D
DelJo63
Beware of PUP infections from these downloads:
iolo:: System Checkup
ProPCCleaner
PCCleaners, app3_Install_eng.exe
eShield, Google\Chrome Extensions
WinYahoo Internet Explorer
==== malware log follows ====
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/29/2017
Scan Time: 10:06 AM
Logfile: Malware_Log_3-29-17.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.03.29.06
Rootkit Database: v2017.03.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 593897
Time Elapsed: 41 min, 17 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 9
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [e0eacc03c3e526106a2f4ff2000050b0],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{879E8F42-712F-4BEF-8B90-17D7D2D62B13}, Delete-on-Reboot, [d3f7b31c0c9c7fb77088cb1f54af817f],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D72836E6-5E7D-409A-8053-5996CE640BDE}, Delete-on-Reboot, [705af5da51573006896f99517c87629e],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Popup, Delete-on-Reboot, [6a6021ae03a5290d53763181b94a11ef],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Start, Delete-on-Reboot, [9b2f339cfdaba59123a6486a13f02dd3],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [05c54e812d7bdf57cccdd36e916f9e62],
PUP.Optional.WinYahoo, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{266D28BA-5DD3-49D1-B995-05749987BB4E}, Quarantined, [c2088d4218906accee33c5849070ae52],
PUP.Optional.TNT, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [09c10ac53771ed49b15c00baea19d32d],
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\Rainmaker Software Group LLC. \Pro PC Cleaner, Quarantined, [08c203cce4c4b6808144baf86e956d93],
Registry Values: 7
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://us.search.yahoo.com/yhs/sea...ndowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{879E8F42-712F-4BEF-8B90-17D7D2D62B13}|Path, \ProPCCleaner_Start, Delete-on-Reboot, [d3f7b31c0c9c7fb77088cb1f54af817f]
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D72836E6-5E7D-409A-8053-5996CE640BDE}|Path, \ProPCCleaner_Popup, Delete-on-Reboot, [705af5da51573006896f99517c87629e]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://us.search.yahoo.com/yhs/sea...ndowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{266D28BA-5DD3-49D1-B995-05749987BB4E}|URL, https://us.search.yahoo.com/yhs/sea...ndowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
PUP.Optional.TNT, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|FaviconURL, http://mirror.mirror-files.com/tnt2/10999/eShield_16.ico, Quarantined, [09c10ac53771ed49b15c00baea19d32d]
PUP.Optional.eShield, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, http://search.eshield.com/serp?guid={4AB67A55-3358-444F-883A-06AE30D28457}&action=default_search&k={searchTerms}, Quarantined, [3c8e9936a70147efd32bb05450b04bb5]
Registry Data: 0
(No malicious items detected)
Folders: 30
PUP.Optional.IoloSC, C:\Program Files (x86)\iolo\System Checkup, Quarantined, [824877585d4b1b1b14a50f99b64afe02],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp, Quarantined, [3397a32c05a3a2948f22bab6778a738d],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0, Quarantined, [3397a32c05a3a2948f22bab6778a738d],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\_metadata, Quarantined, [3397a32c05a3a2948f22bab6778a738d],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ja, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ar, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Cyrl-BA, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Latn-BA, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\da, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\de, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\es, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fil-PH, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fr, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\he, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\hr-HR, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\it, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\nl, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\no, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\se-FI, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Cyrl-RS, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Latn-RS, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sv, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\th-TH, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\tr-TR, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\Documents\ProPCCleaner, Quarantined, [b1194c836b3d7abc9edcfdf4966c9967],
PUP.Optional.ProPCCleaner, C:\Users\XOXO\Documents\ProPCCleaner, Quarantined, [a92118b7891fc76f4a305a97b84a38c8],
PUP.Optional.ProPCCleaner, C:\Users\YOYO\Documents\ProPCCleaner, Quarantined, [e3e71cb31b8dbb7bf2888b66946e50b0],
Files: 7
PUP.Optional.PCCleaners, C:\Downloads\app3_Install_eng.exe, Quarantined, [dbef5f70d9cfdf57227204c76998619f],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\prefs.js, Good: (), Bad: (eShield Safe Web), Replaced,[6268a02f654396a0b971da2c20e459a7]
PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.eshield.com/serp?guid={4AB67A55-3358-444F-883A-06AE30D28457}&action=default_search&k=")
, Replaced,[f7d3c30cb4f4a195dff94e04778de11f]
PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "eShield Safe Web"), Replaced,[1baf5e719315a09619641e35bc48b749]
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\searchplugins\yahoo! powered.xml, Quarantined, [e6e47758594f4beb883dea6ac3415fa1],
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\searchplugins\yahoo.xml, Quarantined, [b119854ad8d0fc3a3a6201771ae8ae52],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\user.js, Quarantined, [4e7c8f4017911125647f94bf7c880ef2],
Physical Sectors: 0
(No malicious items detected)
(end)
iolo:: System Checkup
ProPCCleaner
