Jump to content

Recommended Posts

  • Staff

What is PC Performer?

The Malwarebytes research team has determined that PC Performer is a fake registry cleaner. Some of these so-called "registry cleaners" use exaggerated results and even intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with PC Performer?

This is how the main screen of the registry cleaning application looks:

main.png

You will find these icons in your taskbar and on your desktop:

icons.png

And see these warnings during install:

warning1.png

warning2.png

and these screens during "operations":

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

and these tasks in your Task Scheduler:

warning3.png

How did PC Performer get on my computer?

These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from a software download site.

How do I remove PC Performer?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of PC Performer?

  • No, Malwarebytes removes PC Performer completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this registry cleaner.

As you can see below the full version of Malwarebytes would have protected you against the PC Performer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


and it would have blocked access to their domain:
 

protection2.png


Technical details for experts

You may see these entries in FRST logs:
 

(Performersoft LLC -> PerformerSoft LLC) C:\Program Files (x86)\PC Performer\PCPerformer.exe
Task: {78F1C9FC-EA14-4FF7-AC4B-BE97C90DDAE0} - System32\Tasks\PC Performer_UPDATES => C:\Program Files (x86)\PC Performer\PCPerformer.exe [7724592 2011-11-02] (Performersoft LLC -> PerformerSoft LLC)
Task: {D1FAB9EF-5FAD-4752-8934-0710E91B3847} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe [7724592 2011-11-02] (Performersoft LLC -> PerformerSoft LLC)
Task: {D30A46B8-C830-4D80-884E-9ACF2F612C00} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files (x86)\PC Performer\PCPerformer.exe [7724592 2011-11-02] (Performersoft LLC -> PerformerSoft LLC)
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe
C:\Windows\system32\Tasks\PC Performer
C:\Windows\system32\Tasks\PC Performer_UPDATES
C:\Windows\system32\Tasks\PC Performer_DEFAULT
C:\Users\Public\Desktop\PC Performer.lnk
C:\ProgramData\Desktop\PC Performer.lnk
C:\Windows\Tasks\PC Performer_UPDATES.job
C:\Windows\Tasks\PC Performer_DEFAULT.job
C:\Users\{username}\AppData\Roaming\PerformerSoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
C:\Program Files (x86)\PC Performer
(PerformerSoft LLC) C:\Windows\system32\roboot64.exe

PC Performer (HKLM-x32\...\PC Performer_is1) (Version: 11.10 - Performersoft)
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\PC Performer\XmlLite.dll
(Performersoft Inc) [File not signed] C:\Program Files (x86)\PC Performer\PCPerformer.DLL

