/2020 9:08 AM, 22357 bytes, A Adds the file unrar.dll"="11/29/2017 6:17 PM, 168448 bytes, A Adds the file webbrowser.exe"="11/5/2018 11:18 AM, 13768 bytes, A Adds the folder C:\Program Files (x86)\Secure Driver Updater\updater\amd64Helper Adds the file difxapi.dll"="11/29/2017 6:17 PM, 519048 bytes, A Adds the file DriverUpdateHelper64.exe"="11/5/2018 11:18 AM, 318920 bytes, A Adds the file DriverUpdateHelper64.manifest"="11/29/2017 6:17 PM, 689 bytes, A Adds the folder C:\Program Files (x86)\Secure Driver Updater\updater\extract Adds the file 7z.dll"="11/5/2018 11:18 AM, 732104 bytes, A Adds the file 7z.exe"="11/5/2018 11:18 AM, 156104 bytes, A Adds the file copying.txt"="11/29/2017 6:17 PM, 26948 bytes, A Adds the file History.txt"="11/29/2017 6:17 PM, 29037 bytes, A Adds the file license.txt"="11/29/2017 6:17 PM, 2049 bytes, A Adds the file readme.txt"="11/29/2017 6:17 PM, 1616 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Driver Updater Adds the file Register Secure Driver Updater.lnk"="10/29/2020 9:08 AM, 1111 bytes, A Adds the file Secure Driver Updater.lnk"="10/29/2020 9:08 AM, 1085 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\sdu\secure driver updater Alters the file Download.dat 10/29/2020 9:03 AM, 6 bytes, A ==> 10/29/2020 9:08 AM, 6 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Secure Driver Updater.lnk"="10/29/2020 9:08 AM, 1067 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file SecureDriverUpdater_DEFAULT"="10/29/2020 9:08 AM, 3240 bytes, A Adds the file SecureDriverUpdater_UPDATES"="10/29/2020 9:08 AM, 3052 bytes, A Adds the file SecureDriverUpdaterRunAtStartup"="10/29/2020 9:08 AM, 3178 bytes, A In the existing folder C:\Windows\Tasks Adds the file SecureDriverUpdater_DEFAULT.job"="10/29/2020 9:08 AM, 286 bytes, A Adds the file SecureDriverUpdater_UPDATES.job"="10/29/2020 9:08 AM, 294 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "SecureDriverUpdater_DEFAULT.job"="REG_BINARY, ................................ "SecureDriverUpdater_DEFAULT.job.fp"="REG_DWORD", 421974825 "SecureDriverUpdater_UPDATES.job"="REG_BINARY, ................................ "SecureDriverUpdater_UPDATES.job.fp"="REG_DWORD", -161952463 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\jawego\Params] "SDU"="REG_DWORD", 1 "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "p9sdusite" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Secure Driver Updater_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Secure Driver Updater\SDU.exe" "DisplayName"="REG_SZ", "Secure Driver Updater" "DisplayVersion"="REG_SZ", "2.18.1086.17687" "EstimatedSize"="REG_DWORD", 27267 "HelpLink"="REG_SZ", "http://www.securedriverupdater.com/support/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Secure Driver Updater" "Inno Setup: Icon Group"="REG_SZ", "Secure Driver Updater" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.1 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20201029" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Secure Driver Updater\" "MajorVersion"="REG_DWORD", 2 "MinorVersion"="REG_DWORD", 18 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Secure Driver Updater" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Secure Driver Updater\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Secure Driver Updater\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.securedriverupdater.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\sdu] "MachineID"="REG_BINARY, (zero length data) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\sdu\securedriverupdater] "affiliateid"="REG_SZ", "" "AppVersion REG_SZ, "2.7.1086.17319" ==> REG_SZ, "2.18.1086.17687" "bIsUpdateBuild"="REG_DWORD", 0 "BUILD_FOR"="REG_SZ", "sdu" "BuyNowURL"="REG_SZ", "http://securedriverupdater.com/buynow?utm_prd=" "dwIsPCHelpOnlineBuild"="REG_DWORD", 0 "dwIsSilentBuildForRC_P"="REG_DWORD", 0 "InstalledPath REG_SZ, "" ==> REG_SZ, "C:\Program Files (x86)\Secure Driver Updater" "IsPbEnabled"="REG_DWORD", 0 "IsTelNoEnabled"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 50 "nAppendParamsFromReg"="REG_DWORD", 1 "RenewNowURL"="REG_SZ", "http://securedriverupdater.com/renewal?utm_prd=" "support_email"="REG_SZ", "support@securedriverupdater.com" "TELNO"="REG_SZ", "(844) 944-0918" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410 " "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "p9sdusite" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\sdu\securedriverupdater\LANG] "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\jawego\params] "SDU"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\sdu] "MachineID"="REG_BINARY, (zero length data) [HKEY_CURRENT_USER\Software\sdu\securedriverupdater] "InstalledPath REG_SZ, "" ==> REG_SZ, "C:\Program Files (x86)\Secure Driver Updater" "NumTimesRCPRunned REG_DWORD, 1 ==> REG_DWORD, 2 "SetChkPeriodicUpDate"="REG_DWORD", 1 "StartAutoScanOnLaunch"="REG_DWORD", 0 "StartAutoTutorial"="REG_DWORD", 1 "TrialType"="REG_DWORD", 0 "utm_installdate"="REG_BINARY, ........ [HKEY_CURRENT_USER\Software\sdu\securedriverupdater\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/29/20 Scan Time: 9:22 AM Log File: d8b18d40-19bf-11eb-8e93-080027235d76.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1070 Update Package Version: 1.0.32200 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232015 Threats Detected: 105 Threats Quarantined: 104 Time Elapsed: 3 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\SDU.exe, Quarantined, 701, 547467, , , , , 2E3073047824C1894CEBBB5FB3C61731, 80808BF9BA8DB7DB2BD78499646BE98CBB278A7533FB70CE588DF649F63B1A20 Module: 2 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\isxdl.dll, Quarantined, 701, 547467, , , , , 0AD63669F4777B6E8EF55C3C43F2D8C2, 6F9226734A3E90247727EB28C75B43F995F01881D47E1150BE54EE634B707C91 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\SDU.exe, Quarantined, 701, 547467, , , , , 2E3073047824C1894CEBBB5FB3C61731, 80808BF9BA8DB7DB2BD78499646BE98CBB278A7533FB70CE588DF649F63B1A20 Registry Key: 17 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\SDU\securedriverupdater, Quarantined, 701, 547464, 1.0.32200, , ame, , , PUP.Optional.Jawego, HKCU\SOFTWARE\jawego, Quarantined, 701, 351909, 1.0.32200, , ame, , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41434C76-7D03-4CFE-B6AE-DDB2C52450FA}, Quarantined, 701, 547460, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{41434C76-7D03-4CFE-B6AE-DDB2C52450FA}, Quarantined, 701, 547460, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SecureDriverUpdaterRunAtStartup, Quarantined, 701, 547460, 1.0.32200, , ame, , , PUP.Optional.Jawego, HKCU\SOFTWARE\SDU\securedriverupdater, Quarantined, 701, 547463, 1.0.32200, , ame, , , Adware.Jawego, HKLM\SOFTWARE\WOW6432NODE\jawego, Quarantined, 6943, 383598, 1.0.32200, , ame, , , PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Secure Driver Updater_is1, Quarantined, 701, 547467, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SecureDriverUpdater_DEFAULT, Quarantined, 701, 547468, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E3A51A71-A695-40E7-8C20-C52A563F9F24}, Quarantined, 701, 547468, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E3A51A71-A695-40E7-8C20-C52A563F9F24}, Quarantined, 701, 547468, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SecureDriverUpdater_UPDATES, Quarantined, 701, 547468, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{583FFED4-2BF6-4C9D-88C1-70C7E7F2C731}, Quarantined, 701, 547468, , , , , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{583FFED4-2BF6-4C9D-88C1-70C7E7F2C731}, Quarantined, 701, 547468, , , , , , PUP.Optional.SecureDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\_UPDATES, Quarantined, 4285, 863140, , , , , , PUP.Optional.SecureDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{741EE097-AEDA-439E-9D35-1D1CFACFEE19}, Quarantined, 4285, 863140, , , , , , PUP.Optional.SecureDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{741EE097-AEDA-439E-9D35-1D1CFACFEE19}, Quarantined, 4285, 863140, , , , , , Registry Value: 3 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41434C76-7D03-4CFE-B6AE-DDB2C52450FA}|PATH, Quarantined, 701, 547461, 1.0.32200, , ame, , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{583FFED4-2BF6-4C9D-88C1-70C7E7F2C731}|PATH, Quarantined, 701, 547461, 1.0.32200, , ame, , , PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E3A51A71-A695-40E7-8C20-C52A563F9F24}|PATH, Quarantined, 701, 547461, 1.0.32200, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\extract, Quarantined, 701, 547467, , , , , , PUP.Optional.Jawego, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SECURE DRIVER UPDATER, Quarantined, 701, 547459, 1.0.32200, , ame, , , PUP.Optional.SecureDriverUpdater, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater\Download, Quarantined, 4285, 863143, , , , , , PUP.Optional.SecureDriverUpdater, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater\Backup, Quarantined, 4285, 863143, , , , , , PUP.Optional.SecureDriverUpdater, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater, Delete-on-Reboot, 4285, 863143, , , , , , PUP.Optional.SecureDriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\SDU, Delete-on-Reboot, 4285, 863143, 1.0.32200, , ame, , , PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater\Download, Quarantined, 701, 547458, , , , , , PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater\Backup, Quarantined, 701, 547458, , , , , , PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater, Delete-on-Reboot, 701, 547458, , , , , , PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SDU, Delete-on-Reboot, 701, 547458, 1.0.32200, , ame, , , File: 69 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\SECURE DRIVER UPDATER.LNK, Quarantined, 701, 547462, 1.0.32200, , ame, , 414CDC1D21427635BD992A43C4CA6F08, 4A944AFBF4F007F4D4F68D75811BF566D2E18D5C4368F32D471C4ED7CCAA9ED4 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\SECUREDRIVERUPDATERRUNATSTARTUP, Quarantined, 701, 547460, , , , , 58003E0BC23D791AB8F007D303EA05C5, 34A1AD28F1074C40E6D9BA9CF9B287CCF3BA05CAEFDD2A6BF032075EBAA0A778 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\SECURE DRIVER UPDATER\UNINS000.DAT, Quarantined, 701, 547467, 1.0.32200, , ame, , FB41BBA3664BFA59B582EF8A19A8D220, EC14F69999967797A9693EEE4EEFAD5CBEDFDFE4945E558C9D96C94E6154C3B2 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe, Quarantined, 701, 547467, , , , , 13CEFA99C40519B4BC7B7FE0653BCBB7, 00FE15D20C152CB540FB8E866F52A9890251CEE393E7202732D212D1E42689ED PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\amd64Helper\DriverUpdateHelper64.manifest, Quarantined, 701, 547467, , , , , 28007BD0D4FF1515DFEE669B8AB248A7, 4E8F1E5BF2B16EBF0678A07FAEB85526AF31E3553BF9F14816E030AB28AC74A9 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\extract\7z.dll, Quarantined, 701, 547467, , , , , 2A676555B375CE13AF3CB072913EB5F4, 9D4FEE0188C4E5ABD73D351110060CAF66942E3FEB0C016CDBC89AEDC35E3E57 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\extract\7z.exe, Quarantined, 701, 547467, , , , , 3061AB3FC2B55C4C3EE4823A22BADACE, E93D96D9F5480B38BEEFB2C90A3260D2EDF32B85C96AE106E95016E2D1A1DA95 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\extract\copying.txt, Quarantined, 701, 547467, , , , , 99F3B5B60D488B7F1A56E14BD13C76FE, 2C3C3EF532828BCD42BB3127349625A25291FF5AE7E6F8D42E0FE9B5BE836A99 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\extract\History.txt, Quarantined, 701, 547467, , , , , 7E2B3E23DAA35A507F8E5F08E7B504FB, B0FABBBF9D7D7F5FA324D2C78CE7AAE5D2002183ECD796ED08FA29EE5AA30BB6 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\extract\license.txt, Quarantined, 701, 547467, , , , , 645A3070F7A0AFFFFC6CADCA80ACED43, 4204247B4FED5DEF70D5583D1C1012FB783E1C56621DCD25C0CA226052A5E393 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\updater\extract\readme.txt, Quarantined, 701, 547467, , , , , 804FE613A156F65D632A4B592011E718, 8DCFCC2D76C91E112D50F55A0C041BB47EC8100CF90864F446B0D7022BBA5FB8 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Chinese_sdu.ini, Quarantined, 701, 547467, , , , , FC8823652C4B7E44F3E6C3B32E1F35D2, 643B238AF83F65DF09BDD61BD636230AA02C7210E3D8AD25DCA35F5A5354D7E8 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Chinese_uninst.ini, Quarantined, 701, 547467, , , , , AD9F12C8B3848219F8707EAFCAF91229, 7197C3C22947AF54C5374A730001752936C7161F64FA9EC00F436B1533D3D561 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Danish_sdu.ini, Quarantined, 701, 547467, , , , , ABDCABB84C1E8567DD214535FB961A6A, 4B901587BE03241F79F2CF50ECFBC33D6DAB9FD54CDD3956FA4B8775727E2A0C PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Danish_uninst.ini, Quarantined, 701, 547467, , , , , 4F546B0451161F76C35B0804043A03AE, 86556B87FA2C3172A1DEFE1A24E3AAA85CD320D8886CE829C28B74BC1B322D45 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\DSTPJb4u.exe, Quarantined, 701, 547467, , , , , 7BB147048C18372840757DF2125C8DF9, 89970E62C6909A020B464B1C6CB1616DCC7F3C0E0A414E0CBFB24E1056DFC307 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Dutch_sdu.ini, Quarantined, 701, 547467, , , , , 99DECD1DF45F9ED60DB5E1340078F413, 50AC5204901BE0379378814276916A1F7F7F31E2AC469FEC3E0658493E6755C1 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Dutch_uninst.ini, Quarantined, 701, 547467, , , , , 7CD0C4D71ADA687BD3379F0E107CA04C, 889741770F302DE8E1433FC412569FC2A6BAF4CB1B6E6B517CE099520FFBF6EB PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\eng_sdu.ini, Quarantined, 701, 547467, , , , , 572845B9F12BDD1429D08ABD2B3BBE18, BA3EC1D9D7DBC2D97247823104BA5D7E83FEA7B717055F58BF11AD829B4DCF98 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\eng_uninst.ini, Quarantined, 701, 547467, , , , , 0DFA4B79A6F120D64F738D573D6022BE, 106ED3E3A96728D900A876413C47D686D4A8B07F8E92677A5816878851395D0D PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Finnish_sdu_fi.ini, Quarantined, 701, 547467, , , , , D23A5D0F2F28A9E0B7017579316E4641, EF603E60F4AC04DCF8CA3220C157677E2DD9ABCC715037970D1EC765E40FA532 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Finnish_uninst_fi.ini, Quarantined, 701, 547467, , , , , 884E1F820E48DE5012532CA4C4C20E0A, AD314ED787E1E4A51380799D6D0C7377DDAC09A3D236F9DEB5C5B69D9F4D39B4 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\French_sdu.ini, Quarantined, 701, 547467, , , , , 1EA41C449EA505CA700A9954B8417828, B1E64F270CECA50957969E43D752FD36FEDC393329CDB036F21B2954D0C01B56 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\French_uninst.ini, Quarantined, 701, 547467, , , , , 27A7B72D52AB3D02BDBADD3FBC8EACA5, C73B365821DB81EE6FBEE3B9F5EF6236CBDB82531F1093EC79A223185D372C2C PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\German_sdu.ini, Quarantined, 701, 547467, , , , , 17AF9DBA09D1D5B7FECF26D0507F5054, DAA03AE5EEDF6DA8B1EE36D78EAD991E795405AE1797DE58144768E7256E2364 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\German_uninst.ini, Quarantined, 701, 547467, , , , , F805AB0C299FB186FDCEBC8FE4107BA0, 68D4E175F50B29B3D9DCD533D174D3F8734D5FA5821348AED77AD6FD9B2FD9A3 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\greek_uninst_el.ini, Quarantined, 701, 547467, , , , , FBE6BC0BFA978FCA0C1BAD04D4C1313F, 58E04C61C73F7C478D47652D204C249C117D57561EB15C9017632961CDF27645 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\install_left_image.bmp, Quarantined, 701, 547467, , , , , A4B22BEE67267730F9EE709E164ADBBA, 95C4D783AF086B0820F8038A1870C6A3451E0BB367774B4936EC880BDC3C2187 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\isxdl.dll, Delete-on-Reboot, 701, 547467, , , , , 0AD63669F4777B6E8EF55C3C43F2D8C2, 6F9226734A3E90247727EB28C75B43F995F01881D47E1150BE54EE634B707C91 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Italian_sdu.ini, Quarantined, 701, 547467, , , , , CE041052E6F3D73819556152B2BE8CB3, D37DFCDCE34C00114A19B4F16DE0F03A789A6677D45C598E57266E425C48D5D0 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Italian_uninst.ini, Quarantined, 701, 547467, , , , , 33668B049D3380F8AF18F08FFD7F99F0, 7F2886517E5DBB567372D2E0F19ED15B58AB593F32B1678AB43FD82C09D08059 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Japanese_sdu.ini, Quarantined, 701, 547467, , , , , 48746AE06C2DCB79C4B6FC1ED0FDFCFC, 7DF4A498DB65AEE65352B12FD68071E2065A6836ACD57A52E5B3FF07E5A4D431 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Japanese_uninst.ini, Quarantined, 701, 547467, , , , , 1A61ADB247056B23BBD34FD9D5F2DE0F, C7C815ADCA94130735BD5B227E12B0B9E8DDC92EFA0D1B1BAC3E2F0AAD954851 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\korean_uninst_ko.ini, Quarantined, 701, 547467, , , , , 19286C5610F8276B1E89C5617FCFBE70, 7435FE3EFBF0E4FE2C2CECFF82221698DD8C205DF00B61573881307987A0881E PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Norwegian_sdu.ini, Quarantined, 701, 547467, , , , , 84583F860DD5A801A77329514A0D9FD5, DFEF5DB35A8DF30954417018BD030A53DF31A0E0E38A71AC9875E11A0725609F PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Norwegian_uninst.ini, Quarantined, 701, 547467, , , , , 20952F92AE1C9FFDFD39D67667994052, 7F623169818F4E0D8D204627DBF49F2B792EE02668C1778656505C6F5145C875 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\polish_uninst_pl.ini, Quarantined, 701, 547467, , , , , 232EB673CE229F04FAB2E2D1ECFE3CA4, 27DB5C8F76A6C801273C52CD46FB059697B1F414E03F941732B04D963C5C071E PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\portugese_uninst_pt.ini, Quarantined, 701, 547467, , , , , 78E8DA43F1CD9768478DF66528761B88, E4A9305898FC4D4B6924D13B5C26BBD68C1A936A0C151C25487E9AA8901AB152 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Portuguese_sdu.ini, Quarantined, 701, 547467, , , , , A0F38C9B765F0EAFCA3F7628C4861FEA, BA3D41C1A01D3D3BB7FB6819F4282F988AC45B92B79FB4DE23B7DF15524DF3F6 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Portuguese_uninst.ini, Quarantined, 701, 547467, , , , , 93C555675CB570FE4545D083A01C7440, 45C95E16FDB0E53BA702E47AAA6F5F373981DF0DC0CD00419D81516476EEB9C2 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\russian_sdu_ru.ini, Quarantined, 701, 547467, , , , , C26392ACD790348CB7A58AB238A56E5B, 748249E0E7F0C9092D576FC110D8F0A1E03980E06ABA3E8E3E8FFA40307E5270 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\russian_uninst_ru.ini, Quarantined, 701, 547467, , , , , 818BAC9675F64010E84D8BA990BF4926, 3EC1F0DAF75C409DBA507A7E62DFB0BB9EBB2237ECCA623EFC3928634E24969A PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\SDU.exe, Delete-on-Reboot, 701, 547467, , , , , 2E3073047824C1894CEBBB5FB3C61731, 80808BF9BA8DB7DB2BD78499646BE98CBB278A7533FB70CE588DF649F63B1A20 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Spanish_sdu.ini, Quarantined, 701, 547467, , , , , D4212ECDD8AD8B5825D869142D95705D, D835EFA6FB5F8554A59A97B36FB16765B4B7EF5A50FB5A57A523C02035285E4A PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\spanish_uninst.ini, Quarantined, 701, 547467, , , , , 0FD97A2DCB283AC547F80C8D2D5FB519, 6DFE33785B2FCEA4E924A02F4A4E848001CF003FE97291B417194FF27AB7DFB5 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Swedish_sdu.ini, Quarantined, 