PCCleaners, app3_Install_eng.exe
eShield, Google\Chrome Extensions
WinYahoo Internet Explorer
==== malware log follows ====
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/29/2017
Scan Time: 10:06 AM
Logfile: Malware_Log_3-29-17.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.03.29.06
Rootkit Database: v2017.03.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 593897
Time Elapsed: 41 min, 17 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 9
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [e0eacc03c3e526106a2f4ff2000050b0],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{879E8F42-712F-4BEF-8B90-17D7D2D62B13}, Delete-on-Reboot, [d3f7b31c0c9c7fb77088cb1f54af817f],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D72836E6-5E7D-409A-8053-5996CE640BDE}, Delete-on-Reboot, [705af5da51573006896f99517c87629e],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Popup, Delete-on-Reboot, [6a6021ae03a5290d53763181b94a11ef],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Start, Delete-on-Reboot, [9b2f339cfdaba59123a6486a13f02dd3],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [05c54e812d7bdf57cccdd36e916f9e62],
PUP.Optional.WinYahoo, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{266D28BA-5DD3-49D1-B995-05749987BB4E}, Quarantined, [c2088d4218906accee33c5849070ae52],
PUP.Optional.TNT, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [09c10ac53771ed49b15c00baea19d32d],
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\Rainmaker Software Group LLC. \Pro PC Cleaner, Quarantined, [08c203cce4c4b6808144baf86e956d93],
Registry Values: 7
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://us.search.yahoo.com/yhs/sea...ndowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{879E8F42-712F-4BEF-8B90-17D7D2D62B13}|Path, \ProPCCleaner_Start, Delete-on-Reboot, [d3f7b31c0c9c7fb77088cb1f54af817f]
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D72836E6-5E7D-409A-8053-5996CE640BDE}|Path, \ProPCCleaner_Popup, Delete-on-Reboot, [705af5da51573006896f99517c87629e]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://us.search.yahoo.com/yhs/sea...ndowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{266D28BA-5DD3-49D1-B995-05749987BB4E}|URL, https://us.search.yahoo.com/yhs/sea...ndowsQuarantinedB7QuarantinedBProfessional&p={searchTerms}, %4, %5
PUP.Optional.TNT, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|FaviconURL, http://mirror.mirror-files.com/tnt2/10999/eShield_16.ico, Quarantined, [09c10ac53771ed49b15c00baea19d32d]
PUP.Optional.eShield, HKU\S-1-5-21-635012957-3435899091-545158274-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, http://search.eshield.com/serp?guid={4AB67A55-3358-444F-883A-06AE30D28457}&action=default_search&k={searchTerms}, Quarantined, [3c8e9936a70147efd32bb05450b04bb5]
Registry Data: 0
(No malicious items detected)
Folders: 30
PUP.Optional.IoloSC, C:\Program Files (x86)\iolo\System Checkup, Quarantined, [824877585d4b1b1b14a50f99b64afe02],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp, Quarantined, [3397a32c05a3a2948f22bab6778a738d],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0, Quarantined, [3397a32c05a3a2948f22bab6778a738d],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\_metadata, Quarantined, [3397a32c05a3a2948f22bab6778a738d],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ja, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ar, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Cyrl-BA, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\bs-Latn-BA, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\da, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\de, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\es, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fil-PH, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\fr, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\he, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\hr-HR, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\it, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\nl, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\no, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\se-FI, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Cyrl-RS, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sr-Latn-RS, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\sv, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\th-TH, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\tr-TR, Quarantined, [41898c437d2b6acc6216777a639f669a],
PUP.Optional.ProPCCleaner, C:\Users\Administrator\Documents\ProPCCleaner, Quarantined, [b1194c836b3d7abc9edcfdf4966c9967],
PUP.Optional.ProPCCleaner, C:\Users\XOXO\Documents\ProPCCleaner, Quarantined, [a92118b7891fc76f4a305a97b84a38c8],
PUP.Optional.ProPCCleaner, C:\Users\YOYO\Documents\ProPCCleaner, Quarantined, [e3e71cb31b8dbb7bf2888b66946e50b0],
Files: 7
PUP.Optional.PCCleaners, C:\Downloads\app3_Install_eng.exe, Quarantined, [dbef5f70d9cfdf57227204c76998619f],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\prefs.js, Good: (), Bad: (eShield Safe Web), Replaced,[6268a02f654396a0b971da2c20e459a7]
PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.eshield.com/serp?guid={4AB67A55-3358-444F-883A-06AE30D28457}&action=default_search&k=")
, Replaced,[f7d3c30cb4f4a195dff94e04778de11f]PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "eShield Safe Web")
, Replaced,[1baf5e719315a09619641e35bc48b749]PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\searchplugins\yahoo! powered.xml, Quarantined, [e6e47758594f4beb883dea6ac3415fa1],
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\searchplugins\yahoo.xml, Quarantined, [b119854ad8d0fc3a3a6201771ae8ae52],
PUP.Optional.eShield, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dmla8cbp.default\user.js, Quarantined, [4e7c8f4017911125647f94bf7c880ef2],
Physical Sectors: 0
(No malicious items detected)
(end)