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\PC Performer
       Adds the file Beforeuninstall.exe"="11/2/2011 2:16 PM, 919600 bytes, A
       Adds the file CleanSchedule.exe"="11/2/2011 2:16 PM, 134192 bytes, A
       Adds the file install_left_image.bmp"="10/15/2011 11:38 AM, 156296 bytes, A
       Adds the file isxdl.dll"="11/2/2011 2:16 PM, 156208 bytes, A
       Adds the file Italian_rcp.ini"="10/17/2011 12:56 PM, 92596 bytes, A
       Adds the file PCPerformer.dll"="11/2/2011 2:15 PM, 1638400 bytes, A
       Adds the file PCPerformer.exe"="11/2/2011 2:16 PM, 7724592 bytes, A
       Adds the file TraditionalCn_rcp_zh-tw.ini"="10/17/2011 12:56 PM, 46162 bytes, A
       Adds the file unins000.dat"="6/17/2021 9:06 AM, 37273 bytes, A
       Adds the file unins000.exe"="6/17/2021 9:05 AM, 1198128 bytes, A
       Adds the file unins000.msg"="6/17/2021 9:06 AM, 21031 bytes, A
       Adds the file xmllite.dll"="10/11/2011 11:27 AM, 126976 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
       Adds the file PC Performer.lnk"="6/17/2021 9:06 AM, 1068 bytes, A
       Adds the file Register PC Performer.lnk"="6/17/2021 9:06 AM, 1094 bytes, A
       Adds the file Uninstall PC Performer.lnk"="6/17/2021 9:06 AM, 1053 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\PerformerSoft\PC Performer
       Adds the file eng_rcp.dat"="6/17/2021 9:06 AM, 31722 bytes, A
       Adds the file log_06-17-2021.log"="6/17/2021 9:06 AM, 0 bytes, A
       Adds the file results.rcp"="6/17/2021 9:06 AM, 34980 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file PC Performer.lnk"="6/17/2021 9:06 AM, 1050 bytes, A
    In the existing folder C:\Windows\System32
       Alters the file 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        6/15/2021 9:06 AM, 30880 bytes, HA ==> 6/17/2021 9:05 AM, 30880 bytes, HA
       Alters the file 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        6/15/2021 9:06 AM, 30880 bytes, HA ==> 6/17/2021 9:05 AM, 30880 bytes, HA
       Adds the file roboot64.exe"="11/2/2011 2:16 PM, 18992 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file PC Performer"="6/17/2021 9:06 AM, 3118 bytes, A
       Adds the file PC Performer_DEFAULT"="6/17/2021 9:06 AM, 2894 bytes, A
       Adds the file PC Performer_UPDATES"="6/17/2021 9:06 AM, 3050 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file PC Performer_DEFAULT.job"="6/17/2021 9:06 AM, 284 bytes, A
       Adds the file PC Performer_UPDATES.job"="6/17/2021 9:06 AM, 292 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}]
       "(Default)"="REG_SZ", "PointerMoniker"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}\InprocServer32]
       "(Default)"="REG_SZ", "ole32.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "PC Performer_DEFAULT.job"="REG_BINARY, ................................
       "PC Performer_DEFAULT.job.fp"="REG_DWORD", 1019560635
       "PC Performer_UPDATES.job"="REG_BINARY, ................................
       "PC Performer_UPDATES.job.fp"="REG_DWORD", 556486810
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
       "TrapPollTimeMilliSecs"="REG_DWORD", 15000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PC Performer\Regcleanpro.exe"
       "DisplayName"="REG_SZ", "PC Performer"
       "DisplayVersion"="REG_SZ", "11.10"
       "EstimatedSize"="REG_DWORD", 13363
       "HelpLink"="REG_SZ", "http://www.Performersoft.com/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\PC Performer"
       "Inno Setup: Icon Group"="REG_SZ", "PC Performer"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.4.0 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20210617"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\PC Performer\"
       "MajorVersion"="REG_DWORD", 11
       "MinorVersion"="REG_DWORD", 10
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Performersoft"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Performer\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Performer\unins000.exe" /silent"
       "URLInfoAbout"="REG_SZ", "http://www.Performersoft.com/"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PerformerSoft]
       "MachineID"="REG_BINARY, (zero length data)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PerformerSoft\PC Performer]
       "Expired"="REG_DWORD", 0
       "MaxFixLimit"="REG_DWORD", 15
       "RCPURL"="REG_SZ", "http://www.performersoft.com/pcperformer/register/st.php?utm_source=performersoft&utm_campaign=default&utm_medium=newbuild"
       "RENEWALURL"="REG_SZ", "http://www.performersoft.com/pcperformer/register/st.php?renew=1&utm_source=performersoft&utm_campaign=default&utm_medium=newbuild"
       "TELNO"="REG_SZ", "(800) 259-0314"
       "utm_campaign"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "performersoft"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PerformerSoft\PC Performer\LANG]
       "LangID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\PerformerSoft]
       "MachineID"="REG_BINARY, (zero length data)
    [HKEY_CURRENT_USER\Software\PerformerSoft\PC Performer]
       "AutoRepair"="REG_DWORD", 0
       "ConfirmBkUps"="REG_DWORD", 1
       "CurrentScanTime"="REG_BINARY, ......3.
       "ErrorCount"="REG_DWORD", 87
       "FirstRun"="REG_DWORD", 1
       "GoToSystemTrayOnClose"="REG_DWORD", 0
       "ImprovementProgram"="REG_DWORD", 1
       "IsTrial"="REG_DWORD", 1
       "NumTimesRCPRunned"="REG_DWORD", 1
       "RegErrFoundTillDate"="REG_DWORD", 0
       "RegErrsFixedLast"="REG_DWORD", 0
       "RegErrsFixedTillDate"="REG_DWORD", 0
       "ScheduledTime"="REG_SZ", ""
       "SetChkREmovableMedia"="REG_DWORD", 1
       "SetChkSkipEmptyKeys"="REG_DWORD", 1
       "StartAutoScanOnLaunch"="REG_DWORD", 0
       "StartAutoScanPMUI"="REG_DWORD", 0
       "StartAutoTutorial"="REG_DWORD", 1
       "StartMinimized"="REG_DWORD", 0
       "StartScan"="REG_DWORD", 0
       "StartWhenWinBoots"="REG_DWORD", 1
       "StrLastOptimizeTime"="REG_SZ", ""
       "StrLastScan"="REG_SZ", "Thu. June 17, 2021. 09:06 AM"
       "StrLastScanResults"="REG_SZ", "87"
       "StrLastStartupOpt"="REG_SZ", ""
       "StrLatestRegDefrag"="REG_SZ", ""
       "StrLatestRestorePoint"="REG_SZ", ""
       "TrialType"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\PerformerSoft\PC Performer\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/17/21
Scan Time: 9:19 AM
Log File: 660e75a4-cf3c-11eb-b48b-080027235d76.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41815
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234801
Threats Detected: 71
Threats Quarantined: 71
Time Elapsed: 1 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\PCPerformer.exe, Quarantined, 1562, 174325, , , , , FCC40B95E7AC2CB6E5A4D5337CF86DBD, 612ABC0B32D518022F9152BC54F1789756D444469CC8439A26DB564A1001B141