701, 547467, , , , , 1E8DD533EEB1A4ED5AEA583500FCB601, 90A9CB501401FA09C5A045E2CE35022864DA171B0AE4DA4831FED38BFC8C3FA9 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\swedish_uninst.ini, Quarantined, 701, 547467, , , , , F9AE7E97F2470B117E0221CD686C1DED, A9F85AB7ECE450BE08682301B14B0E5A85A442B5989EB2BB9E85783CF5D2EAF3 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\traditionalcn_uninst_zh-tw.ini, Quarantined, 701, 547467, , , , , C54502B91464F6E1399EDCB5FACD3CDC, 5628F8E6B82AB5569AA1A78A938ABC39A5311A78643B4C81538A2DF5D90DC4EB PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\Turkish_uninst_tr.ini, Quarantined, 701, 547467, , , , , D64D462D0E8132004709CF04D30634C6, 48C31D57D6DDD5D25ECA7E916C10F76F23605E87370B9F6E0D745B93FEC65059 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\unins000.exe, Quarantined, 701, 547467, , , , , BDC3953C28F745E95721A8A97E5C5EFE, FA5F73079854F64CAAD6780F893B4905DAB38E947B7A63EEFB7275231CCCD7E3 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\unins000.msg, Quarantined, 701, 547467, , , , , 7F657E3EF204089F52475BEFACAFC919, 9201AF93229D2FFEE29F6787EC44F9C8E63AC5A362B3D56C85D50AA291519441 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\unrar.dll, Quarantined, 701, 547467, , , , , 92040A0F7F7D7A3F1E12D8BB064CB3B2, 7344BD44E4433A8F3034519F2B5745C0CED5B614C5C28BDC88CDC9ACBBAEF2C3 PUP.Optional.Jawego, C:\Program Files (x86)\Secure Driver Updater\webbrowser.exe, Quarantined, 701, 547467, , , , , E932A3499BF8EBBC83240FA3DEEA168F, 1A603738A13F46E51CBDB931815F6089C351DA1A818A0A553B359C521E4C1192 PUP.Optional.Jawego, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Secure Driver Updater.lnk, Removal Failed, 701, 547467, , , , , 414CDC1D21427635BD992A43C4CA6F08, 4A944AFBF4F007F4D4F68D75811BF566D2E18D5C4368F32D471C4ED7CCAA9ED4 PUP.Optional.Jawego, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SECURE DRIVER UPDATER\SECURE DRIVER UPDATER.LNK, Quarantined, 701, 547459, 1.0.32200, , ame, , 5C56EED2F36A76700A55E0BF6F1CA6AD, 48CD9A81AD88BF95B292FEA271EDD8980FC6FC5310F69F2D6D381029E94C5879 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Driver Updater\Register Secure Driver Updater.lnk, Quarantined, 701, 547459, , , , , 47FBBCD0D417B7B52DFAB130D16E984F, 656099BAEC9FBA5BA4E76FF4969B6AD82F51D9BFB5DF2A1DB0B7789A151777AC PUP.Optional.Jawego, C:\WINDOWS\TASKS\SecureDriverUpdater_DEFAULT.job, Quarantined, 701, 547468, , , , , D408CFCDF8249E6D883AFC0479CD1FCA, 27161E7FAC30B4BEB87CEDDC9EBB49240ECCC3EF5DE78BC0B0DCE858182358A2 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\SecureDriverUpdater_DEFAULT, Quarantined, 701, 547468, 1.0.32200, , ame, , B05217E651149233FD25BD0F41725B6C, D43948AEB77FC9FA09582E74FF14AE0CC3A5EF3B4FA805D1547D6270D7EDD14C PUP.Optional.Jawego, C:\WINDOWS\TASKS\SecureDriverUpdater_UPDATES.job, Quarantined, 701, 547468, , , , , 08EF2187F9388B243C1673C413C4F080, 0616752B4AF71B778514E296E4A226EAF02888FE3FE9C966FFCF3393CF4C360B PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\SecureDriverUpdater_UPDATES, Quarantined, 701, 547468, 1.0.32200, , ame, , 92433EDB30323CE4F9E306F8C9FE64BD, F7C67BE473DE2373C90B9C13AC2C88772E4AA39CCC3E87D3072A55B186AC4056 PUP.Optional.SecureDriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\SDU\SECURE DRIVER UPDATER\Download.dat, Quarantined, 4285, 863143, 1.0.32200, , ame, , 7319468847D7B1AEE40DBF5DD963C999, B0F66ADC83641586656866813FD9DD0B8EBB63796075661BA45D1AA8089E1D44 PUP.Optional.SecureDriverUpdater, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater\log_10-29-2020.log, Delete-on-Reboot, 4285, 863143, , , , , 864131C731A1514A6729AA20853C8CF6, 747B0C19399EBF782C054DBA02C5CB5B95CB3485EF30E54036F8090C04C0E468 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SDU\SECURE DRIVER UPDATER\ininotfound0.ini, Quarantined, 701, 547458, 1.0.32200, , ame, , 746DF414F527CF06E9C65F305BEF2191, 08B3686714B9FF32FA20EA1CB47D74085721BB66E1F3FF2DEEFA05D0B3BC75FD PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SDU\SECURE DRIVER UPDATER\log_10-29-2020.log, Delete-on-Reboot, 701, 547458, 1.0.32200, , ame, , 864131C731A1514A6729AA20853C8CF6, 747B0C19399EBF782C054DBA02C5CB5B95CB3485EF30E54036F8090C04C0E468 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater\Download.dat, Quarantined, 701, 547458, , , , , 7319468847D7B1AEE40DBF5DD963C999, B0F66ADC83641586656866813FD9DD0B8EBB63796075661BA45D1AA8089E1D44 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\sdu\secure driver updater\ininotfound0.ini, Quarantined, 701, 547458, , , , , 746DF414F527CF06E9C65F305BEF2191, 08B3686714B9FF32FA20EA1CB47D74085721BB66E1F3FF2DEEFA05D0B3BC75FD PUP.Optional.SecureDriverUpdater, C:\WINDOWS\TASKS\_UPDATES.job, Quarantined, 4285, 863140, , , , , 0D058ABA303B777468B3934041D4A1C0, E52ED825B162FE3B45B7033DC2769CEB3F5519ED3F6FD59A578555BE9851E6C4 PUP.Optional.SecureDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\_UPDATES, Quarantined, 4285, 863140, , , , , F5AB6FCC88EF634D52F372DC7599B279, 96B0B66274749052844E64A3DFAC3041F17EC0A61CA5129176DFA20DE61A5C4F PUP.Optional.Jawego, C:\USERS\{username}\DOWNLOADS\SECUREDRIVERUPDATER.EXE, Quarantined, 701, 520035, 1.0.32200, , ame, , ED5532A7719670FD3E3D050E54A0F7CA, 3E6FD6EAADA9082C42D4B9443781215342966A77858435C132976F41077174F9 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Driver Tonic?The Malwarebytes research team has determined that Driver Tonic is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Driver Tonic?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and these screens during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did Driver Tonic get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Driver Tonic?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Driver Tonic? No, Malwarebytes removes Driver Tonic completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Driver Tonic installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (PC Tonics Inc -> pctonics.com) C:\Program Files\Driver Tonic\dtn.exe C:\Users\Public\Desktop\Driver Tonic.lnk C:\Windows\System32\Tasks\Driver Tonic_Logon C:\Users\{username}\AppData\Roaming\pctonics.com C:\ProgramData\pctonics.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tonic C:\Program Files\Driver Tonic Driver Tonic (HKLM\...\{4C7CA6F1-4691-449D-B574-559726CDA825}_is1) (Version: 1.0.1.6 - pctonics.com) Task: {A25E30FE-1291-4529-82C2-AA4D55A8CADF} - System32\Tasks\Driver Tonic_Logon => C:\Program Files\Driver Tonic\dtn.exe (PC Tonics Inc -> pctonics.com) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Driver Tonic Adds the file Application_icon.png"="9/11/2018 12:07 PM, 3459 bytes, A Adds the file Delimon.Win32.IO.dll"="1/22/2019 12:07 PM, 961472 bytes, A Adds the file dtn.exe"="1/22/2019 12:08 PM, 4669888 bytes, A Adds the file dtn.exe.config"="1/22/2019 11:00 AM, 3896 bytes, A Adds the file dtonic.ttf"="12/11/2018 1:47 PM, 50192 bytes, A Adds the file HtmlRenderer.dll"="1/22/2019 12:06 PM, 232896 bytes, A Adds the file HtmlRenderer.WPF.dll"="1/22/2019 12:06 PM, 59328 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="1/22/2019 12:06 PM, 60352 bytes, A Adds the file Interop.SHDocVw.dll"="1/22/2019 12:07 PM, 175040 bytes, A Adds the file langs.db"="1/22/2019 10:57 AM, 1398784 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="1/22/2019 12:06 PM, 182208 bytes, A Adds the file Microsoft.WindowsAPICodePack.dll"="1/22/2019 12:06 PM, 109504 bytes, A Adds the file Microsoft.WindowsAPICodePack.Shell.dll"="1/22/2019 12:06 PM, 553408 bytes, A Adds the file Newtonsoft.Json.dll"="1/22/2019 12:06 PM, 472000 bytes, A Adds the file PaddleCheckoutSDK.dll"="1/22/2019 12:06 PM, 70080 bytes, A Adds the file PresentationCore.dll"="1/22/2019 12:07 PM, 1424320 bytes, A Adds the file System.Data.SQLite.DLL"="1/22/2019 12:07 PM, 342976 bytes, A Adds the file System.Threading.dll"="9/11/2018 12:07 PM, 387408 bytes, A Adds the file TAFactory.IconPack.dll"="1/22/2019 12:07 PM, 48064 bytes, A Adds the file unins000.dat"="4/8/2019 8:57 AM, 69313 bytes, A Adds the file unins000.exe"="4/8/2019 8:57 AM, 1242560 bytes, A Adds the file unins000.msg"="4/8/2019 8:57 AM, 22701 bytes, A Adds the file WPFToolkit.dll"="9/11/2018 12:07 PM, 467288 bytes, A Adds the folder C:\Program Files\Driver Tonic\dp Adds the file 7z.dll"="1/22/2019 12:07 PM, 1084864 bytes, A Adds the file 7z.exe"="1/22/2019 12:07 PM, 276416 bytes, A Adds the file difxapi.dll"="9/11/2018 12:09 PM, 323464 bytes, A Adds the file difxapi64.dll"="9/11/2018 12:09 PM, 519048 bytes, A Adds the file DPInst32.exe"="1/22/2019 12:08 PM, 556480 bytes, A Adds the file DPInst64.exe"="1/22/2019 12:08 PM, 681920 bytes, A Adds the file DrvReposPath.exe"="1/22/2019 12:08 PM, 270272 bytes, A Adds the file DrvSignerVerifier.exe"="1/22/2019 12:08 PM, 278464 bytes, A Adds the folder C:\Program Files\Driver Tonic\websec Adds the file ICSharpCode.SharpZipLib.dll"="1/22/2019 12:06 PM, 203712 bytes, A Adds the file langs.db"="11/7/2017 10:09 AM, 65536 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="1/22/2019 12:06 PM, 182208 bytes, A Adds the file Newtonsoft.Json.dll"="1/22/2019 12:07 PM, 458688 bytes, A Adds the file System.Data.SQLite.DLL"="1/22/2019 12:07 PM, 342976 bytes, A Adds the file System.Data.SQLite.Linq.dll"="1/22/2019 12:07 PM, 207808 bytes, A Adds the file System.Threading.dll"="9/11/2018 12:07 PM, 387408 bytes, A Adds the file TAFactory.IconPack.dll"="1/22/2019 12:07 PM, 48064 bytes, A Adds the file WebExtNotifier.exe"="1/22/2019 12:07 PM, 1002944 bytes, A Adds the file WebExtNotifier.exe.config"="9/22/2017 4:16 PM, 1321 bytes, A Adds the folder C:\Program Files\Driver Tonic\websec\x64 Adds the file SQLite.Interop.dll"="1/22/2019 12:07 PM, 1491392 bytes, A Adds the folder C:\Program Files\Driver Tonic\websec\x86 Adds the file SQLite.Interop.dll"="1/22/2019 12:07 PM, 1058240 bytes, A Adds the folder C:\Program Files\Driver Tonic\x64 Adds the file SQLite.Interop.dll"="1/22/2019 12:07 PM, 1491392 bytes, A Adds the folder C:\Program Files\Driver Tonic\x86 Adds the file SQLite.Interop.dll"="1/22/2019 12:07 PM, 1058240 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tonic Adds the file Buy Driver Tonic.lnk"="4/8/2019 8:57 AM, 837 bytes, A Adds the file Driver Tonic.lnk"="4/8/2019 8:57 AM, 827 bytes, A Adds the file Uninstall Driver Tonic.lnk"="4/8/2019 8:57 AM, 858 bytes, A Adds the folder C:\ProgramData\pctonics.com Adds the folder C:\ProgramData\pctonics.com\Driver Tonic Adds the file mdb.db"="2/20/2018 6:15 PM, 838656 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Ad-BlockerPro Adds the file langs.db"="11/7/2017 10:09 AM, 65536 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Driver Tonic Adds the file act.xml"="4/8/2019 8:57 AM, 119548 bytes, A Adds the file bkp.xml"="4/8/2019 8:59 AM, 369 bytes, A Adds the file Errorlog.txt"="4/8/2019 9:02 AM, 49340 bytes, A Adds the file exlist.bin"="4/8/2019 8:57 AM, 275673 bytes, A Adds the file notifier.xml"="4/8/2019 8:57 AM, 3445 bytes, A Adds the file param.ini"="4/8/2019 8:57 AM, 158 bytes, A Adds the file res.bin"="4/8/2019 9:00 AM, 34552 bytes, A Adds the file Result.cb"="4/8/2019 9:03 AM, 105153 bytes, A Adds the file update.xml"="4/8/2019 8:57 AM, 10728 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Driver Tonic\Backups Adds the file dtcbackup_08042019_085744.zip"="4/8/2019 8:59 AM, 16976428 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Driver Tonic\DrvBackups Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Driver Tonic\DrvDownload Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Driver Tonic\icon Adds the file 090324.ico"="4/8/2019 9:03 AM, 62600 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Driver Tonic.lnk"="4/8/2019 9:03 AM, 1844 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Driver Tonic_Logon"="4/8/2019 8:57 AM, 3028 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\cGN0b25pY3MuY29t\RHJpdmVyIFRvbmlj\ACT] "data"="REG_BINARY, ........................................................................... [HKEY_LOCAL_MACHINE\SOFTWARE\dtc-pr] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "phone"="REG_SZ", "" "referurl"="REG_SZ", "" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "" "x-at"="REG_SZ", "" "x-base"="REG_SZ", "" "x-context"="REG_SZ", "" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C7CA6F1-4691-449D-B574-559726CDA825}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Driver Tonic\dtn.exe" "DisplayName"="REG_SZ", "Driver Tonic" "DisplayVersion"="REG_SZ", "1.0.1.6" "EstimatedSize"="REG_DWORD", 33863 "HelpLink"="REG_SZ", "https://www.pctonics.com/dtn/support/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Driver Tonic" "Inno Setup: Icon Group"="REG_SZ", "Driver Tonic" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190408" "InstallLocation"="REG_SZ", "C:\Program Files\Driver Tonic\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "pctonics.com" "QuietUninstallString"="REG_SZ", ""C:\Program Files\Driver Tonic\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Driver Tonic\unins000.exe" /SILENT" "URLInfoAbout"="REG_SZ", "https://www.pctonics.com/dtn/" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\pctonics.com\Driver Tonic] "affired"="REG_DWORD", 0 "afterInstallUrl"="REG_SZ", "http://www.winactiv.com/install/dtn/?" "apst"="REG_DWORD", 0 "bdInst"="REG_DWORD", 0 "btnid"="REG_SZ", "" "cclst"="REG_SZ", "" "country"="REG_SZ", "" "cta"="REG_DWORD", 0 "delay"="REG_DWORD", 0 "devicesscanned"="REG_DWORD", 56 "expired"="REG_DWORD", 0 "gclid"="REG_SZ", "" "hdata"="REG_BINARY, ........................................................................................................................................................................................................................................................................................................................................................................................................................................................ "ignoreddrivercount"="REG_DWORD", 0 "InstallString"="REG_SZ", "C:\Program Files\Driver Tonic" "ipaddrurl"="REG_SZ", "http://www.winactiv.com/getip/" "isinstfont"="REG_DWORD", 1 "isSchedule"="REG_DWORD", 0 "issilent"="REG_DWORD", 0 "ISTELNO"="REG_DWORD", 0 "LangCode"="REG_SZ", "en" "lastscandate"="REG_SZ", "4/8/2019 7:00:37 AM" "lastscanstatus"="REG_DWORD", 2 "lastupdatedate"="REG_SZ", "1/1/0001 12:00:00 AM" "lpid"="REG_SZ", "" "lstscnsett"="REG_BINARY, .............................................................!............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!................................................................................................... "msclkid"="REG_SZ", "" "nointernetdrvrslt"="REG_DWORD", 0 "oldmissingdrivercount"="REG_DWORD", 2 "ovoffdis"="REG_DWORD", 0 "paramurl"="REG_SZ", "http://trkr.winactiv.com/ipfiles/" "pdtm"="REG_DWORD", 45 "playsound"="REG_DWORD", 0 "ppid"="REG_DWORD", 63 "ppinag"="REG_DWORD", 0 "prereg"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "http://store.pctonics.com/dtn/plan/" "referurl"="REG_SZ", "" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "https://store.pctonics.com/dtn/renewal/" "rescan"="REG_DWORD", 0 "runcam"="REG_DWORD", 1 "runpixel"="REG_DWORD", 1 "runpub"="REG_DWORD", 1 "runsrc"="REG_DWORD", 1 "scntype"="REG_DWORD", 0 "showpriceplan"="REG_DWORD", 1 "showtn"="REG_DWORD", 0 "showunins"="REG_DWORD", 0 "showwfo"="REG_DWORD", 1 "shwtutrl"="REG_DWORD", 0 "stdismax"="REG_DWORD", -1 "supporturl"="REG_SZ", "https://www.pctonics.com/dtn/support/" "tcfl"="REG_DWORD", 1 "TELNO"="REG_SZ", "" "uptodatedrivercount"="REG_DWORD", 50 "utm_medium"="REG_SZ", "" "vendorLogo"="REG_SZ", "common_logo.jpg" "WebURL"="REG_SZ", "https://www.pctonics.com/dtn/" "wfoset"="REG_DWORD", 1 "x-at"="REG_SZ", "" "x-base"="REG_SZ", "" "x-ccode"="REG_SZ", "nl" "x-context"="REG_SZ", "" "x-datetime"="REG_SZ", "04-08-2019 06:57:08 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "90_145_230_242" "x-plt"="REG_SZ", "" "x-uid"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_CURRENT_USER\Software\pctonics.com\Driver Tonic] "bdlinstm"="REG_DWORD", 120 "btnid"="REG_SZ", "" "InstallString"="REG_SZ", "C:\Program Files\Driver Tonic" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "ppid"="REG_DWORD", 63 "referurl"="REG_SZ", "" "showpriceplan"="REG_DWORD", 1 "shwtutrl"="REG_DWORD", 0 "utm_medium"="REG_SZ", "" "x-at"="REG_SZ", "" "x-base"="REG_SZ", "" "x-context"="REG_SZ", "" "x-datetime"="REG_SZ", "04-08-2019 06:57:08 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "90_145_230_242" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_CURRENT_USER\Software\pctonics.com\Driver Tonic\1.0.1.6] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/8/19 Scan Time: 9:13 AM Log File: bf02b4ea-59cd-11e9-9ecf-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10044 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236266 Threats Detected: 81 Threats Quarantined: 81 Time Elapsed: 7 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dtn.exe, Quarantined, [2936], [505858],1.0.10044 Module: 9 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\x64\SQLite.Interop.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dtn.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\HtmlRenderer.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\HtmlRenderer.WPF.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Interop.IWshRuntimeLibrary.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Microsoft.Win32.TaskScheduler.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\PaddleCheckoutSDK.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\System.Data.SQLite.DLL, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\WPFToolkit.dll, Quarantined, [2936], [505858],1.0.10044 Registry Key: 8 PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Driver Tonic_Logon, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A25E30FE-1291-4529-82C2-AA4D55A8CADF}, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A25E30FE-1291-4529-82C2-AA4D55A8CADF}, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4C7CA6F1-4691-449D-B574-559726CDA825}_is1, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, HKCU\SOFTWARE\PCTONICS.COM\Driver Tonic, Quarantined, [2936], [505865],1.0.10044 PUP.Optional.Jawego, HKLM\SOFTWARE\DTC-PR, Quarantined, [600], [543113],1.0.10044 PUP.Optional.WinTonic, HKLM\SOFTWARE\cGN0b25pY3MuY29t, Quarantined, [1394], [491485],1.0.10044 PUP.Optional.DriverTonic, HKLM\SOFTWARE\PCTONICS.COM\Driver Tonic, Quarantined, [2936], [505863],1.0.10044 Registry Value: 3 PUP.Optional.Jawego, HKLM\SOFTWARE\DTC-PR|AFFILIATEID, Quarantined, [600], [543113],1.0.10044 PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A25E30FE-1291-4529-82C2-AA4D55A8CADF}|PATH, Quarantined, [2936], [582488],1.0.10044 PUP.Optional.DriverTonic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4C7CA6F1-4691-449D-B574-559726CDA825}_IS1|DISPLAYNAME, Quarantined, [2936], [505864],1.0.10044 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\x64, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\x86, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\x64, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\x86, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\PROGRAM FILES\DRIVER TONIC, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER TONIC, Quarantined, [2936], [505860],1.0.10044 File: 52 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\7z.