Module: 4
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\isxdl.dll, Quarantined, 1562, 174325, , , , , 7FDDD56873FE84A1A74BD888DB5EE045, 46D148A90E7E517B985797CEB51A4492EA8439A88B48FBD3C752EA1ED11014B0
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\PCPerformer.dll, Quarantined, 1562, 174325, , , , , D3282BC03F69559C45C24731F61ECC46, 88EBAC9549BD1157F6911B43C03B1404D1F6F646D7599D74E7A606AB33D11742
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\PCPerformer.exe, Quarantined, 1562, 174325, , , , , FCC40B95E7AC2CB6E5A4D5337CF86DBD, 612ABC0B32D518022F9152BC54F1789756D444469CC8439A26DB564A1001B141
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\xmllite.dll, Quarantined, 1562, 174325, , , , , 71A2DCA8F626FCEF8BFF7E2C17C67A7F, B55A978443EF0B873875910283BEDFAB0C3133BAC7BE72A68ED5146F83F1EF8C

Registry Key: 12
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Performer, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{145D8C41-4B4B-4680-8A5F-6B9B1F08C5DD}, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{145D8C41-4B4B-4680-8A5F-6B9B1F08C5DD}, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Performer_DEFAULT, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D30A46B8-C830-4D80-884E-9ACF2F612C00}, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D30A46B8-C830-4D80-884E-9ACF2F612C00}, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Performer_UPDATES, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78F1C9FC-EA14-4FF7-AC4B-BE97C90DDAE0}, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{78F1C9FC-EA14-4FF7-AC4B-BE97C90DDAE0}, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Performer_is1, Quarantined, 1562, 174325, , , , , , 
PUP.Optional.PCPerformer, HKCU\SOFTWARE\PERFORMERSOFT\PC Performer, Quarantined, 1562, 241585, 1.0.41815, , ame, , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, Quarantined, 1562, 241586, 1.0.41815, , ame, , , 

Registry Value: 3
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{145D8C41-4B4B-4680-8A5F-6B9B1F08C5DD}|PATH, Quarantined, 1562, 258469, 1.0.41815, , ame, , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78F1C9FC-EA14-4FF7-AC4B-BE97C90DDAE0}|PATH, Quarantined, 1562, 258469, 1.0.41815, , ame, , , 
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D30A46B8-C830-4D80-884E-9ACF2F612C00}|PATH, Quarantined, 1562, 258469, 1.0.41815, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.PCPerformer, C:\PROGRAM FILES (X86)\PC PERFORMER, Quarantined, 1562, 174325, 1.0.41815, , ame, , , 
PUP.Optional.PCPerformer, C:\USERS\{username}\APPDATA\ROAMING\PERFORMERSOFT\PC PERFORMER, Quarantined, 1562, 174326, 1.0.41815, , ame, , , 
PUP.Optional.PCPerformer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC PERFORMER, Quarantined, 1562, 241583, 1.0.41815, , ame, , , 

File: 48
PUP.Optional.PCPerformer, C:\USERS\PUBLIC\DESKTOP\PC PERFORMER.LNK, Quarantined, 1562, 190312, 1.0.41815, , ame, , 82CC9821D3CCD1113B824C0D7E51C569, E69487947507B617BBD4F4764C3B4E292FC0CE146D23921487B8B958C7E90282
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Beforeuninstall.exe, Quarantined, 1562, 174325, , , , , 97988AE0D350150D4FDBF040967EFE7D, F15352826ADF3BBE27F4D9EAEC5408DBD7A49A830A6C365E8A19261220F61BF7
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Chinese_rcp.ini, Quarantined, 1562, 174325, , , , , DB152A0C5886726E8E349C83D57658BE, D08D00B0E1BE65E80C16305D08F465D2874B564C33CE8CAD403E4CE5DB7ACE29
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\CleanSchedule.exe, Quarantined, 1562, 174325, , , , , 305D45111EE491BF06BDAF49D7930E1A, CFA1F85E15730A8D3BAE785FB65DBD7D02C81EDCE417BA2395AAD922F15B082A
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Danish_rcp.ini, Quarantined, 1562, 174325, , , , , 46E9E31D88C62D6992E121D2AB0F154D, E513C22D57B1AD2D76F3F180482AD8966AABA658CCC285E7DDF1D3D1638767F5
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Dutch_rcp.ini, Quarantined, 1562, 174325, , , , , EA35FC23264C00BFECBB355531AAA9F4, C34126A0DAF32D6F0C60597A515497EE44276A6DA4A2294DD8B3BEC964186D2E
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\eng_rcp.ini, Quarantined, 1562, 174325, , , , , 7346C3C5FDE764B3D0F0D37059457B27, 61F37C0B741B46E29D60D4C1DCE5590310FF9D948DDEFF07FD685DE867D59E79
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Finnish_rcp_fi.ini, Quarantined, 1562, 174325, , , , , 094B39D833A09CA4DE0991FB0A1B3252, BD246172791337FD6A268D855D070174D70C17399CA6095F78A8CA929E5B3841
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\French_rcp.ini, Quarantined, 1562, 174325, , , , , CAB61B64C67C2CA129508D1C1E06CE16, 7F32C0948BEFEEA716436460F27AED8A4D41E7300D4960D9E3746DCD10AC57F5
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\German_rcp.ini, Quarantined, 1562, 174325, , , , , A015A6B07CEFDCC9657B63044DCDDB03, 79F1ACFDD6C921CA17C6CF0251BA2111F98151F42E7890E814C7E520730D0954
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\greek_rcp_el.ini, Quarantined, 1562, 174325, , , , , 553AEF9948609DB65397FB39BA3BDC26, B455FD79C924A57E4E68AEB1FDE87FFFB52418493AF07B6707726401E678A25B
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\install_left_image.bmp, Quarantined, 1562, 174325, , , , , 352DEDAFEB99BBB248229FEC01E73777, FBF6228496407C202E6D38B12B11A764D7B98F427A879CFE0D478C8CBFF05F19
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\isxdl.dll, Quarantined, 1562, 174325, , , , , 7FDDD56873FE84A1A74BD888DB5EE045, 46D148A90E7E517B985797CEB51A4492EA8439A88B48FBD3C752EA1ED11014B0
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Italian_rcp.ini, Quarantined, 1562, 174325, , , , , 856017C9659674BC789B116214C72CCE, BF6698309983ADD342CA1BDE7B91F40CE597DACEC272D60B27666A2E49A6CDFD
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Japanese_rcp.ini, Quarantined, 1562, 174325, , , , , 7B748A27EBD49ED48A3DC2960C84A663, 1F53FCADE92976F6D2C04D2490842E09527373DBC886145A2849B75A6A3C0469
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\korean_rcp_ko.ini, Quarantined, 1562, 174325, , , , , DAEDABAA1934D4E6127103350DD33133, 547D0A05BCC65CBCDF659CED54C3A3C01EADB713869C9822AC4CDE8336DDAA52
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Norwegian_rcp.ini, Quarantined, 1562, 174325, , , , , D06D286826354D242C8AB0B40014CB38, B12A970D0C7009EB60D1A725A889B8D7ED99B4C67B43F261C14A85CC4CB89754