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\7z.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\difxapi.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\difxapi64.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\DPInst32.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\DPInst64.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\DrvReposPath.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dp\DrvSignerVerifier.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\x64\SQLite.Interop.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\x86\SQLite.Interop.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\ICSharpCode.SharpZipLib.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\langs.db, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\Microsoft.Win32.TaskScheduler.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\Newtonsoft.Json.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\System.Data.SQLite.DLL, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\System.Data.SQLite.Linq.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\System.Threading.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\TAFactory.IconPack.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\WebExtNotifier.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\websec\WebExtNotifier.exe.config, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\x64\SQLite.Interop.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\x86\SQLite.Interop.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Application_icon.png, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Delimon.Win32.IO.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dtn.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dtn.exe.config, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\dtonic.ttf, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\HtmlRenderer.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\HtmlRenderer.WPF.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Interop.IWshRuntimeLibrary.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Interop.SHDocVw.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\langs.db, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Microsoft.Win32.TaskScheduler.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Microsoft.WindowsAPICodePack.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Microsoft.WindowsAPICodePack.Shell.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\Newtonsoft.Json.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\PaddleCheckoutSDK.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\PresentationCore.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\System.Data.SQLite.DLL, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\System.Threading.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\TAFactory.IconPack.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\unins000.dat, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\unins000.exe, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\unins000.msg, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\Program Files\Driver Tonic\WPFToolkit.dll, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\WINDOWS\SYSTEM32\TASKS\Driver Tonic_Logon, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Driver Tonic.lnk, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\USERS\PUBLIC\Desktop\Driver Tonic.lnk, Quarantined, [2936], [505858],1.0.10044 PUP.Optional.DriverTonic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tonic\Buy Driver Tonic.lnk, Quarantined, [2936], [505860],1.0.10044 PUP.Optional.DriverTonic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tonic\Driver Tonic.lnk, Quarantined, [2936], [505860],1.0.10044 PUP.Optional.DriverTonic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tonic\Uninstall Driver Tonic.lnk, Quarantined, [2936], [505860],1.0.10044 PUP.Optional.DriverTonic, C:\USERS\{username}\DESKTOP\DRIVERTONIC.EXE, Quarantined, [2936], [509861],1.0.10044 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Super Clean-Pro 2018?The Malwarebytes research team has determined that Super Clean-Pro 2018 is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Super Clean-Pro 2018?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and this type of screens during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did Super Clean-Pro 2018 get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Super Clean-Pro 2018?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Super Clean-Pro 2018? No, Malwarebytes removes Super Clean-Pro 2018 completely. This PUP creates a scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Super Clean-Pro 2018 installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: () C:\Program Files\Super Clean-Pro 2018 for {computername}\ptcr.exe C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername} C:\Windows\System32\Tasks\Super Clean-Pro 2018_Logon C:\Users\Public\Desktop\Super Clean-Pro 2018.lnk C:\ProgramData\Super Clean-Pro 2018 for {computername} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Clean-Pro 2018 for {computername} C:\Program Files\Super Clean-Pro 2018 for {computername} Super Clean-Pro 2018 (HKLM\...\{3CE5CEE4-FA12-4AD1-A6A9-89BFBD6A2F47}_is1) (Version: 1.0.0.0 - ) Task: {5CF68C68-9721-4BE0-A2A0-29B09CB0A5CB} - System32\Tasks\Super Clean-Pro 2018_Logon => C:\Program Files\Super Clean-Pro 2018 for {computername}\ptcr.exe [2018-08-09] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Super Clean-Pro 2018 for {computername} Adds the file application.ico"="8/8/2018 6:48 PM, 94222 bytes, A Adds the file danish_iss.ini"="5/16/2018 11:25 AM, 2402 bytes, A Adds the file Dutch_iss.ini"="5/16/2018 11:25 AM, 2600 bytes, A Adds the file english_iss.ini"="5/16/2018 11:25 AM, 2256 bytes, A Adds the file finish_iss.ini"="5/16/2018 11:25 AM, 2368 bytes, A Adds the file French_iss.ini"="5/16/2018 11:25 AM, 2792 bytes, A Adds the file german_iss.ini"="5/16/2018 11:25 AM, 2658 bytes, A Adds the file gmtrs.dll"="8/9/2018 4:13 PM, 1932696 bytes, A Adds the file HtmlRenderer.dll"="8/9/2018 4:13 PM, 228248 bytes, A Adds the file HtmlRenderer.WinForms.dll"="8/9/2018 4:13 PM, 66968 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="8/9/2018 4:13 PM, 55704 bytes, A Adds the file Interop.SHDocVw.dll"="8/9/2018 4:13 PM, 170392 bytes, A Adds the file italian_iss.ini"="5/16/2018 11:25 AM, 2532 bytes, A Adds the file japanese_iss.ini"="5/16/2018 11:25 AM, 1844 bytes, A Adds the file langs.db"="5/16/2018 2:50 PM, 449536 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="8/9/2018 4:13 PM, 177560 bytes, A Adds the file NAudio.dll"="8/9/2018 4:13 PM, 477592 bytes, A Adds the file Newtonsoft.Json.dll"="8/9/2018 4:13 PM, 467352 bytes, A Adds the file norwegian_iss.ini"="5/16/2018 11:25 AM, 2358 bytes, A Adds the file PaddleCheckoutSDK.dll"="8/9/2018 4:13 PM, 65432 bytes, A Adds the file portuguese_iss.ini"="5/16/2018 11:25 AM, 2424 bytes, A Adds the file ptcr.exe"="8/9/2018 4:13 PM, 2708784 bytes, A Adds the file ptcr.exe.config"="8/9/2018 4:13 PM, 6027 bytes, A Adds the file russian_iss.ini"="5/16/2018 11:25 AM, 2494 bytes, A Adds the file spanish_iss.ini"="5/16/2018 11:25 AM, 2548 bytes, A Adds the file swedish_iss.ini"="5/16/2018 11:25 AM, 2270 bytes, A Adds the file System.Data.SQLite.DLL"="8/9/2018 4:13 PM, 297368 bytes, A Adds the file TAFactory.IconPack.dll"="8/9/2018 4:13 PM, 43416 bytes, A Adds the file unins000.dat"="8/20/2018 8:58 AM, 85483 bytes, A Adds the file unins000.exe"="8/20/2018 8:57 AM, 1273240 bytes, A Adds the file unins000.msg"="8/20/2018 8:58 AM, 22701 bytes, A Adds the folder C:\Program Files\Super Clean-Pro 2018 for {computername}\x64 Adds the file SQLite.Interop.dll"="8/9/2018 4:13 PM, 1182104 bytes, A Adds the folder C:\Program Files\Super Clean-Pro 2018 for {computername}\x86 Adds the file SQLite.Interop.dll"="8/9/2018 4:13 PM, 861080 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Clean-Pro 2018 for {computername} Adds the file Buy Super Clean-Pro 2018.lnk"="8/20/2018 8:58 AM, 1021 bytes, A Adds the file Super Clean-Pro 2018.lnk"="8/20/2018 8:58 AM, 1009 bytes, A Adds the file Uninstall Super Clean-Pro 2018.lnk"="8/20/2018 8:58 AM, 1033 bytes, A Adds the folder C:\ProgramData\Super Clean-Pro 2018 for {computername} Adds the file mdb.db"="5/16/2018 11:25 AM, 835584 bytes, A Adds the file pcspstartrepair_en.mp3"="5/16/2018 11:25 AM, 130973 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername} Adds the file Errorlog.txt"="8/20/2018 9:00 AM, 14744 bytes, A Adds the file exlist.bin"="8/20/2018 8:58 AM, 258001 bytes, A Adds the file notifier.xml"="8/20/2018 8:58 AM, 9646 bytes, A Adds the file param.ini"="8/20/2018 8:58 AM, 424 bytes, A Adds the file pplan.xml"="8/20/2018 8:58 AM, 668 bytes, A Adds the file res.xml"="8/20/2018 8:59 AM, 10160 bytes, A Adds the file update.xml"="8/20/2018 8:58 AM, 28128 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\smico In the existing folder C:\Users\Public\Desktop Adds the file Super Clean-Pro 2018.lnk"="8/20/2018 8:58 AM, 991 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Super Clean-Pro 2018_Logon"="8/20/2018 8:58 AM, 3084 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CE5CEE4-FA12-4AD1-A6A9-89BFBD6A2F47}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Super Clean-Pro 2018 for {computername}\ptcr.exe" "DisplayName"="REG_SZ", "Super Clean-Pro 2018" "DisplayVersion"="REG_SZ", "1.0.0.0" "EstimatedSize"="REG_DWORD", 13172 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Super Clean-Pro 2018 for {computername}" "Inno Setup: Icon Group"="REG_SZ", "Super Clean-Pro 2018 for {computername}" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.8 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180820" "InstallLocation"="REG_SZ", "C:\Program Files\Super Clean-Pro 2018 for {computername}\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\Super Clean-Pro 2018 for {computername}\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Super Clean-Pro 2018 for {computername}\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "nl" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "pxl"="REG_SZ", "AVP3532_AVP3460_RUNT" "referUrl"="REG_SZ", "" "TELNO"="REG_SZ", "" "utm_campaign"="REG_SZ", "avpcrpalf" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "c8814a99-5c17-41bd-8169-ac419ec68c5e" "utm_source"="REG_SZ", "avpcrpalf" "x-at"="REG_SZ", "GHIGHId77O83CGC7EK05OF1DSKUP32" "x-context"="REG_SZ", "d77O83CGC7EK05OF1DSKUP32" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Super Clean-Pro 2018 For {computername}] "affired"="REG_DWORD", 1 "afterInstallUrl"="REG_SZ", "http://ins.alfactiv.com/install/scp/?" "apst"="REG_DWORD", 0 "btnid"="REG_SZ", "" "buybowinapp"="REG_SZ", "http://store.mypclogics.com/scp/plan?" "cbkpoff"="REG_DWORD", 1 "country"="REG_SZ", "nl" "cta"="REG_DWORD", 0 "delaytime"="REG_DWORD", 0 "dlllist"="REG_SZ", "PSMACHINE_64.DLL,MSSPELLCHECKINGFACILITY.DLL" "EmailURL"="REG_SZ", "" "expired"="REG_DWORD", 0 "hdata"="REG_BINARY, ......................................................................................................................................................................................................................................................................................................................................... "Installstring"="REG_SZ", "C:\Program Files\Super Clean-Pro 2018 for {computername}" "ipaddrurl"="REG_SZ", "http://www.alfactiv.com/getip/" "isavst"="REG_DWORD", 0 "isiunidu"="REG_DWORD", 0 "isprmjsn"="REG_DWORD", 0 "isshowng"="REG_DWORD", 1 "issilent"="REG_DWORD", 0 "ISTELNO"="REG_DWORD", 1 "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "lstregscancount"="REG_DWORD", 25 "lstscandate"="REG_SZ", "8/20/2018 8:59:15 AM" "lstscanstat"="REG_DWORD", 2 "lstsecscancount"="REG_DWORD", 0 "lsttotalscancount"="REG_DWORD", 25 "ovoffdis"="REG_DWORD", 0 "paramurl"="REG_SZ", "http://trkr.alfactiv.com/ipfiles/" "pdtm"="REG_DWORD", 30 "playsound"="REG_DWORD", 1 "plurl"="REG_SZ", "http://pp.alfactiv.com/ProductPrice.svc/" "prereg"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "https://store.mypclogics.com/scp/price?" "pxl"="REG_SZ", "AVP3532_AVP3460_RUNT" "referurl"="REG_SZ", "" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "https://store.mypclogics.com/scp/renewal?" "runcam"="REG_DWORD", 1 "runpixel"="REG_DWORD", 1 "runsrc"="REG_DWORD", 1 "showtn"="REG_DWORD", 0 "showunins"="REG_DWORD", 0 "showwfo"="REG_DWORD", 0 "stdismax"="REG_DWORD", -1 "supporturl"="REG_SZ", "https://www.mypclogics.com/help/" "TELNO"="REG_SZ", "085 888 7056" "TELNO_ar"="REG_SZ", "+54 11 5236 0324" "TELNO_at"="REG_SZ", "+43 (0)720 902 309" "TELNO_au"="REG_SZ", "(61)280-733403" "TELNO_be"="REG_SZ", "+32-28085306" "TELNO_br"="REG_SZ", "+55 21 2391 4319" "TELNO_ch"="REG_SZ", "+41 (0)44 508 70 37" "TELNO_de"="REG_SZ", "0800 1822 974" "TELNO_dk"="REG_SZ", "+45 78 73 09 26" "TELNO_es"="REG_SZ", "+34 951 203 537" "TELNO_fi"="REG_SZ", "+358 (0)9 4270 4911" "TELNO_fr"="REG_SZ", "05 82 84 04 06" "TELNO_gb"="REG_SZ", "0800-031-5066" "TELNO_it"="REG_SZ", "+39 069 4802886" "TELNO_ja"="REG_SZ", "" "TELNO_lu"="REG_SZ", "0800 1822 974" "TELNO_nl"="REG_SZ", "085 888 7056" "TELNO_no"="REG_SZ", "+47 21 95 01 97" "TELNO_pt"="REG_SZ", "+351 70 750 2094" "TELNO_se"="REG_SZ", "+46-08124-10298" "TELNO_uk"="REG_SZ", "0800-031-5066" "TELNO_us"="REG_SZ", "(855)-332-0124" "utm_campaign"="REG_SZ", "avpcrpalf" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "c8814a99-5c17-41bd-8169-ac419ec68c5e" "utm_source"="REG_SZ", "avpcrpalf" "WebURL"="REG_SZ", "https://www.mypclogics.com/" "wfoset"="REG_DWORD", 1 "x-at"="REG_SZ", "GHIGHId77O83CGC7EK05OF1DSKUP32" "x-ccode"="REG_SZ", "nl" "x-context"="REG_SZ", "d77O83CGC7EK05OF1DSKUP32" "x-datetime"="REG_SZ", "08-20-2018 06:58:35 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "90_145_230_242" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\U3VwZXIgQ2xlYW4tUHJvIDIwMTg=\ACT] "data"="REG_BINARY, ................................................................................................................................................................................................................................................................................................................................................................................................................................ [HKEY_CURRENT_USER\Software\Super Clean-Pro 2018 for {computername}] "btnid"="REG_SZ", "" "InstallString"="REG_SZ", "C:\Program Files\Super Clean-Pro 2018 for {computername}" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "pxl"="REG_SZ", "AVP3532_AVP3460_RUNT" "referurl"="REG_SZ", "" "TELNO"="REG_SZ", "085 888 7056" "TELNO_nl"="REG_SZ", "085 888 7056" "utm_campaign"="REG_SZ", "avpcrpalf" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "c8814a99-5c17-41bd-8169-ac419ec68c5e" "utm_source"="REG_SZ", "avpcrpalf" "x-at"="REG_SZ", "GHIGHId77O83CGC7EK05OF1DSKUP32" "x-context"="REG_SZ", "d77O83CGC7EK05OF1DSKUP32" "x-datetime"="REG_SZ", "08-20-2018 06:58:35 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "90_145_230_242" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Super Clean-Pro 2018 for {computername}\1.0.0.0] "Installstring"="REG_SZ", "C:\Program Files\Super Clean-Pro 2018 for {computername}" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/20/18 Scan Time: 9:07 AM Log File: bee13311-a447-11e8-b1b8-00ffdcc6fdfc.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6415 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251428 Threats Detected: 78 Threats Quarantined: 78 Time Elapsed: 3 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\ptcr.exe, Quarantined, [418], [553555],1.0.6415 Module: 7 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\x64\SQLite.Interop.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\PaddleCheckoutSDK.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\ptcr.exe, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\System.Data.SQLite.DLL, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\TAFactory.IconPack.dll, Quarantined, [418], [553555],1.0.6415 Registry Key: 8 PUP.Optional.PCVARK, HKCU\SOFTWARE\Super Clean-Pro 2018 for {computername}, Quarantined, [418], [553561],1.0.6415 PUP.Optional.Jawego, HKLM\SOFTWARE\U3VwZXIgQ2xlYW4tUHJvIDIwMTg=, Quarantined, [522], [535314],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Clean-Pro 2018_Logon, Quarantined, [418], [553565],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5CF68C68-9721-4BE0-A2A0-29B09CB0A5CB}, Quarantined, [418], [553565],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5CF68C68-9721-4BE0-A2A0-29B09CB0A5CB}, Quarantined, [418], [553565],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3CE5CEE4-FA12-4AD1-A6A9-89BFBD6A2F47}_is1, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\SCD-PR, Quarantined, [418], [540842],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\Super Clean-Pro 2018 For {computername}, Quarantined, [418], [553560],1.0.6415 Registry Value: 6 PUP.Optional.PCVARK, HKCU\SOFTWARE\Super Clean-Pro 2018 for {computername}|TELNO, Quarantined, [418], [553561],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\SCD-PR|AFFILIATEID, Quarantined, [418], [540842],1.0.6415 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SCD-PR|PXL, Quarantined, [1120], [484510],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\Super Clean-Pro 2018 For {computername}|AFFIRED, Quarantined, [418], [553560],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5CF68C68-9721-4BE0-A2A0-29B09CB0A5CB}|PATH, Quarantined, [418], [553563],1.0.6415 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3CE5CEE4-FA12-4AD1-A6A9-89BFBD6A2F47}_is1|DISPLAYNAME, Quarantined, [418], [553562],1.0.6415 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.PCVARK, C:\PROGRAMDATA\Super Clean-Pro 2018 for {computername}, Quarantined, [418], [553557],1.0.6415 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\smico, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\Super Clean-Pro 2018 For {computername}, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\x64, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\x86, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\PROGRAM FILES\Super Clean-Pro 2018 for {computername}, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Super Clean-Pro 2018 for {computername}, Quarantined, [418], [553556],1.0.6415 File: 49 PUP.Optional.PCVARK, C:\PROGRAMDATA\Super Clean-Pro 2018 for {computername}\mdb.db, Quarantined, [418], [553557],1.0.6415 PUP.Optional.PCVARK, C:\ProgramData\Super Clean-Pro 2018 for {computername}\pcspstartrepair_en.mp3, Quarantined, [418], [553557],1.0.6415 PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\Super Clean-Pro 2018 For {computername}\Errorlog.txt, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\exlist.bin, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\notifier.xml, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\param.ini, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\pplan.xml, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\res.xml, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Super Clean-Pro 2018 For {computername}\update.xml, Quarantined, [418], [553558],1.0.6415 PUP.Optional.PCVARK, C:\WINDOWS\SYSTEM32\TASKS\Super Clean-Pro 2018_Logon, Quarantined, [418], [553565],1.0.6415 PUP.Optional.PCVARK, C:\PROGRAM FILES\Super Clean-Pro 2018 for {computername}\unins000.dat, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\x64\SQLite.Interop.