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\PCPerformer.dll, Quarantined, 1562, 174325, , , , , D3282BC03F69559C45C24731F61ECC46, 88EBAC9549BD1157F6911B43C03B1404D1F6F646D7599D74E7A606AB33D11742
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\PCPerformer.exe, Quarantined, 1562, 174325, , , , , FCC40B95E7AC2CB6E5A4D5337CF86DBD, 612ABC0B32D518022F9152BC54F1789756D444469CC8439A26DB564A1001B141
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\polish_rcp_pl.ini, Quarantined, 1562, 174325, , , , , 9434593D7B5330842B93D5C7635CF7AF, 5D39B8949B500BFE28A60C9B59FCAAF9EE79525EDBCDB0C52AB8F7980A1C5F49
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\portugese_rcp_pt.ini, Quarantined, 1562, 174325, , , , , 37BB0B58B04946B58BA0061B02DB7E32, E6714965EAC22BC68E1ECF03A37B8267657A5A94CD21FAEB3AE0C1A2E772AC8C
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Portuguese_rcp.ini, Quarantined, 1562, 174325, , , , , 5C88F9F0887611EFA0D3965FC02531E4, A6CC8043AC7ED589D00DA46F92E5FE4F0F9F7319EB18D1B2C12DC961F8C6F255
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\russian_rcp_ru.ini, Quarantined, 1562, 174325, , , , , A86A8D9F84EC07C70AA2B9C33D33FFD0, 834F4495BA6370EB97E550BB9353D680820C7BE259CE2EEC816D0CC7757E8086
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Spanish_rcp.ini, Quarantined, 1562, 174325, , , , , D2CA57A4F60550B0966CA576DA9FAF53, 8B218E8B6C1A41DD5BD3B5742C024918776D6D767BBA061FB47D01761A038323
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\Swedish_rcp.ini, Quarantined, 1562, 174325, , , , , CDCBC5DFBC8767EFDCD4F655452AF110, 2CFE7D7CBDE6485767EC1137087580FFD6B5E14DB718C78771114DCC46EED0C2
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\TraditionalCn_rcp_zh-tw.ini, Quarantined, 1562, 174325, , , , , C929463E7D4B58936F3FF7FAC9EE5DD7, 85D73692D124EE334B850F6CA544895C587DD52B313CFAA9EB865FC558B8AD25
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\turkish_rcp_tr.ini, Quarantined, 1562, 174325, , , , , 3E9148B929411189FBCB8EC9522A5255, 0339CBEEDDC48A6E4E11F2AB7D161F45AAED789D490D3B91831EC5011F97E57B
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\unins000.dat, Quarantined, 1562, 174325, , , , , F51EADD2493C02593C246BE694EE5C86, D88969AA29F9CA9C813A6C9AAE84C00769C3F14132D0A5BD603D7BC5B7023CBC
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\unins000.exe, Quarantined, 1562, 174325, , , , , 0C75BF679268DBDB44A079CEDA85421A, 4AB00DE32BE5FD0FB6DC34F9C56BB88650C2F1C0CE375BCAF189EECCD22C80AC
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\unins000.msg, Quarantined, 1562, 174325, , , , , 4FCA97214DAC80436C4C30B71B0642B7, BDF49A4D2A7420B44216E574197DC53A8C2291C46CB410E73F74146E10642C47
PUP.Optional.PCPerformer, C:\Program Files (x86)\PC Performer\xmllite.dll, Quarantined, 1562, 174325, , , , , 71A2DCA8F626FCEF8BFF7E2C17C67A7F, B55A978443EF0B873875910283BEDFAB0C3133BAC7BE72A68ED5146F83F1EF8C
PUP.Optional.PCPerformer, C:\WINDOWS\SYSTEM32\TASKS\PC Performer, Quarantined, 1562, 174325, , , , , 5810A05D14A610EA21794DB16C7AA495, F2EAD313984DE4B86F2180FEB0F0D1A7D462501DD810693DE6818717A2ACF55B
PUP.Optional.PCPerformer, C:\WINDOWS\TASKS\PC Performer_DEFAULT.job, Quarantined, 1562, 174325, , , , , DFC46B4B2FDD43F364B9842303CEDD22, F52018FB08961766B201445C79B0D0B3029DD0739E3FA0D8099CC6C1859711B2
PUP.Optional.PCPerformer, C:\WINDOWS\SYSTEM32\TASKS\PC Performer_DEFAULT, Quarantined, 1562, 174325, , , , , ABC28919D2F11818AD081581826FF901, 473FE0B1A78EAE9D8282BCDA6B1A9CECD92F4815A2067159A6DBAF9AC3C63928
PUP.Optional.PCPerformer, C:\WINDOWS\TASKS\PC Performer_UPDATES.job, Quarantined, 1562, 174325, , , , , 78028A147DBE7A6B42079858E9F85173, EF3E45F1DC7288E87D980A8EF8E4D37E85BD7D0097A344DCEB17E0D0F5B9EF96
PUP.Optional.PCPerformer, C:\WINDOWS\SYSTEM32\TASKS\PC Performer_UPDATES, Quarantined, 1562, 174325, , , , , 05131B833E94DF91197DBD3F08E3DEEC, 2B7AD9D9D5341FA4DC846B9B9AEEC5D5CD7530F240A37D1E722DF0321DE002B2
PUP.Optional.PCPerformer, C:\Users\{username}\AppData\Roaming\PerformerSoft\PC Performer\eng_rcp.dat, Quarantined, 1562, 174326, , , , , D1D13A16EB68CACFCFEA10F3095332B3, 5ED3191BD8F306087ABA28D6F9CAD51C3F48E22C7E28B866ACE8ADAE17AD286D
PUP.Optional.PCPerformer, C:\Users\{username}\AppData\Roaming\PerformerSoft\PC Performer\ExcludeList.rcp, Quarantined, 1562, 174326, , , , , 7319468847D7B1AEE40DBF5DD963C999, B0F66ADC83641586656866813FD9DD0B8EBB63796075661BA45D1AA8089E1D44
PUP.Optional.PCPerformer, C:\Users\{username}\AppData\Roaming\PerformerSoft\PC Performer\log_06-17-2021.log, Quarantined, 1562, 174326, , , , , 8F7AD2D32CFF0B34067BBCC855337FED, EDB2054C89553DE458A1ED3A38997566639EDB85C129B129071A82A65795BBF9
PUP.Optional.PCPerformer, C:\Users\{username}\AppData\Roaming\PerformerSoft\PC Performer\rcpupdate.ini, Quarantined, 1562, 174326, , , , , 955AD3298DB330B5EE880C2C9E6F23A0, B64AC05F17E64D037DB81A98F51E2688216E292AE9748F979F04DFBAC49FD7FC
PUP.Optional.PCPerformer, C:\Users\{username}\AppData\Roaming\PerformerSoft\PC Performer\results.rcp, Quarantined, 1562, 174326, , , , , 154D6EFDDE646519F4835864747F91C9, 5B7D1C4E06BAB79C35FFE636DCB58FD54F30E82AB07E7E8E1E60BC95F1875972
PUP.Optional.PCPerformer, C:\Users\{username}\AppData\Roaming\PerformerSoft\PC Performer\TempHLList.rcp, Quarantined, 1562, 174326, , , , , 7319468847D7B1AEE40DBF5DD963C999, B0F66ADC83641586656866813FD9DD0B8EBB63796075661BA45D1AA8089E1D44
PUP.Optional.PCPerformer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC PERFORMER\PC PERFORMER.LNK, Quarantined, 1562, 241583, 1.0.41815, , ame, , F66B12C58D78E78DF3D5577F71D87FD1, 217194CC1A41CE848FBCD5820DF59D8E7F57577ABCCEDA7B3BC4819867F672F4
PUP.Optional.PCPerformer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer\Register PC Performer.lnk, Quarantined, 1562, 241583, , , , , B28F56BB931749A0CAF750FB2BD9920A, 0A78065FDCA9AE4081918C83F2799DED30DF287396884CC5A299B6B44025CBD3
PUP.Optional.PCPerformer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer\Uninstall PC Performer.lnk, Quarantined, 1562, 241583, , , , , 9E94A36030F869BE2A6C932A644A764F, 88707E6CDA27FDBC7C3E14C978DB0F9935B417B222EBD0FDB77E63AD65F2CE90
PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, Quarantined, 880, 395666, 1.0.41815, , ame, , B4E88DA35AD531A65B251A34BAA21066, 260A1DE1DC70FC4CA1637AE7C0EA8A5EC5750A086DF3EC3227951ADC7CCFC075
PUP.Optional.PerformerSoft, C:\USERS\{username}\DESKTOP\SETUP.EXE, Quarantined, 678, 950419, 1.0.41815, , ame, , 7DEAAF465B95644C440B31B404B2FDB4, 57283EDC256A18F6AD0E5D6D22FC59EFFB2C07F8084946488F9858F7C9DA11E0
PUP.Optional.PerformerSoft, C:\USERS\{username}\DOWNLOADS\SETUP.EXE, Quarantined, 678, 950419, 1.0.41815, , ame, , 7DEAAF465B95644C440B31B404B2FDB4, 57283EDC256A18F6AD0E5D6D22FC59EFFB2C07F8084946488F9858F7C9DA11E0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.