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\x86\SQLite.Interop.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\application.ico, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\danish_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\Dutch_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\english_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\finish_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\French_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\german_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\gmtrs.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\HtmlRenderer.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\HtmlRenderer.WinForms.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\Interop.SHDocVw.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\italian_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\japanese_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\langs.db, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\NAudio.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\Newtonsoft.Json.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\norwegian_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\PaddleCheckoutSDK.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\portuguese_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\ptcr.exe, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\ptcr.exe.config, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\russian_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\spanish_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\swedish_iss.ini, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\System.Data.SQLite.DLL, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\TAFactory.IconPack.dll, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\unins000.exe, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\Program Files\Super Clean-Pro 2018 for {computername}\unins000.msg, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Super Clean-Pro 2018.lnk, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\USERS\PUBLIC\DESKTOP\Super Clean-Pro 2018.lnk, Quarantined, [418], [553555],1.0.6415 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Clean-Pro 2018 for {computername}\Buy Super Clean-Pro 2018.lnk, Quarantined, [418], [553556],1.0.6415 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Clean-Pro 2018 for {computername}\Super Clean-Pro 2018.lnk, Quarantined, [418], [553556],1.0.6415 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Clean-Pro 2018 for {computername}\Uninstall Super Clean-Pro 2018.lnk, Quarantined, [418], [553556],1.0.6415 PUP.Optional.PCVARK, C:\USERS\{username}\DESKTOP\SCPSETUP.EXE, Quarantined, [418], [553568],1.0.6415 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is Dr. Clean Pro 2018?The Malwarebytes research team has determined that Dr. Clean Pro 2018 is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Dr. Clean Pro 2018?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and these screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did Dr. Clean Pro 2018 get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Dr. Clean Pro 2018?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Dr. Clean Pro 2018? No, Malwarebytes removes Dr. Clean Pro 2018 completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Dr. Clean Pro 2018 installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain.Technical details for expertsYou may see these entries in FRST logs: () C:\Program Files\Dr.Clean-Pro-2018 for {computername}\mysysm.exe C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername} C:\Windows\System32\Tasks\Dr.Clean-Pro-2018_Logon C:\Users\Public\Desktop\Dr.Clean-Pro-2018.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Clean-Pro-2018 for {computername} C:\ProgramData\Dr.Clean-Pro-2018 for {computername} C:\Program Files\Dr.Clean-Pro-2018 for {computername} Dr.Clean-Pro-2018 (HKLM\...\{7B1AE0CD-7ED9-44C2-8ED8-DFA8522119DE}_is1) (Version: 3.6.0.0 - ) Task: {FF5DA2B8-C268-46E5-A20C-F83333821500} - System32\Tasks\Dr.Clean-Pro-2018_Logon => C:\Program Files\Dr.Clean-Pro-2018 for {computername}\mysysm.exe [2018-04-06] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Dr.Clean-Pro-2018 for {computername} Adds the file application.ico"="2/6/2018 10:43 AM, 56150 bytes, A Adds the file danish_iss.ini"="5/23/2017 6:31 PM, 2402 bytes, A Adds the file Dutch_iss.ini"="5/23/2017 6:31 PM, 2600 bytes, A Adds the file english_iss.ini"="5/23/2017 6:31 PM, 2256 bytes, A Adds the file finish_iss.ini"="5/23/2017 6:31 PM, 2368 bytes, A Adds the file French_iss.ini"="5/23/2017 6:31 PM, 2792 bytes, A Adds the file german_iss.ini"="5/23/2017 6:31 PM, 2658 bytes, A Adds the file gtcmg.dll"="4/6/2018 4:35 PM, 1784176 bytes, A Adds the file HtmlRenderer.dll"="4/6/2018 4:35 PM, 228208 bytes, A Adds the file HtmlRenderer.WinForms.dll"="4/6/2018 4:36 PM, 66928 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="4/6/2018 4:36 PM, 55664 bytes, A Adds the file italian_iss.ini"="5/23/2017 6:31 PM, 2532 bytes, A Adds the file japanese_iss.ini"="5/23/2017 6:32 PM, 1844 bytes, A Adds the file langs.db"="2/6/2018 4:13 PM, 446464 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/6/2018 4:36 PM, 177520 bytes, A Adds the file mysysm.exe"="4/6/2018 4:35 PM, 2036592 bytes, A Adds the file mysysm.exe.config"="4/6/2018 4:35 PM, 5468 bytes, A Adds the file NAudio.dll"="4/6/2018 4:36 PM, 477552 bytes, A Adds the file norwegian_iss.ini"="5/23/2017 6:32 PM, 2358 bytes, A Adds the file portuguese_iss.ini"="5/23/2017 6:32 PM, 2424 bytes, A Adds the file russian_iss.ini"="5/23/2017 6:32 PM, 2494 bytes, A Adds the file spanish_iss.ini"="5/23/2017 6:32 PM, 2548 bytes, A Adds the file swedish_iss.ini"="5/23/2017 6:32 PM, 2270 bytes, A Adds the file System.Data.SQLite.DLL"="4/6/2018 4:36 PM, 297328 bytes, A Adds the file TAFactory.IconPack.dll"="4/6/2018 4:36 PM, 43376 bytes, A Adds the file unins000.dat"="8/14/2018 8:55 AM, 83573 bytes, A Adds the file unins000.exe"="8/14/2018 8:53 AM, 1235312 bytes, A Adds the file unins000.msg"="8/14/2018 8:55 AM, 22701 bytes, A Adds the folder C:\Program Files\Dr.Clean-Pro-2018 for {computername}\x64 Adds the file SQLite.Interop.dll"="4/6/2018 4:35 PM, 1182064 bytes, A Adds the folder C:\Program Files\Dr.Clean-Pro-2018 for {computername}\x86 Adds the file SQLite.Interop.dll"="4/6/2018 4:35 PM, 861040 bytes, A Adds the folder C:\ProgramData\Dr.Clean-Pro-2018 for {computername} Adds the file mdb.db"="10/3/2017 4:30 PM, 835584 bytes, A Adds the file pcspstartrepair_en.mp3"="3/2/2017 11:05 AM, 130973 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Clean-Pro-2018 for {computername} Adds the file Buy Dr.Clean-Pro-2018.lnk"="8/14/2018 8:55 AM, 1016 bytes, A Adds the file Dr.Clean-Pro-2018.lnk"="8/14/2018 8:55 AM, 1004 bytes, A Adds the file Uninstall Dr.Clean-Pro-2018.lnk"="8/14/2018 8:55 AM, 1016 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername} Adds the file Errorlog.txt"="8/14/2018 8:57 AM, 12040 bytes, A Adds the file exlist.bin"="8/14/2018 8:55 AM, 258023 bytes, A Adds the file notifier.xml"="8/14/2018 8:55 AM, 4716 bytes, A Adds the file param.ini"="8/14/2018 8:55 AM, 336 bytes, A Adds the file res.xml"="8/14/2018 8:56 AM, 9770 bytes, A Adds the file update.xml"="8/14/2018 8:55 AM, 10186 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername}\smico In the existing folder C:\Users\Public\Desktop Adds the file Dr.Clean-Pro-2018.lnk"="8/14/2018 8:55 AM, 986 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Dr.Clean-Pro-2018_Logon"="8/14/2018 8:55 AM, 3082 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Dr.Clean-Pro-2018 For {computername}] "affired"="REG_DWORD", 1 "afterInstallUrl"="REG_SZ", "http://ins.entireactiv.com/install/dcp/?" "apst"="REG_DWORD", 0 "btnid"="REG_SZ", "" "cbkpoff"="REG_DWORD", 1 "country"="REG_SZ", "us" "cta"="REG_DWORD", 0 "delaytime"="REG_DWORD", 0 "dlllist"="REG_SZ", "PSMACHINE_64.DLL,MSSPELLCHECKINGFACILITY.DLL" "EmailURL"="REG_SZ", "" "expired"="REG_DWORD", 0 "hdata"="REG_BINARY, .......................................................................................................................................................................................................................................................................................................................................... "Installstring"="REG_SZ", "C:\Program Files\Dr.Clean-Pro-2018 for {computername}" "ipaddrurl"="REG_SZ", "http://www.entireactiv.com/getip/" "isavst"="REG_DWORD", 0 "isiunidu"="REG_DWORD", 0 "isshowng"="REG_DWORD", 1 "issilent"="REG_DWORD", 0 "ISTELNO"="REG_DWORD", 1 "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "lstregscancount"="REG_DWORD", 24 "lstscandate"="REG_SZ", "8/14/2018 8:56:21 AM" "lstscanstat"="REG_DWORD", 2 "lstsecscancount"="REG_DWORD", 0 "lsttotalscancount"="REG_DWORD", 24 "ovoffdis"="REG_DWORD", 0 "paramurl"="REG_SZ", "http://trkr.entireactiv.com/ipfiles/" "playsound"="REG_DWORD", 1 "prereg"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "http://store.winoptimizertools.com/dcp/price?" "pxl"="REG_SZ", "WCL1735_WCL1700_RUNT" "referurl"="REG_SZ", "" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "http://store.winoptimizertools.com/dcp/renewal?" "runcam"="REG_DWORD", 1 "runpixel"="REG_DWORD", 1 "runsrc"="REG_DWORD", 1 "showtn"="REG_DWORD", 0 "showunins"="REG_DWORD", 0 "showwfo"="REG_DWORD", 0 "stdismax"="REG_DWORD", -1 "supporturl"="REG_SZ", "http://www.winoptimizertools.com/help/" "TELNO"="REG_SZ", "(855)-332-0124" "TELNO_ar"="REG_SZ", "+54 11 5236 0324" "TELNO_at"="REG_SZ", "+43 (0)720 902 309" "TELNO_au"="REG_SZ", "(61)280-733403" "TELNO_br"="REG_SZ", "+55 21 2391 4319" "TELNO_ch"="REG_SZ", "+41 (0)44 508 70 37" "TELNO_de"="REG_SZ", "0800 1822 974" "TELNO_dk"="REG_SZ", "+45 78 73 09 26" "TELNO_es"="REG_SZ", "+34 951 203 537" "TELNO_fi"="REG_SZ", "+358 (0)9 4270 4911" "TELNO_fr"="REG_SZ", "05 82 84 04 06" "TELNO_gb"="REG_SZ", "0800-031-5066" "TELNO_it"="REG_SZ", "+39 069 4802886" "TELNO_ja"="REG_SZ", "" "TELNO_lu"="REG_SZ", "0800 1822 974" "TELNO_nl"="REG_SZ", "+31-08-58882839" "TELNO_no"="REG_SZ", "+47 21 95 01 97" "TELNO_pt"="REG_SZ", "+351 70 750 2094" "TELNO_se"="REG_SZ", "+46-08124-10298" "TELNO_uk"="REG_SZ", "0800-031-5066" "TELNO_us"="REG_SZ", "(855)-332-0124" "utm_campaign"="REG_SZ", "wclkddl2" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "61188" "utm_source"="REG_SZ", "wclkddl2" "WebURL"="REG_SZ", "http://www.winoptimizertools.com/" "wfoset"="REG_DWORD", 1 "x-at"="REG_SZ", "" "x-ccode"="REG_SZ", "us" "x-context"="REG_SZ", "1-712-3f534497-7739-4d0e-9b6b-9ae32af5cc98" "x-datetime"="REG_SZ", "08-14-2018 06:55:37 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "77_234_46_177" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B1AE0CD-7ED9-44C2-8ED8-DFA8522119DE}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Dr.Clean-Pro-2018 for {computername}\mysysm.exe" "DisplayName"="REG_SZ", "Dr.Clean-Pro-2018" "DisplayVersion"="REG_SZ", "3.6.0.0" "EstimatedSize"="REG_DWORD", 11461 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Dr.Clean-Pro-2018 for {computername}" "Inno Setup: Icon Group"="REG_SZ", "Dr.Clean-Pro-2018 for {computername}" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.8 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180814" "InstallLocation"="REG_SZ", "C:\Program Files\Dr.Clean-Pro-2018 for {computername}\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 6 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\Dr.Clean-Pro-2018 for {computername}\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Dr.Clean-Pro-2018 for {computername}\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\RHIuQ2xlYW4tUHJvLTIwMTg=\ACT] "data"="REG_BINARY, .............. [HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "us" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "pxl"="REG_SZ", "WCL1735_WCL1700_RUNT" "referUrl"="REG_SZ", "" "TELNO"="REG_SZ", "" "utm_campaign"="REG_SZ", "wclkddl2" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "61188" "utm_source"="REG_SZ", "wclkddl2" "x-at"="REG_SZ", "" "x-context"="REG_SZ", "1-712-3f534497-7739-4d0e-9b6b-9ae32af5cc98" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Dr.Clean-Pro-2018 for {computername}] "btnid"="REG_SZ", "" "InstallString"="REG_SZ", "C:\Program Files\Dr.Clean-Pro-2018 for {computername}" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "pxl"="REG_SZ", "WCL1735_WCL1700_RUNT" "referurl"="REG_SZ", "" "utm_campaign"="REG_SZ", "wclkddl2" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "61188" "utm_source"="REG_SZ", "wclkddl2" "x-at"="REG_SZ", "" "x-context"="REG_SZ", "1-712-3f534497-7739-4d0e-9b6b-9ae32af5cc98" "x-datetime"="REG_SZ", "08-14-2018 06:55:37 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "77_234_46_177" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Dr.Clean-Pro-2018 for {computername}\3.6.0.0] "Installstring"="REG_SZ", "C:\Program Files\Dr.Clean-Pro-2018 for {computername}" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/14/18 Scan Time: 9:06 AM Log File: 89567e29-9f90-11e8-b54c-00ffdcc6fdfc.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6331 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251390 Threats Detected: 76 Threats Quarantined: 76 Time Elapsed: 3 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\mysysm.exe, Quarantined, [3479], [509518],1.0.6331 Module: 6 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\x64\SQLite.Interop.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\mysysm.exe, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\System.Data.SQLite.DLL, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\TAFactory.IconPack.dll, Quarantined, [3479], [509518],1.0.6331 Registry Key: 10 PUP.Optional.DrCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Dr.Clean-Pro-2018_Logon, Quarantined, [3479], [509526],1.0.6331 PUP.Optional.DrCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF5DA2B8-C268-46E5-A20C-F83333821500}, Quarantined, [3479], [509526],1.0.6331 PUP.Optional.DrCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{FF5DA2B8-C268-46E5-A20C-F83333821500}, Quarantined, [3479], [509526],1.0.6331 PUP.Optional.DrCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7B1AE0CD-7ED9-44C2-8ED8-DFA8522119DE}_is1, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.PCFixerPro, HKLM\SOFTWARE\MICROSOFT\TRACING\mysysm_RASAPI32, Quarantined, [1281], [501684],1.0.6331 PUP.Optional.PCFixerPro, HKLM\SOFTWARE\MICROSOFT\TRACING\mysysm_RASMANCS, Quarantined, [1281], [501684],1.0.6331 PUP.Optional.PCVARK, HKLM\SOFTWARE\SCD-PR, Quarantined, [418], [540842],1.0.6331 PUP.Optional.DrCleanPro, HKCU\SOFTWARE\Dr.Clean-Pro-2018 for {computername}, Quarantined, [3479], [509523],1.0.6331 PUP.Optional.DrCleanPro, HKLM\SOFTWARE\Dr.Clean-Pro-2018 For {computername}, Quarantined, [3479], [509522],1.0.6331 PUP.Optional.Jawego, HKLM\SOFTWARE\RHIuQ2xlYW4tUHJvLTIwMTg=, Quarantined, [522], [535314],1.0.6331 Registry Value: 4 PUP.Optional.PCVARK, HKLM\SOFTWARE\SCD-PR|AFFILIATEID, Quarantined, [418], [540842],1.0.6331 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SCD-PR|PXL, Quarantined, [1119], [484510],1.0.6331 PUP.Optional.DrCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF5DA2B8-C268-46E5-A20C-F83333821500}|PATH, Quarantined, [3479], [509527],1.0.6331 PUP.Optional.DrCleanPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7B1AE0CD-7ED9-44C2-8ED8-DFA8522119DE}_is1|DISPLAYNAME, Quarantined, [3479], [509525],1.0.6331 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\x64, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\x86, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\PROGRAM FILES\Dr.Clean-Pro-2018 for {computername}, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername}\smico, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\USERS\{username}\APPDATA\ROAMING\Dr.Clean-Pro-2018 For {computername}, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\PROGRAMDATA\Dr.Clean-Pro-2018 for {computername}, Quarantined, [3479], [509524],1.0.6331 PUP.Optional.DrCleanPro, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Dr.Clean-Pro-2018 for {computername}, Quarantined, [3479], [509519],1.0.6331 PUP.Optional.Jawego, C:\PROGRAMDATA\Dr.Clean-Pro-2018 for {computername}, Quarantined, [522], [535312],1.0.6331 File: 47 PUP.Optional.DrCleanPro, C:\USERS\PUBLIC\DESKTOP\Dr.Clean-Pro-2018.lnk, Quarantined, [3479], [509521],1.0.6331 PUP.Optional.DrCleanPro, C:\WINDOWS\SYSTEM32\TASKS\Dr.Clean-Pro-2018_Logon, Quarantined, [3479], [509526],1.0.6331 PUP.Optional.DrCleanPro, C:\PROGRAM FILES\Dr.Clean-Pro-2018 for {computername}\unins000.dat, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\x64\SQLite.Interop.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\x86\SQLite.Interop.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\italian_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\application.ico, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\danish_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\Dutch_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\english_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\finish_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\French_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\german_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\gtcmg.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\HtmlRenderer.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\HtmlRenderer.WinForms.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\japanese_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\langs.db, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\mysysm.exe, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\mysysm.exe.config, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\NAudio.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\norwegian_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\portuguese_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\russian_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\spanish_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\swedish_iss.ini, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\System.Data.SQLite.DLL, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\TAFactory.IconPack.dll, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\unins000.exe, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\Program Files\Dr.Clean-Pro-2018 for {computername}\unins000.msg, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Dr.Clean-Pro-2018.lnk, Quarantined, [3479], [509518],1.0.6331 PUP.Optional.DrCleanPro, C:\USERS\{username}\APPDATA\ROAMING\Dr.Clean-Pro-2018 For {computername}\Errorlog.txt, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername}\exlist.bin, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername}\notifier.xml, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername}\param.ini, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername}\res.xml, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\Users\{username}\AppData\Roaming\Dr.Clean-Pro-2018 For {computername}\update.xml, Quarantined, [3479], [509520],1.0.6331 PUP.Optional.DrCleanPro, C:\PROGRAMDATA\Dr.Clean-Pro-2018 for {computername}\mdb.db, Quarantined, [3479], [509524],1.0.6331 PUP.Optional.DrCleanPro, C:\ProgramData\Dr.Clean-Pro-2018 for {computername}\pcspstartrepair_en.mp3, Quarantined, [3479], [509524],1.0.6331 PUP.Optional.DrCleanPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Clean-Pro-2018 for {computername}\Buy Dr.Clean-Pro-2018.lnk, Quarantined, [3479], [509519],1.0.6331 PUP.Optional.DrCleanPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Clean-Pro-2018 for {computername}\Dr.Clean-Pro-2018.lnk, Quarantined, [3479], [509519],1.0.6331 PUP.Optional.DrCleanPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Clean-Pro-2018 for {computername}\Uninstall Dr.Clean-Pro-2018.lnk, Quarantined, [3479], [509519],1.0.6331 PUP.Optional.Jawego, C:\ProgramData\Dr.Clean-Pro-2018 for {computername}\mdb.db, Quarantined, [522], [535312],1.0.6331 PUP.Optional.Jawego, C:\ProgramData\Dr.Clean-Pro-2018 for {computername}\pcspstartrepair_en.mp3, Quarantined, [522], [535312],1.0.6331 PUP.Optional.DrCleanPro, C:\USERS\{username}\DESKTOP\DCPSETUP.EXE, Quarantined, [3479], [509517],1.0.6331 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is Super Cleanup?The Malwarebytes research team has determined that Super Cleanup is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Super Cleanup?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and these screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did Super Cleanup get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Super Cleanup?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Super Cleanup? No, Malwarebytes removes Super Cleanup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Super Cleanup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (supercleanup.com) C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd C:\Windows\System32\Tasks\Super Cleanup_DEFAULT C:\Windows\System32\Tasks\Super Cleanup C:\Windows\System32\Tasks\Super Cleanup_UPDATES C:\Users\Public\Desktop\Super Cleanup.lnk C:\Windows\Tasks\Super Cleanup_UPDATES.job C:\Windows\Tasks\Super Cleanup_DEFAULT.job C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd (www.supercleanup.com/ ) C:\Users\{username}\Desktop\scupsetup_site.exe Super Cleanup (HKLM-x32\...\Super Cleanup_is1) (Version: 7.27.0.928 - www.supercleanup.com/) Task: {5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF} - System32\Tasks\Super Cleanup => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe [2018-03-26] (supercleanup.com) Task: {BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B} - System32\Tasks\Super Cleanup_DEFAULT => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe [2018-03-26] (supercleanup.com) Task: {F6D671F0-8F5E-4242-8F2B-820DA8D7B40B} - System32\Tasks\Super Cleanup_UPDATES => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe [2018-03-26] (supercleanup.com) Task: C:\Windows\Tasks\Super Cleanup_DEFAULT.job => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe Task: C:\Windows\Tasks\Super Cleanup_UPDATES.job => C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd Adds the file app.ico"="6/7/2017 11:02 AM, 34494 bytes, A Adds the file RegList.scup"="5/29/2017 4:05 PM, 93350 bytes, A Adds the file SCUPUns.exe"="3/26/2018 10:11 AM, 574896 bytes, A Adds the file supercleanup.exe"="3/26/2018 10:11 AM, 7621040 bytes, A Adds the file unins000.dat"="5/14/2018 8:31 AM, 44229 bytes, A Adds the file unins000.exe"="5/14/2018 8:31 AM, 1210800 bytes, A Adds the file unins000.msg"="5/14/2018 8:31 AM, 22701 bytes, A Adds the file xmllite.dll"="5/29/2017 4:05 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup Adds the file Register Super Cleanup.lnk"="5/14/2018 8:31 AM, 1267 bytes, A Adds the file Super Cleanup.lnk"="5/14/2018 8:31 AM, 1241 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd Adds the file backup6.bin"="5/14/2018 8:31 AM, 747 bytes, A Adds the file eng_scup.dat"="5/14/2018 8:31 AM, 29938 bytes, A Adds the file log_05-14-2018.log"="5/14/2018 8:31 AM, 0 bytes, A Adds the file results.scup"="5/14/2018 8:33 AM, 6070 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Super Cleanup.lnk"="5/14/2018 8:31 AM, 1223 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Super Cleanup"="5/14/2018 8:31 AM, 3170 bytes, A Adds the file Super Cleanup_DEFAULT"="5/14/2018 8:31 AM, 3288 bytes, A Adds the file Super Cleanup_UPDATES"="5/14/2018 8:31 AM, 3100 bytes, A In the existing folder C:\Windows\Tasks Adds the file Super Cleanup_DEFAULT.job"="5/14/2018 8:31 AM, 334 bytes, A Adds the file Super Cleanup_UPDATES.job"="5/14/2018 8:31 AM, 342 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Super Cleanup_DEFAULT.job"="REG_BINARY, ................................ "Super Cleanup_DEFAULT.job.fp"="REG_DWORD", -1677318068 "Super Cleanup_UPDATES.job"="REG_BINARY, ................................ "Super Cleanup_UPDATES.job.fp"="REG_DWORD", 1213072560 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd] "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "RENEWALURL"="REG_SZ", "http://www.supercleanup.com/renewal/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "SCUPURL"="REG_SZ", "http://www.supercleanup.com/buynow/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "ShowExitPage"="REG_DWORD", 0 "support_email"="REG_SZ", "support@jawego.com" "TELNO"="REG_SZ", "(855) 761-8856" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410" "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "affiliateid"="REG_SZ", "" "SCUP"="REG_DWORD", 1 "SCUPGuid"="REG_SZ", "377db163-6ce4-4e9e-8e7c-4879a2bfd2bd" "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Super Cleanup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe" "DisplayName"="REG_SZ", "Super Cleanup" "DisplayVersion"="REG_SZ", "7.27.0.928" "EstimatedSize"="REG_DWORD", 12843 "HelpLink"="REG_SZ", "http://www.supercleanup.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd" "Inno Setup: Icon Group"="REG_SZ", "Super Cleanup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180514" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\" "MajorVersion"="REG_DWORD", 7 "MinorVersion"="REG_DWORD", 27 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "www.supercleanup.com/" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.supercleanup.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Super\Cleanup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd] "1stInstalled_Time"="REG_SZ", "5/14/2018 8:31:37 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....!.. "ErrorCount"="REG_DWORD", 17 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkPeriodicUpDate"="REG_DWORD", 1 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Mon. May 14, 2018. 08:33 AM" "StrLastScanResults"="REG_SZ", "17" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" [HKEY_CURRENT_USER\Software\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Jawego\Params] "SCUPGuid"="REG_SZ", "377db163-6ce4-4e9e-8e7c-4879a2bfd2bd" [HKEY_CURRENT_USER\Software\Super\Cleanup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/14/18 Scan Time: 8:41 AM Log File: d720e31b-5741-11e8-8a2b-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.5096 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 239521 Threats Detected: 95 Threats Quarantined: 94 Time Elapsed: 2 min, 40 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe, Quarantined, [505], [359444],1.0.5096 Module: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\isxdl.dll, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\xmllite.dll, Quarantined, [505], [359444],1.0.5096 Registry Key: 16 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Cleanup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Cleanup_DEFAULT, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Cleanup_UPDATES, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F6D671F0-8F5E-4242-8F2B-820DA8D7B40B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F6D671F0-8F5E-4242-8F2B-820DA8D7B40B}, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Super Cleanup_is1, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, HKCU\SOFTWARE\Jawego, Quarantined, [505], [351909],1.0.5096 PUP.Optional.SuperCleanup, HKCU\SOFTWARE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Quarantined, [3547], [519919],1.0.5096 PUP.Optional.SuperCleanup, HKCU\SOFTWARE\SUPER\Cleanup, Quarantined, [3547], [519921],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\SUPER\Cleanup, Quarantined, [3547], [519922],1.0.5096 Adware.Jawego, HKLM\SOFTWARE\WOW6432NODE\Jawego, Quarantined, [7371], [383598],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Quarantined, [3547], [519920],1.0.5096 Registry Value: 7 PUP.Optional.SuperCleanup, HKCU\SOFTWARE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|SETCHKDONTSHOWREDTRAYPOPUP, Quarantined, [3547], [519919],1.0.5096 PUP.Optional.RegTuneup, HKCU\SOFTWARE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|REGERRFOUNDTILLDATE, Quarantined, [6483], [450413],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|SCUPURL, Quarantined, [3547], [519920],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\WOW6432NODE\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd|RENEWALURL, Quarantined, [3547], [519920],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5266E2FB-0B65-43F9-B9B7-3481FF5ABBCF}|PATH, Quarantined, [3547], [520040],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE3E2C39-E9B7-432C-8AB6-D5EBD7C2C33B}|PATH, Quarantined, [3547], [520040],1.0.5096 PUP.Optional.SuperCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F6D671F0-8F5E-4242-8F2B-820DA8D7B40B}|PATH, Quarantined, [3547], [520040],1.0.5096 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Quarantined, [505], [359444],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\{username}\APPDATA\ROAMING\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd, Removal Failed, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPER CLEANUP, Quarantined, [3547], [519915],1.0.5096 File: 65 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\isxdl.dll, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\app.ico, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Chinese_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Chinese_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Danish_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Danish_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Dutch_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Dutch_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\eng_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\eng_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\FileList.scup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\korean_scup_ko.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\korean_uninst_ko.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\leftbmp.bmp, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Norwegian_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Norwegian_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\PCO_En.wav, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\polish_scup_pl.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\polish_uninst_pl.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\portugese_scup_pt.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\portugese_uninst_pt.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Portuguese_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Portuguese_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\RegList.scup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Finnish_scup_fi.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Finnish_uninst_fi.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\French_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\French_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\German_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\German_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\greek_scup_el.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\greek_uninst_el.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Italian_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Italian_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Japanese_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Japanese_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\russian_scup_ru.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\russian_uninst_ru.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\SCUPUns.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Spanish_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\spanish_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\supercleanup.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Swedish_scup.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\swedish_uninst.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\TraditionalCn_scup_zh-tw.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\traditionalcn_uninst_zh-tw.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\turkish_scup_tr.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\Turkish_uninst_tr.ini, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.dat, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.exe, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\unins000.msg, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\Program Files (x86)\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\xmllite.dll, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\Super Cleanup, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\Super Cleanup_DEFAULT, Quarantined, [505], [359444],1.0.5096 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\Super Cleanup_UPDATES, Quarantined, [505], [359444],1.0.5096 PUP.Optional.SuperCleanup, C:\WINDOWS\TASKS\Super Cleanup_DEFAULT.job, Quarantined, [3547], [520039],1.0.5096 PUP.Optional.SuperCleanup, C:\WINDOWS\TASKS\Super Cleanup_UPDATES.job, Quarantined, [3547], [520039],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\{username}\APPDATA\ROAMING\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\results.scup, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\backup6.bin, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\eng_scup.dat, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\Users\{username}\AppData\Roaming\377db163-6ce4-4e9e-8e7c-4879a2bfd2bd\log_05-14-2018.log, Quarantined, [3547], [519918],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\PUBLIC\DESKTOP\SUPER CLEANUP.LNK, Quarantined, [3547], [519933],1.0.5096 PUP.Optional.SuperCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup\Register Super Cleanup.lnk, Quarantined, [3547], [519915],1.0.5096 PUP.Optional.SuperCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Cleanup\Super Cleanup.lnk, Quarantined, [3547], [519915],1.0.5096 PUP.Optional.SuperCleanup, C:\USERS\{username}\DESKTOP\SCUPSETUP_SITE.EXE, Quarantined, [3547], [519924],1.0.5096 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  7. What is Win Tuneup Pro? The Malwarebytes research team has determined that Win Tuneup Pro is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Win Tuneup Pro? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and on your desktop: and see these warnings during install: and this screen during "operations": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Win Tuneup Pro get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Win Tuneup Pro? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Win Tuneup Pro? No, Malwarebytes removes Win Tuneup Pro completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Win Tuneup Pro installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (Win Tuneup Pro) C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe () C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe C:\Windows\System32\Tasks\Win Tuneup Pro_DEFAULT C:\Windows\System32\Tasks\Win Tuneup Pro_UPDATES C:\Windows\Tasks\Win Tuneup Pro_UPDATES.job C:\Windows\Tasks\Win Tuneup Pro_DEFAULT.job C:\Windows\System32\Tasks\Win Tuneup Pro C:\Windows\System32\Tasks\RunAtStartup C:\Users\Public\Desktop\Win Tuneup Pro.lnk C:\Users\{username}\AppData\Roaming\SysMon C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5 C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5 Win Tuneup Pro (HKLM-x32\...\Win Tuneup Pro_is1) (Version: 2.7.36.559 - hxxp://www.wintuneuppro.com/) Task: {2BB7B82C-0D26-414A-8140-23A27E47CCD9} - System32\Tasks\Win Tuneup Pro => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe [2017-01-06] (Win Tuneup Pro) Task: {385673EB-B2FE-4F75-90D7-494319927222} - System32\Tasks\Win Tuneup Pro_DEFAULT => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe [2017-01-06] (Win Tuneup Pro) Task: {71C96698-A0DC-4A37-96F4-1FCC5E9923ED} - System32\Tasks\RunAtStartup => C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe [2016-12-09] () Task: {B0A283A4-D522-4979-B968-633E0F4AE60D} - System32\Tasks\Win Tuneup Pro_UPDATES => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe [2017-01-06] (Win Tuneup Pro) Task: C:\Windows\Tasks\Win Tuneup Pro_DEFAULT.job => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe Task: C:\Windows\Tasks\Win Tuneup Pro_UPDATES.job => C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5 Adds the file Danish_uninst.ini"="11/30/2016 12:04 PM, 2948 bytes, A Adds the file Danish_wtupr.ini"="12/6/2016 6:23 PM, 82682 bytes, A Adds the file FileList.wtupr"="11/30/2016 12:04 PM, 13618 bytes, A Adds the file isxdl.dll"="1/6/2017 10:59 AM, 157648 bytes, A Adds the file RegList.wtupr"="11/30/2016 12:04 PM, 93350 bytes, A Adds the file sysmon.exe"="1/6/2017 10:59 AM, 1258736 bytes, A Adds the file unins000.dat"="1/13/2017 9:54 AM, 40591 bytes, A Adds the file unins000.exe"="1/13/2017 9:52 AM, 1210832 bytes, A Adds the file unins000.msg"="1/13/2017 9:54 AM, 22701 bytes, A Adds the file WinTuneupPro.exe"="1/6/2017 10:59 AM, 9007056 bytes, A Adds the file WTUPRUns.exe"="1/6/2017 10:59 AM, 572880 bytes, A Adds the file xmllite.dll"="11/30/2016 12:04 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro Adds the file Register Win Tuneup Pro.lnk"="1/13/2017 9:54 AM, 1267 bytes, A Adds the file Win Tuneup Pro.lnk"="1/13/2017 9:54 AM, 1241 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5 Adds the file backup6.bin"="1/13/2017 9:54 AM, 728 bytes, A Adds the file eng_wtupr.dat"="1/13/2017 9:54 AM, 29582 bytes, A Adds the file ip.ini"="1/13/2017 9:52 AM, 7894 bytes, A Adds the file log_01-13-2017.log"="1/13/2017 9:54 AM, 0 bytes, A Adds the file results.wtupr"="1/13/2017 9:56 AM, 7194 bytes, A Adds the file sfuni.ini"="1/13/2017 9:52 AM, 7894 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SysMon Adds the file eng_sm.ini"="12/9/2016 5:53 PM, 620 bytes, A Adds the file French_sm.ini"="12/9/2016 5:53 PM, 648 bytes, A Adds the file German_sm.ini"="12/9/2016 5:53 PM, 704 bytes, A Adds the file ininotfound0.ini"="1/13/2017 9:54 AM, 172 bytes, A Adds the file isxdl.dll"="12/9/2016 6:31 PM, 157632 bytes, A Adds the file japan_sm.ini"="12/9/2016 5:53 PM, 548 bytes, A Adds the file sysmon.exe"="12/9/2016 6:31 PM, 3058624 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Win Tuneup Pro.lnk"="1/13/2017 9:54 AM, 1223 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file RunAtStartup"="1/13/2017 9:54 AM, 3006 bytes, A Adds the file Win Tuneup Pro"="1/13/2017 9:54 AM, 3174 bytes, A Adds the file Win Tuneup Pro_DEFAULT"="1/13/2017 9:55 AM, 3288 bytes, A Adds the file Win Tuneup Pro_UPDATES"="1/13/2017 9:55 AM, 3100 bytes, A In the existing folder C:\Windows\Tasks Adds the file Win Tuneup Pro_DEFAULT.job"="1/13/2017 9:55 AM, 334 bytes, A Adds the file Win Tuneup Pro_UPDATES.job"="1/13/2017 9:55 AM, 342 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Win Tuneup Pro_DEFAULT.job"="REG_BINARY, ................................ "Win Tuneup Pro_DEFAULT.job.fp"="REG_DWORD", -1618755786 "Win Tuneup Pro_UPDATES.job"="REG_BINARY, ................................ "Win Tuneup Pro_UPDATES.job.fp"="REG_DWORD", 358340627 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "WTUPR"="REG_DWORD", 1 "WTUPRGuid"="REG_SZ", "bc0223e2-8ece-4a9d-b436-94115ec78fe5" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Win Tuneup Pro_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe" "DisplayName"="REG_SZ", "Win Tuneup Pro" "DisplayVersion"="REG_SZ", "2.7.36.559" "EstimatedSize"="REG_DWORD", 13720 "HelpLink"="REG_SZ", "http://www.wintuneuppro.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5" "Inno Setup: Icon Group"="REG_SZ", "Win Tuneup Pro" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170113" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\" "MajorVersion"="REG_DWORD", 2 "MinorVersion"="REG_DWORD", 7 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "http://www.wintuneuppro.com/" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.wintuneuppro.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon] "first"="REG_DWORD", 1 "TELNO"="REG_SZ", "(844) 763-5838" "TELNOAU"="REG_SZ", "1800 154 231" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.05.61" "TELNOJP"="REG_SZ", "03-5050-1410" "TELNOUK"="REG_SZ", "0800 031 4657" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Win\Tuneup\Pro\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\bc0223e2-8ece-4a9d-b436-94115ec78fe5] "1stInstalled_Time"="REG_SZ", "1/13/2017 9:54:47 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....8.. "ErrorCount"="REG_DWORD", 19 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Fri. January 13, 2017. 09:56 AM" "StrLastScanResults"="REG_SZ", "19" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" "TrialType"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\bc0223e2-8ece-4a9d-b436-94115ec78fe5\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Jawego\Params] "WTUPRGuid"="REG_SZ", "bc0223e2-8ece-4a9d-b436-94115ec78fe5" [HKEY_CURRENT_USER\Software\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Win\Tuneup\Pro\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/13/17 Scan Time: 10:06 AM Logfile: mbamWinTuneupPro.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1000 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 355644 Time Elapsed: 7 min, 41 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 2 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe, Quarantined, [2342], [359078],1.0.1000 Module: 5 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\isxdl.dll, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\xmllite.dll, Quarantined, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SYSMON\ISXDL.DLL, Quarantined, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe, Quarantined, [2342], [359078],1.0.1000 Registry Key: 10 PUP.Optional.Jawego, HKCU\SOFTWARE\Jawego, Delete-on-Reboot, [2342], [351909],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Win Tuneup Pro_is1, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2BB7B82C-0D26-414A-8140-23A27E47CCD9}, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{385673EB-B2FE-4F75-90D7-494319927222}, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{71C96698-A0DC-4A37-96F4-1FCC5E9923ED}, Delete-on-Reboot, [3030], [351914],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B0A283A4-D522-4979-B968-633E0F4AE60D}, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RunAtStartup, Delete-on-Reboot, [3030], [351913],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Win Tuneup Pro, Delete-on-Reboot, [2342], [358612],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Win Tuneup Pro_DEFAULT, Delete-on-Reboot, [2342], [358612],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Win Tuneup Pro_UPDATES, Delete-on-Reboot, [2342], [358612],1.0.1000 Registry Value: 4 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2BB7B82C-0D26-414A-8140-23A27E47CCD9}|PATH, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{385673EB-B2FE-4F75-90D7-494319927222}|PATH, Delete-on-Reboot, [2342], [358613],1.0.1000 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{71C96698-A0DC-4A37-96F4-1FCC5E9923ED}|PATH, Delete-on-Reboot, [3030], [351914],1.0.1000 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B0A283A4-D522-4979-B968-633E0F4AE60D}|PATH, Delete-on-Reboot, [2342], [358613],1.0.1000 Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\BC0223E2-8ECE-4A9D-B436-94115EC78FE5, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIN TUNEUP PRO, Delete-on-Reboot, [2342], [358609],1.0.1000 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SYSMON, Delete-on-Reboot, [2342], [359078],1.0.1000 File: 73 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\BC0223E2-8ECE-4A9D-B436-94115EC78FE5\ENG_WTUPR.DAT, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\backup6.bin, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\ip.ini, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\log_01-13-2017.log, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\results.wtupr, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\bc0223e2-8ece-4a9d-b436-94115ec78fe5\sfuni.ini, Delete-on-Reboot, [2342], [359080],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\DESKTOP\SETUP.EXE, Delete-on-Reboot, [2342], [358622],1.0.1000 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\WIN TUNEUP PRO.LNK, Delete-on-Reboot, [2342], [358607],1.0.1000 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro\Register Win Tuneup Pro.lnk, Delete-on-Reboot, [2342], [358609],1.0.1000 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tuneup Pro\Win Tuneup Pro.lnk, Delete-on-Reboot, [2342], [358609],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\TASKS\WIN TUNEUP PRO_DEFAULT.JOB, Delete-on-Reboot, [2342], [358610],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\WIN TUNEUP PRO_UPDATES, Delete-on-Reboot, [2342], [358611],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\WIN TUNEUP PRO_DEFAULT, Delete-on-Reboot, [2342], [358611],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\TASKS\WIN TUNEUP PRO_UPDATES.JOB, Delete-on-Reboot, [2342], [358610],1.0.1000 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\WIN TUNEUP PRO, Delete-on-Reboot, [2342], [358611],1.0.1000 PUP.Optional.SysTweak.Generic, C:\WINDOWS\SYSTEM32\TASKS\RUNATSTARTUP, Delete-on-Reboot, [3030], [351912],1.0.1000 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\isxdl.dll, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Chinese_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Chinese_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Danish_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Danish_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Dutch_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Dutch_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\eng_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\eng_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\FileList.wtupr, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\korean_uninst_ko.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\korean_wtupr_ko.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Norwegian_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Norwegian_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\polish_uninst_pl.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\polish_wtupr_pl.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\portugese_uninst_pt.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\portugese_wtupr_pt.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Portuguese_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Portuguese_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\RegList.wtupr, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\russian_uninst_ru.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Finnish_uninst_fi.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Finnish_wtupr_fi.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\French_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\French_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\German_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\German_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\greek_uninst_el.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\greek_wtupr_el.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Italian_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Italian_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Japanese_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\spanish_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Spanish_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\swedish_uninst.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Swedish_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\sysmon.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\traditionalcn_uninst_zh-tw.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\TraditionalCn_wtupr_zh-tw.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Turkish_uninst_tr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\turkish_wtupr_tr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.dat, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\unins000.msg, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WinTuneupPro.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\WTUPRUns.exe, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\xmllite.dll, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\Japanese_wtupr.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\Program Files (x86)\bc0223e2-8ece-4a9d-b436-94115ec78fe5\russian_wtupr_ru.ini, Delete-on-Reboot, [2342], [359444],1.0.1000 PUP.Optional.Jawego, C:\USERS\{username}\APPDATA\ROAMING\SYSMON\ISXDL.DLL, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\eng_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\French_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\German_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\ininotfound0.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\japan_sm.ini, Delete-on-Reboot, [2342], [359078],1.0.1000 PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe, Delete-on-Reboot, [2342], [359078],1.0.1000 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  8. What is Reg Tuneup? The Malwarebytes research team has determined that Reg Tuneup is a fake registry cleaner. These so-called "registry cleaners" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Reg Tuneup? This is how the main screen of the registry cleaning application looks: You will find these icons in your startmenu, taskbar, and on your desktop: And see these warnings during install: You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Reg Tuneup get on my computer? These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from their website. How do I remove Reg Tuneup? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Reg Tuneup? No, Malwarebytes' Anti-Malware removes Reg Tuneup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this registry cleaner. As you can see below the full version of Malwarebytes would have protected you against the Reg Tuneup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block traffic to their domain: Technical details for experts You may see these entries in FRST logs: (Reg Tuneup) C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe C:\Users\{username}\AppData\Roaming\7200c83b-a5d5-400a-b1b7-be1cb3cba95c C:\Windows\System32\Tasks\Reg Tuneup_DEFAULT C:\Windows\System32\Tasks\Reg Tuneup C:\Windows\System32\Tasks\Reg Tuneup_UPDATES C:\Users\Public\Desktop\Reg Tuneup.lnk C:\Windows\Tasks\Reg Tuneup_UPDATES.job C:\Windows\Tasks\Reg Tuneup_DEFAULT.job C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c (hxxp://www.regtuneup.com/ ) C:\Users\{username}\Desktop\regtusetup_site.exe Reg Tuneup (HKLM-x32\...\Reg Tuneup_is1) (Version: 3.6.18.560 - hxxp://www.regtuneup.com/) Task: {41DA5632-B982-4C35-9C9A-779EEB10A4DF} - System32\Tasks\Reg Tuneup => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe [2017-01-06] (Reg Tuneup) Task: {4A7A53FF-5734-420B-B100-3166F7EA2E75} - System32\Tasks\Reg Tuneup_UPDATES => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe [2017-01-06] (Reg Tuneup) Task: {5C6F7F48-8E0A-487B-96E4-3ACEF1EDCC52} - System32\Tasks\Reg Tuneup_DEFAULT => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe [2017-01-06] (Reg Tuneup) Task: C:\Windows\Tasks\Reg Tuneup_DEFAULT.job => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe Task: C:\Windows\Tasks\Reg Tuneup_UPDATES.job => C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c Adds the file eng_regtu.ini"="12/9/2016 6:00 PM, 75856 bytes, A Adds the file eng_uninst.ini"="12/2/2016 3:05 PM, 2830 bytes, A Adds the file FileList.regtu"="12/2/2016 3:05 PM, 13618 bytes, A Adds the file isxdl.dll"="1/6/2017 10:49 AM, 157632 bytes, A Adds the file RegList.regtu"="12/2/2016 3:05 PM, 93350 bytes, A Adds the file RegTuneup.exe"="1/6/2017 10:49 AM, 8909760 bytes, A Adds the file REGTUUns.exe"="1/6/2017 10:49 AM, 572864 bytes, A Adds the file Spanish_regtu.ini"="12/6/2016 6:47 PM, 87276 bytes, A Adds the file spanish_uninst.ini"="12/2/2016 3:05 PM, 3086 bytes, A Adds the file unins000.dat"="1/9/2017 8:13 AM, 40731 bytes, A Adds the file unins000.exe"="1/9/2017 8:12 AM, 1210816 bytes, A Adds the file unins000.msg"="1/9/2017 8:13 AM, 22701 bytes, A Adds the file xmllite.dll"="12/2/2016 3:05 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup Adds the file Reg Tuneup.lnk"="1/9/2017 8:13 AM, 1226 bytes, A Adds the file Register Reg Tuneup.lnk"="1/9/2017 8:13 AM, 1252 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\7200c83b-a5d5-400a-b1b7-be1cb3cba95c Adds the file backup6.bin"="1/9/2017 8:13 AM, 534 bytes, A Adds the file eng_regtu.dat"="1/9/2017 8:13 AM, 29542 bytes, A Adds the file log_01-09-2017.log"="1/9/2017 8:13 AM, 0 bytes, A Adds the file results.regtu"="1/9/2017 8:14 AM, 7194 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Reg Tuneup.lnk"="1/9/2017 8:13 AM, 1208 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Reg Tuneup"="1/9/2017 8:13 AM, 3152 bytes, A Adds the file Reg Tuneup_DEFAULT"="1/9/2017 8:13 AM, 3282 bytes, A Adds the file Reg Tuneup_UPDATES"="1/9/2017 8:13 AM, 3094 bytes, A In the existing folder C:\Windows\Tasks Adds the file Reg Tuneup_DEFAULT.job"="1/9/2017 8:13 AM, 328 bytes, A Adds the file Reg Tuneup_UPDATES.job"="1/9/2017 8:13 AM, 336 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Reg Tuneup_DEFAULT.job"="REG_BINARY, ................................ "Reg Tuneup_DEFAULT.job.fp"="REG_DWORD", -479819351 "Reg Tuneup_UPDATES.job"="REG_BINARY, ................................ "Reg Tuneup_UPDATES.job.fp"="REG_DWORD", -408786923 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\7200c83b-a5d5-400a-b1b7-be1cb3cba95c] "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "REGTUURL"="REG_SZ", "http://www.regtuneup.com/buynow/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "RENEWALURL"="REG_SZ", "http://www.regtuneup.com/renewal/?utm_source=site&utm_campaign=default&utm_medium=newbuild" "ShowExitPage"="REG_DWORD", 0 "TELNO"="REG_SZ", "(855) 761-8856" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410 " "TrialType"="REG_DWORD", 0 "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "REGTU"="REG_DWORD", 1 "REGTUGuid"="REG_SZ", "7200c83b-a5d5-400a-b1b7-be1cb3cba95c" "utm_campaign"="REG_SZ", "default" "utm_medium"="REG_SZ", "newbuild" "utm_source"="REG_SZ", "site" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Reg Tuneup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegTuneup.exe" "DisplayName"="REG_SZ", "Reg Tuneup" "DisplayVersion"="REG_SZ", "3.6.18.560" "EstimatedSize"="REG_DWORD", 12391 "HelpLink"="REG_SZ", "http://www.regtuneup.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c" "Inno Setup: Icon Group"="REG_SZ", "Reg Tuneup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170109" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 6 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "http://www.regtuneup.com/" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.regtuneup.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Reg\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\7200c83b-a5d5-400a-b1b7-be1cb3cba95c] "1stInstalled_Time"="REG_SZ", "1/9/2017 8:13:27 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, ........ "ErrorCount"="REG_DWORD", 19 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Mon. January 09, 2017. 08:14 AM" "StrLastScanResults"="REG_SZ", "19" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" "TrialType"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Jawego\Params] "REGTUGuid"="REG_SZ", "7200c83b-a5d5-400a-b1b7-be1cb3cba95c" [HKEY_CURRENT_USER\Software\Reg\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/9/17 Scan Time: 8:26 AM Logfile: mbamRegTuneup.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.955 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {Computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 354615 Time Elapsed: 7 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUNEUP.EXE, Quarantined, [2343], [351347],1.0.955 Module: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUNEUP.EXE, Quarantined, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\ISXDL.DLL, Quarantined, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\xmllite.dll, Quarantined, [2343], [358615],1.0.955 Registry Key: 8 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Reg Tuneup_is1, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reg Tuneup, Delete-on-Reboot, [2343], [358619],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reg Tuneup_DEFAULT, Delete-on-Reboot, [2343], [358619],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reg Tuneup_UPDATES, Delete-on-Reboot, [2343], [358619],1.0.955 PUP.Optional.Jawego, HKCU\SOFTWARE\Jawego, Delete-on-Reboot, [2343], [351909],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41DA5632-B982-4C35-9C9A-779EEB10A4DF}, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4A7A53FF-5734-420B-B100-3166F7EA2E75}, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C6F7F48-8E0A-487B-96E4-3ACEF1EDCC52}, Delete-on-Reboot, [2343], [358620],1.0.955 Registry Value: 3 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41DA5632-B982-4C35-9C9A-779EEB10A4DF}|PATH, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4A7A53FF-5734-420B-B100-3166F7EA2E75}|PATH, Delete-on-Reboot, [2343], [358620],1.0.955 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C6F7F48-8E0A-487B-96E4-3ACEF1EDCC52}|PATH, Delete-on-Reboot, [2343], [358620],1.0.955 Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Jawego, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REG TUNEUP, Delete-on-Reboot, [2343], [358616],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C, Delete-on-Reboot, [2343], [358615],1.0.955 File: 58 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUNEUP.EXE, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\ISXDL.DLL, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\USERS\{Username}\DESKTOP\REGTUSETUP_SITE.EXE, Delete-on-Reboot, [2343], [358621],1.0.955 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\REG TUNEUP.LNK, Delete-on-Reboot, [2343], [358614],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\REGTUUNS.EXE, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\7200C83B-A5D5-400A-B1B7-BE1CB3CBA95C\UNINS000.EXE, Delete-on-Reboot, [2343], [351347],1.0.955 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup\Reg Tuneup.lnk, Delete-on-Reboot, [2343], [358616],1.0.955 PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Tuneup\Register Reg Tuneup.lnk, Delete-on-Reboot, [2343], [358616],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\TASKS\REG TUNEUP_DEFAULT.JOB, Delete-on-Reboot, [2343], [358617],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\REG TUNEUP_DEFAULT, Delete-on-Reboot, [2343], [358618],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\TASKS\REG TUNEUP_UPDATES.JOB, Delete-on-Reboot, [2343], [358617],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\REG TUNEUP_UPDATES, Delete-on-Reboot, [2343], [358618],1.0.955 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\REG TUNEUP, Delete-on-Reboot, [2343], [358618],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Chinese_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Chinese_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Danish_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Danish_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Dutch_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Dutch_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\eng_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\eng_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\FileList.regtu, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Japanese_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\korean_regtu_ko.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\korean_uninst_ko.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Norwegian_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Norwegian_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\polish_regtu_pl.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\polish_uninst_pl.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\portugese_regtu_pt.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\portugese_uninst_pt.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Portuguese_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Portuguese_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Finnish_regtu_fi.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Finnish_uninst_fi.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\French_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\French_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\German_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\German_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\greek_regtu_el.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\greek_uninst_el.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Italian_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Italian_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\russian_regtu_ru.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\russian_uninst_ru.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Spanish_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\spanish_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Swedish_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\swedish_uninst.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\TraditionalCn_regtu_zh-tw.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\traditionalcn_uninst_zh-tw.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\turkish_regtu_tr.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Turkish_uninst_tr.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.dat, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\unins000.msg, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\xmllite.dll, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\Japanese_regtu.ini, Delete-on-Reboot, [2343], [358615],1.0.955 PUP.Optional.Jawego, C:\Program Files (x86)\7200c83b-a5d5-400a-b1b7-be1cb3cba95c\RegList.regtu, Delete-on-Reboot, [2343], [358615],1.0.955 Physical Sector: 0 (No malicious items detected) (end)9:10 9-1-2017 As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. What is Advanced PC Tuneup? The Malwarebytes research team has determined that Advanced PC Tuneup is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Advanced PC Tuneup? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and startmenu, and on your desktop: and see these warnings during install: and this screen when you try to fix "things": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Advanced PC Tuneup get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Advanced PC Tuneup? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application. Please download Malwarebytes Anti-Malware to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Advanced PC Tuneup? No, Malwarebytes' Anti-Malware removes Advanced PC Tuneup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Advanced PC Tuneup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (AdvancedPCTuneup.com) C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe () C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe C:\Windows\System32\Tasks\Advanced PC Tuneup_DEFAULT C:\Windows\System32\Tasks\Advanced PC Tuneup C:\Windows\System32\Tasks\Advanced PC Tuneup_UPDATES C:\Windows\System32\Tasks\RunAtStartup C:\Users\Public\Desktop\Advanced PC Tuneup.lnk C:\Windows\Tasks\Advanced PC Tuneup_UPDATES.job C:\Windows\Tasks\Advanced PC Tuneup_DEFAULT.job C:\Users\{username}\AppData\Roaming\SysMon C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tuneup C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F C:\Users\{username}\AppData\Roaming\6dc835e1-049b-4fe5-9825-b51fe4f7057f Advanced PC Tuneup (HKLM-x32\...\Advanced PC Tuneup_is1) (Version: 6.3.45.516 - www.advancedpctuneup.com) Task: {31473DA2-99AF-4A06-9656-68F29BE85DF9} - System32\Tasks\Advanced PC Tuneup_DEFAULT => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com) Task: {50B00273-6B7E-4668-9BB6-5851DB3B7FC5} - System32\Tasks\RunAtStartup => C:\Users\{username}\AppData\Roaming\SysMon\sysmon.exe [2016-12-09] () Task: {7D751A0B-5AE6-44F6-8B5D-82BF0E7EC027} - System32\Tasks\Advanced PC Tuneup => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com) Task: {B64C0B9D-2A08-48EA-83E6-C41E47A14FDE} - System32\Tasks\Advanced PC Tuneup_UPDATES => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com) Task: C:\Windows\Tasks\Advanced PC Tuneup_DEFAULT.job => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe Task: C:\Windows\Tasks\Advanced PC Tuneup_UPDATES.job => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F Adds the file AdvancedPCTuneup.exe"="12/9/2016 7:10 PM, 9124824 bytes, A Adds the file APCTUUns.exe"="12/9/2016 7:10 PM, 572888 bytes, A Adds the file Chinese_apct.ini"="11/29/2016 6:05 PM, 39614 bytes, A Adds the file Chinese_uninst.ini"="11/18/2016 4:24 PM, 2646 bytes, A Adds the file FileList.apctu"="11/29/2016 4:55 PM, 13618 bytes, A Adds the file isxdl.dll"="12/9/2016 7:10 PM, 157656 bytes, A Adds the file leftbmp.bmp"="11/21/2016 5:08 PM, 156296 bytes, A Adds the file RegList.apctu"="11/29/2016 4:55 PM, 93350 bytes, A Adds the file sysmon.exe"="12/9/2016 7:09 PM, 1258720 bytes, A Adds the file unins000.dat"="12/13/2016 7:53 AM, 40751 bytes, A Adds the file unins000.exe"="12/13/2016 7:52 AM, 1210840 bytes, A Adds the file unins000.msg"="12/13/2016 7:53 AM, 22701 bytes, A Adds the file xmllite.dll"="11/18/2016 4:24 PM, 126976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tuneup Adds the file Advanced PC Tuneup.lnk"="12/13/2016 7:53 AM, 1261 bytes, A Adds the file Register Advanced PC Tuneup.lnk"="12/13/2016 7:53 AM, 1287 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\6dc835e1-049b-4fe5-9825-b51fe4f7057f Adds the file backup6.bin"="12/13/2016 7:53 AM, 640 bytes, A Adds the file eng_apct.dat"="12/13/2016 7:53 AM, 29624 bytes, A Adds the file log_12-13-2016.log"="12/13/2016 7:53 AM, 0 bytes, A Adds the file results.apctu"="12/13/2016 7:55 AM, 6844 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SysMon Adds the file eng_sm.ini"="12/9/2016 5:53 PM, 620 bytes, A Adds the file French_sm.ini"="12/9/2016 5:53 PM, 648 bytes, A Adds the file German_sm.ini"="12/9/2016 5:53 PM, 704 bytes, A Adds the file ininotfound0.ini"="12/13/2016 7:53 AM, 172 bytes, A Adds the file isxdl.dll"="12/9/2016 6:31 PM, 157632 bytes, A Adds the file japan_sm.ini"="12/9/2016 5:53 PM, 548 bytes, A Adds the file sysmon.exe"="12/9/2016 6:31 PM, 3058624 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Advanced PC Tuneup.lnk"="12/13/2016 7:53 AM, 1243 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Advanced PC Tuneup"="12/13/2016 7:53 AM, 3234 bytes, A Adds the file Advanced PC Tuneup_DEFAULT"="12/13/2016 7:53 AM, 3296 bytes, A Adds the file Advanced PC Tuneup_UPDATES"="12/13/2016 7:53 AM, 3108 bytes, A Adds the file RunAtStartup"="12/13/2016 7:53 AM, 3006 bytes, A In the existing folder C:\Windows\Tasks Adds the file Advanced PC Tuneup_DEFAULT.job"="12/13/2016 7:53 AM, 342 bytes, A Adds the file Advanced PC Tuneup_UPDATES.job"="12/13/2016 7:53 AM, 350 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Advanced PC Tuneup_DEFAULT.job"="REG_BINARY, ................................ "Advanced PC Tuneup_DEFAULT.job.fp"="REG_DWORD", -414750731 "Advanced PC Tuneup_UPDATES.job"="REG_BINARY, ................................ "Advanced PC Tuneup_UPDATES.job.fp"="REG_DWORD", -1680533218 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\6dc835e1-049b-4fe5-9825-b51fe4f7057f] "APCTUURL"="REG_SZ", "http://www.advancedpctuneup.com/buynow/?" "Expired"="REG_DWORD", 0 "FirstTimeASPFired"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 15 "RENEWALURL"="REG_SZ", "http://www.advancedpctuneup.com/renewal/?" "ShowExitPage"="REG_DWORD", 0 "TELNO"="REG_SZ", "(855) 761-8856" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" "TELNOJP"="REG_SZ", "03-5050-1410" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\6dc835e1-049b-4fe5-9825-b51fe4f7057f\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Advanced\PC\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Jawego\Params] "APCTU"="REG_DWORD", 1 "APCTUGuid"="REG_SZ", "6dc835e1-049b-4fe5-9825-b51fe4f7057f" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced PC Tuneup_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe" "DisplayName"="REG_SZ", "Advanced PC Tuneup" "DisplayVersion"="REG_SZ", "6.3.45.516" "EstimatedSize"="REG_DWORD", 13993 "HelpLink"="REG_SZ", "www.advancedpctuneup.com" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F" "Inno Setup: Icon Group"="REG_SZ", "Advanced PC Tuneup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20161213" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\" "MajorVersion"="REG_DWORD", 6 "MinorVersion"="REG_DWORD", 3 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "www.advancedpctuneup.com" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "www.advancedpctuneup.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon] "first"="REG_DWORD", 1 "TELNO"="REG_SZ", "(844) 763-5838" "TELNOAU"="REG_SZ", "1800 154 231" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.05.61" "TELNOJP"="REG_SZ", "03-5050-1410" "TELNOUK"="REG_SZ", "0800 031 4657" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\6dc835e1-049b-4fe5-9825-b51fe4f7057f] "1stInstalled_Time"="REG_SZ", "12/13/2016 7:53:25 AM" "AutoRepair"="REG_DWORD", 0 "CanAutoScan"="REG_DWORD", 0 "ConfirmBkUps"="REG_DWORD", 1 "CurrentScanTime"="REG_BINARY, .....7.. "ErrorCount"="REG_DWORD", 18 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 0 "ImprovementProgram"="REG_DWORD", 1 "NumTimesPCPRunned"="REG_DWORD", 1 "RegErrFoundTillDate"="REG_DWORD", 0 "RegErrsFixedLast"="REG_DWORD", 0 "RegErrsFixedTillDate"="REG_DWORD", 0 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "SetChkREmovableMedia"="REG_DWORD", 1 "SetChkSkipEmptyKeys"="REG_DWORD", 1 "SetEnableSound"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastOptimizeTime"="REG_SZ", "" "StrLastScan"="REG_SZ", "Tue. December 13, 2016. 07:55 AM" "StrLastScanResults"="REG_SZ", "18" "StrLastStartupOpt"="REG_SZ", "" "StrLatestRegDefrag"="REG_SZ", "" "StrLatestRestorePoint"="REG_SZ", "" [HKEY_CURRENT_USER\Software\6dc835e1-049b-4fe5-9825-b51fe4f7057f\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Advanced\PC\Tuneup\key\6] "(Default)"="REG_BINARY, .......................................................................................................................o............................................................................................................................H........... [HKEY_CURRENT_USER\Software\Jawego\Params] "APCTUGuid"="REG_SZ", "6dc835e1-049b-4fe5-9825-b51fe4f7057f" [HKEY_CURRENT_USER\Software\SysMon\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 Malwarebytes Anti-Malware log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/13/16 Scan Time: 1:14 PM Logfile: mbamAdvancedPCTuneup.txt Administrator: Yes -Software Information- Version: 3.0.4.1269 Components Version: 1.0.39 Update Package Version: 1.0.717 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: METALLICA-PC\Metallica -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351328 Time Elapsed: 7 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\ADVANCEDPCTUNEUP.EXE, Quarantined, [2313], [351907],1.0.717 Module: 3 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\ADVANCEDPCTUNEUP.EXE, Quarantined, [2313], [351907],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\isxdl.dll, Quarantined, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\xmllite.dll, Quarantined, [2313], [352634],1.0.717 Registry Key: 10 PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Advanced PC Tuneup_is1, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D5E6D2B-E090-4CC5-8EF6-18F020408253}, Delete-on-Reboot, [2764], [351914],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{117CAF5C-F0D2-49D8-BE70-EC1465BEB3C6}, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75304679-4E6F-49AF-8E72-76698E4AFF82}, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CADB70F7-69C6-4844-B3A0-243DDD1169B6}, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced PC Tuneup, Delete-on-Reboot, [2313], [351903],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced PC Tuneup_DEFAULT, Delete-on-Reboot, [2313], [351903],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced PC Tuneup_UPDATES, Delete-on-Reboot, [2313], [351903],1.0.717 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RunAtStartup, Delete-on-Reboot, [2764], [351913],1.0.717 PUP.Optional.Jawego, HKU\S-1-5-21-1350903546-318028887-1286703239-1003\SOFTWARE\Jawego, Delete-on-Reboot, [2313], [351909],1.0.717 Registry Value: 4 PUP.Optional.SysTweak.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D5E6D2B-E090-4CC5-8EF6-18F020408253}|PATH, Delete-on-Reboot, [2764], [351914],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{117CAF5C-F0D2-49D8-BE70-EC1465BEB3C6}|PATH, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75304679-4E6F-49AF-8E72-76698E4AFF82}|PATH, Delete-on-Reboot, [2313], [351904],1.0.717 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CADB70F7-69C6-4844-B3A0-243DDD1169B6}|PATH, Delete-on-Reboot, [2313], [351904],1.0.717 Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F, Delete-on-Reboot, [2313], [352634],1.0.717 File: 59 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\ADVANCEDPCTUNEUP.EXE, Delete-on-Reboot, [2313], [351907],1.0.717 PUP.Optional.Jawego, C:\USERS\METALLICA\DESKTOP\SETUP.EXE, Delete-on-Reboot, [2313], [351908],1.0.717 PUP.Optional.Jawego, C:\USERS\PUBLIC\DESKTOP\ADVANCED PC TUNEUP.LNK, Delete-on-Reboot, [2313], [351905],1.0.717 PUP.Optional.Jawego, C:\PROGRAM FILES (X86)\6DC835E1-049B-4FE5-9825-B51FE4F7057F\APCTUUNS.EXE, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\isxdl.dll, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Chinese_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Chinese_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Danish_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Danish_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Dutch_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Dutch_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\eng_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\eng_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Italian_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Italian_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Japanese_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Japanese_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\korean_apct_ko.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\korean_uninst_ko.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\leftbmp.bmp, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Norwegian_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Norwegian_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\polish_apct_pl.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\polish_uninst_pl.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\portugese_apct_pt.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\portugese_uninst_pt.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Portuguese_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Portuguese_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\FileList.apctu, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Finnish_apct_fi.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Finnish_uninst_fi.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\French_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\French_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\German_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\German_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\greek_apct_el.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\greek_uninst_el.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\RegList.apctu, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\russian_apct_ru.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\russian_uninst_ru.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Spanish_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\spanish_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Swedish_apct.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\swedish_uninst.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\sysmon.exe, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\TraditionalCn_apct_zh-tw.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\traditionalcn_uninst_zh-tw.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\turkish_apct_tr.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\Turkish_uninst_tr.ini, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.dat, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.exe, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\unins000.msg, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\xmllite.dll, Delete-on-Reboot, [2313], [352634],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\TASKS\ADVANCED PC TUNEUP_UPDATES.JOB, Delete-on-Reboot, [2313], [351901],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\TASKS\ADVANCED PC TUNEUP_DEFAULT.JOB, Delete-on-Reboot, [2313], [351901],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\ADVANCED PC TUNEUP, Delete-on-Reboot, [2313], [351902],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\ADVANCED PC TUNEUP_DEFAULT, Delete-on-Reboot, [2313], [351902],1.0.717 PUP.Optional.Jawego, C:\WINDOWS\SYSTEM32\TASKS\ADVANCED PC TUNEUP_UPDATES, Delete-on-Reboot, [2313], [351902],1.0.717 PUP.Optional.SysTweak.Generic, C:\WINDOWS\SYSTEM32\TASKS\RUNATSTARTUP, Delete-on-Reboot, [2764], [351912],1.0.717 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  10. What is Driver Updater Plus? The Malwarebytes research team has determined that Driver Updater Plus is a "system optimizer". These so-called "system optimizers" sometimes use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Driver Updater Plus? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and on your desktop: and see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: and these tasks in your Task Scheduler: How did Driver Updater Plus get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Driver Updater Plus? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-{version}.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to: Launch Malwarebytes Anti-Malware Then click Finish. Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu. If an update is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Driver Updater Plus? No, Malwarebytes' Anti-Malware removes Driver Updater Plus completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Driver Updater Plus installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (Jawego Partners LLC) C:\Program Files (x86)\Driver Updater Plus\dup.exe C:\Windows\System32\Tasks\DriverUpdaterPlusRunAtStartup C:\Windows\System32\Tasks\DriverUpdaterPlus_UPDATES C:\Users\Public\Desktop\Driver Updater Plus.lnk C:\Windows\Tasks\DriverUpdaterPlus_UPDATES.job C:\Users\{username}\AppData\Roaming\jawego C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Plus C:\Program Files (x86)\Driver Updater Plus C:\Users\{username}\AppData\Roaming\Driver Updater Plus Driver Updater Plus (HKLM-x32\...\Driver Updater Plus_is1) (Version: 2.7.1086.16907 - Jawego Partners LLC) Task: {96E5FA20-26D9-4BD2-A8C7-8BB479706477} - System32\Tasks\DriverUpdaterPlus_UPDATES => C:\Program Files (x86)\Driver Updater Plus\dup.exe [2016-06-22] (Jawego Partners LLC) Task: {98E16E97-6AF7-442D-B0C6-ADDB110368D7} - System32\Tasks\DriverUpdaterPlusRunAtStartup => C:\Program Files (x86)\Driver Updater Plus\dup.exe [2016-06-22] (Jawego Partners LLC) Task: C:\Windows\Tasks\DriverUpdaterPlus_UPDATES.job => C:\Program Files (x86)\Driver Updater Plus\dup.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Driver Updater Plus Adds the file Danish_uninst.ini"="1/20/2016 3:42 PM, 2948 bytes, A Adds the file difxapi.dll"="6/23/2015 4:19 PM, 323464 bytes, A Adds the file difxapi64.dll"="6/23/2015 4:19 PM, 519048 bytes, A Adds the file DSTPJb4u.exe"="4/15/2016 2:39 PM, 572336 bytes, A Adds the file dup.exe"="6/22/2016 3:59 PM, 17917904 bytes, A Adds the file Dutch_rcp.ini"="4/29/2016 8:21 PM, 149952 bytes, A Adds the file install_left_image.bmp"="12/16/2015 3:48 PM, 156296 bytes, A Adds the file isxdl.dll"="6/22/2016 3:59 PM, 156624 bytes, A Adds the file unins000.dat"="12/6/2016 9:06 AM, 61533 bytes, A Adds the file unins000.exe"="12/6/2016 9:05 AM, 1193936 bytes, A Adds the file unins000.msg"="12/6/2016 9:06 AM, 22357 bytes, A Adds the file unrar.dll"="6/23/2015 4:19 PM, 168448 bytes, A Adds the folder C:\Program Files (x86)\Driver Updater Plus\updater\amd64Helper Adds the file difxapi.dll"="6/23/2015 4:19 PM, 519048 bytes, A Adds the file DriverUpdateHelper64.exe"="6/22/2016 3:59 PM, 316368 bytes, A Adds the file DriverUpdateHelper64.manifest"="6/23/2015 4:19 PM, 689 bytes, A Adds the folder C:\Program Files (x86)\Driver Updater Plus\updater\extract Adds the file 7z.dll"="6/22/2016 3:59 PM, 732112 bytes, A Adds the file 7z.exe"="6/22/2016 3:59 PM, 156112 bytes, A Adds the file copying.txt"="6/23/2015 4:19 PM, 26948 bytes, A Adds the file History.txt"="6/23/2015 4:19 PM, 29037 bytes, A Adds the file license.txt"="6/23/2015 4:19 PM, 2049 bytes, A Adds the file readme.txt"="6/23/2015 4:19 PM, 1616 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Plus Adds the file Driver Updater Plus.lnk"="12/6/2016 9:06 AM, 1071 bytes, A Adds the file Register Driver Updater Plus.lnk"="12/6/2016 9:06 AM, 1097 bytes, A Adds the file Uninstall Driver Updater Plus.lnk"="12/6/2016 9:06 AM, 1118 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Driver Updater Plus Adds the folder C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus Adds the file Download.dat"="12/6/2016 9:06 AM, 6 bytes, A Adds the file ininotfound0.ini"="12/6/2016 9:06 AM, 236 bytes, A Adds the file log_12-06-2016.log"="12/6/2016 9:06 AM, 0 bytes, A Adds the file results.du"="12/6/2016 9:10 AM, 62884 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\Backup Adds the folder C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\Download In the existing folder C:\Users\Public\Desktop Adds the file Driver Updater Plus.lnk"="12/6/2016 9:06 AM, 1053 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file DriverUpdaterPlus_UPDATES"="12/6/2016 9:06 AM, 3048 bytes, A Adds the file DriverUpdaterPlusRunAtStartup"="12/6/2016 9:06 AM, 3162 bytes, A In the existing folder C:\Windows\Tasks Adds the file DriverUpdaterPlus_UPDATES.job"="12/6/2016 9:06 AM, 290 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "DriverUpdaterPlus_UPDATES.job"="REG_BINARY, ................................ "DriverUpdaterPlus_UPDATES.job.fp"="REG_DWORD", 407894245 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\jawego] "MachineID"="REG_BINARY, (zero length data) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\jawego\duplus] "AppVersion"="REG_SZ", "2.7.1086.16907" "bShowCongratsAfterUpdateRestart"="REG_DWORD", 0 "BUILD_FOR"="REG_SZ", "jawego" "BuyNowURL"="REG_SZ", "http://www.driverupdaterplus.com/buynow?" "dwIsPCHelpOnlineBuild"="REG_DWORD", 0 "dwIsSilentBuildForRC_P"="REG_DWORD", 0 "Expired"="REG_DWORD", 0 "InstalledPath"="REG_SZ", "C:\Program Files (x86)\Driver Updater Plus" "IsIPBuild"="REG_DWORD", 1 "IsPbEnabled"="REG_DWORD", 0 "IsTelNoEnabled"="REG_DWORD", 1 "MaxFixLimit"="REG_DWORD", 50 "nAppendParamsFromReg"="REG_DWORD", 1 "RawId"="REG_BINARY, -3804995083000885380 "RenewNowURL"="REG_SZ", "http://www.driverupdaterplus.com/renewal?" "TELNO"="REG_SZ", "(844) 944-0918" "TELNODE"="REG_SZ", "(800) 180-6512" "TELNOFR"="REG_SZ", "01.76.54.27.59" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\jawego\duplus\LANG] "LangID"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\jawego\params] "DUP"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater Plus_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Driver Updater Plus\dup.exe" "DisplayName"="REG_SZ", "Driver Updater Plus" "DisplayVersion"="REG_SZ", "2.7.1086.16907" "EstimatedSize"="REG_DWORD", 24193 "HelpLink"="REG_SZ", "http://www.driverupdaterplus.com/duplus/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Driver Updater Plus" "Inno Setup: Icon Group"="REG_SZ", "Driver Updater Plus" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.1 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20161206" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Driver Updater Plus\" "MajorVersion"="REG_DWORD", 2 "MinorVersion"="REG_DWORD", 7 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Jawego Partners LLC" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Driver Updater Plus\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Driver Updater Plus\unins000.exe" /silent" "URLInfoAbout"="REG_SZ", "http://www.driverupdaterplus.com/duplus/" [HKEY_CURRENT_USER\Software\jawego] "MachineID"="REG_BINARY, (zero length data) [HKEY_CURRENT_USER\Software\jawego\duplus] "1stInstalled_Time"="REG_SZ", "12/6/2016 9:06:27 AM" "AppDriverScanStatus"="REG_DWORD", 1 "Backup Path"="REG_SZ", "C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\Backup\" "CurrentScanTime"="REG_BINARY, ........ "Download Path"="REG_SZ", "C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\Download\" "DriverAge"="REG_DWORD", 1 "FirstRun"="REG_DWORD", 1 "GoToSystemTrayOnClose"="REG_DWORD", 1 "ImprovementProgram"="REG_DWORD", 1 "InstalledPath"="REG_SZ", "C:\Program Files (x86)\Driver Updater Plus" "NumTimesRCPRunned"="REG_DWORD", 1 "OldestDriverAgeInYears"="REG_DWORD", 2996 "RawId"="REG_BINARY, -3804995083000885380 "ScheduledTime"="REG_SZ", "" "SetChkDontShowRedTrayPopup"="REG_DWORD", 0 "StartAutoScanOnLaunch"="REG_DWORD", 0 "StartAutoScanPMUI"="REG_DWORD", 0 "StartAutoTutorial"="REG_DWORD", 1 "StartMinimized"="REG_DWORD", 0 "StartScan"="REG_DWORD", 0 "StartWhenWinBoots"="REG_DWORD", 1 "StrLastScan"="REG_SZ", "Tue. December 06, 2016. 09:10 AM" "StrLastScanResults"="REG_SZ", "1" "StrLatestRestorePoint"="REG_SZ", "" "TotalOutOfDateDrivers"="REG_DWORD", 1 "TotalScannedDrivers"="REG_DWORD", 35 "TotalUpToDateDrivers"="REG_DWORD", 34 "TrialType"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\jawego\duplus\LANG] "LangCode"="REG_SZ", "en" "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\jawego\params] "DUP"="REG_DWORD", 1 Malwarebytes Anti-Malware log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/6/2016 Scan Time: 9:47 AM Logfile: mbamDriverUpdaterPlus.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.12.06.05 Rootkit Database: v2016.11.20.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 304314 Time Elapsed: 9 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\dup.exe, 3572, Delete-on-Reboot, [0914a3418d0df3432dac8b0e7f818a76] Modules: 1 PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\isxdl.dll, Delete-on-Reboot, [1a038a5a930777bfa1b865352ed2f10f], Registry Keys: 5 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96A10E5C-1EB6-4958-B52A-F68386815DB2}, Delete-on-Reboot, [b865f8ec6535ca6c13587c1eaf5151af], PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB70035E-6B98-4623-AF59-A2A338E6D8AB}, Delete-on-Reboot, [60bd984c0c8e52e45d0e9dfd847c8a76], PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverUpdaterPlusRunAtStartup, Delete-on-Reboot, [fc21e1037426d1658456900925db04fc], PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverUpdaterPlus_UPDATES, Delete-on-Reboot, [59c4469eefab2d0939a1abeec8387b85], PUP.Optional.Jawego, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Driver Updater Plus_is1, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], Registry Values: 2 PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96A10E5C-1EB6-4958-B52A-F68386815DB2}|Path, \DriverUpdaterPlusRunAtStartup, Delete-on-Reboot, [b865f8ec6535ca6c13587c1eaf5151af] PUP.Optional.Jawego, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB70035E-6B98-4623-AF59-A2A338E6D8AB}|Path, \DriverUpdaterPlus_UPDATES, Delete-on-Reboot, [60bd984c0c8e52e45d0e9dfd847c8a76] Registry Data: 0 (No malicious items detected) Folders: 10 PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus, Delete-on-Reboot, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\amd64Helper, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\extract, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego, Delete-on-Reboot, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus, Delete-on-Reboot, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\Backup, Quarantined, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\Download, Quarantined, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Plus, Quarantined, [f528bd27c9d1ae88fa749dfd1ee26a96], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\Driver Updater Plus, Quarantined, [1ffe29bb207a25114230cdcd1be524dc], Files: 66 PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\dup.exe, Delete-on-Reboot, [0914a3418d0df3432dac8b0e7f818a76], PUP.Optional.Jawego, C:\Users\{username}\Desktop\setup.exe, Quarantined, [a07d04e0267476c07b5e44557b8557a9], PUP.Optional.Jawego, C:\Users\Public\Desktop\Driver Updater Plus.lnk, Quarantined, [71ac18ccddbdc57186d4cbcff50bdf21], PUP.Optional.Jawego, C:\Windows\System32\Tasks\DriverUpdaterPlusRunAtStartup, Quarantined, [150811d3ddbdee4896d69703ed13649c], PUP.Optional.Jawego, C:\Windows\System32\Tasks\DriverUpdaterPlus_UPDATES, Quarantined, [fa235d875b3f81b5a9c38218b34d2bd5], PUP.Optional.Jawego, C:\Windows\Tasks\DriverUpdaterPlus_UPDATES.job, Quarantined, [3ce1c3213e5cce681d50d9c1c23e55ab], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\install_left_image.bmp, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Chinese_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Chinese_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Danish_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Danish_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\difxapi.dll, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\difxapi64.dll, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\DSTPJb4u.exe, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Dutch_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Dutch_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\eng_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\eng_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Finnish_rcp_fi.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Finnish_uninst_fi.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\French_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\French_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\German_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\German_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\greek_uninst_el.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\isxdl.dll, Delete-on-Reboot, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Italian_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Italian_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Japanese_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Japanese_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\korean_uninst_ko.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Norwegian_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Norwegian_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\polish_uninst_pl.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\portugese_uninst_pt.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Portuguese_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Portuguese_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\russian_rcp_ru.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\russian_uninst_ru.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Spanish_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\spanish_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Swedish_rcp.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\swedish_uninst.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\traditionalcn_uninst_zh-tw.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\Turkish_uninst_tr.ini, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\unins000.dat, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\unins000.exe, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\unins000.msg, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\unrar.dll, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\amd64Helper\difxapi.dll, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\amd64Helper\DriverUpdateHelper64.exe, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\amd64Helper\DriverUpdateHelper64.manifest, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\extract\7z.dll, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\extract\7z.exe, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\extract\copying.txt, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\extract\History.txt, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\extract\license.txt, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Program Files (x86)\Driver Updater Plus\updater\extract\readme.txt, Quarantined, [1a038a5a930777bfa1b865352ed2f10f], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\Download.dat, Quarantined, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\ininotfound0.ini, Quarantined, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\log_12-06-2016.log, Delete-on-Reboot, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\jawego\Driver Updater Plus\results.du, Quarantined, [958844a04357cd692b30f6a4b947b848], PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Plus\Driver Updater Plus.lnk, Quarantined, [f528bd27c9d1ae88fa749dfd1ee26a96], PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Plus\Register Driver Updater Plus.lnk, Quarantined, [f528bd27c9d1ae88fa749dfd1ee26a96], PUP.Optional.Jawego, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Plus\Uninstall Driver Updater Plus.lnk, Quarantined, [f528bd27c9d1ae88fa749dfd1ee26a96], PUP.Optional.Jawego, C:\Users\{username}\AppData\Roaming\Driver Updater Plus\ipini.ini, Quarantined, [1ffe29bb207a25114230cdcd1be524dc], Physical Sectors: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.