DBatt Posted February 5, 2017 Share Posted February 5, 2017 At 24 minutes after each hour my computer is on I get a message that SuperShield has blocked the file "WINDOWS\SYSTEM32\WSCRIPT.EXE". The protection is set to SuperShield protection. If I set it at industry standard I do not get the message, BUT, what is happening? This has been going on now for about a month. I have followed directions and downloaded Adware by TSA, Malware, PC Magnum, replaced SuperShield, & Farbar Recovery Scan Tool. Done 2 scans with PCmatic. Frustrating! Computer seems to work but there is a reason for SS to be blocking this file. Does anyone know what it is? Link to comment Share on other sites More sharing options...
Y kawika Posted February 5, 2017 Share Posted February 5, 2017 Please post the Farbar Recovery Scan Tool log file in this thread. You have scripted malware that is being prevented from running and ruining your computer. Thank you. Y Link to comment Share on other sites More sharing options...
Juliet Posted February 5, 2017 Share Posted February 5, 2017 When you used Farbar Recovery Scan Tool, it should had created logs FRST.txt & Addition.txt if you could please search for and post those 2 logs in your next reply. Link to comment Share on other sites More sharing options...
DBatt Posted February 5, 2017 Author Share Posted February 5, 2017 not too experienced in this stuff so hope it has gone somewhere near where it is intended to go.FRST.txt Link to comment Share on other sites More sharing options...
Juliet Posted February 5, 2017 Share Posted February 5, 2017 (edited) While I look over the FRST txt, can you search for and post Addition.txt, it was created at the same time. Go to this folder Running from C:\Users\Dick\Downloads open that and see if the Addition.txt is located there. Edited February 5, 2017 by Juliet Link to comment Share on other sites More sharing options...
DBatt Posted February 6, 2017 Author Share Posted February 6, 2017 I have access to the file but cannot figure out how to transfer it to this reply section. does not seem to want to paste, drag or move anywhere. sorry for the problem. Link to comment Share on other sites More sharing options...
Juliet Posted February 6, 2017 Share Posted February 6, 2017 If necessary click the Attach this file button in the lower left hand corner of the Reply to this topic section of the Post In the lower left hand corner you should see a Browse button under Attach Files Click the Browse button and a new window will open Navigate to and double click on the file you want to attach Addition.txt Once the file path is entered into the box click Attach This File If successful, you will see the file name appear above Attach Files with a green check mark to the left When you are done with your message and hit Reply the file will automatically be attached to your reply ========== Link to comment Share on other sites More sharing options...
DBatt Posted February 7, 2017 Author Share Posted February 7, 2017 why is it skipping upload of addition it gives an error code of 403FRST.txt Link to comment Share on other sites More sharing options...
Juliet Posted February 7, 2017 Share Posted February 7, 2017 Addition.txtopen it, then:CTRL + A = Select AllCTRL + C = Copycome here to this topicCTRL + V = Paste~~~Let's see if we can get this tool to run.Please download the Malwarebytes Anti-Malware setup file to your Desktop.OR from this location Here After the installation IS complete let it update if it asks.Under SETTINGS.....APPLICATIONS leave everything at defaultUnder SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.Then go to the Dashboard and click on SCAN NOW When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste Then click on POST Exit Malwarebytes~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` Link to comment Share on other sites More sharing options...
DBatt Posted February 7, 2017 Author Share Posted February 7, 2017 gotMalwarebyteswww.malwarebytes.com -Log Details-Scan Date: 2/7/17Scan Time: 10:59 AMLogfile:Administrator: Yes -Software Information-Version: 3.0.6.1469Components Version: 1.0.50Update Package Version: 1.0.1064License: Trial -System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Dick-toshiba\Dick -Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 402464Time Elapsed: 11 min, 18 sec -Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled -Scan Details-Process: 0(No malicious items detected) Module: 0(No malicious items detected) Registry Key: 44PUP.Optional.PricePeep, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho.1, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKU\S-1-5-21-2850075346-2245016049-747838122-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKU\S-1-5-21-2850075346-2245016049-747838122-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [8678], [168651],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.SQLite, No Action By User, [2321], [352588],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AB7CDB6E-4F65-49F2-A2AB-704A6BA8DACC}, No Action By User, [2321], [352588],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AB7CDB6E-4F65-49F2-A2AB-704A6BA8DACC}, No Action By User, [2321], [352588],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.IE, No Action By User, [2321], [352593],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CAABE140-E960-4A2F-A026-A2C84C6049E4}, No Action By User, [2321], [352593],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CAABE140-E960-4A2F-A026-A2C84C6049E4}, No Action By User, [2321], [352593],1.0.1064PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, No Action By User, [131], [168990],1.0.1064PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, No Action By User, [131], [168990],1.0.1064PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, No Action By User, [131], [168990],1.0.1064PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [131], [-1],0.0.0PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, No Action By User, [8678], [168650],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, No Action By User, [8678], [168650],1.0.1064PUP.Optional.PricePeep, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, No Action By User, [8678], [168650],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.Updater, No Action By User, [2321], [352587],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5D20261F-EEDF-3E74-88B7-6ACD32607141}, No Action By User, [2321], [352587],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5D20261F-EEDF-3E74-88B7-6ACD32607141}, No Action By User, [2321], [352587],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.Utils, No Action By User, [2321], [352582],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{252FCBE7-33D2-4704-AE79-DD22F7586EEC}, No Action By User, [2321], [352582],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{252FCBE7-33D2-4704-AE79-DD22F7586EEC}, No Action By User, [2321], [352582],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.RecentDocs, No Action By User, [2321], [352590],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C2D680FB-63E0-4C6C-BEC4-676A9EA53222}, No Action By User, [2321], [352590],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C2D680FB-63E0-4C6C-BEC4-676A9EA53222}, No Action By User, [2321], [352590],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.RecycleBin, No Action By User, [2321], [352592],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E672CC3F-1B62-4EDA-BB50-CF2D8796CE33}, No Action By User, [2321], [352592],1.0.1064PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E672CC3F-1B62-4EDA-BB50-CF2D8796CE33}, No Action By User, [2321], [352592],1.0.1064PUP.Optional.PCMagnum, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Magnum_is1, No Action By User, [2340], [352547],1.0.1064PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered focet, No Action By User, [117], [308968],1.0.1064PUP.Optional.InstallCore, HKU\S-1-5-21-2850075346-2245016049-747838122-1001\SOFTWARE\ICSW1.23, No Action By User, [8], [239562],1.0.1064PUP.Optional.SpyHunter, HKLM\SOFTWARE\ENIGMASOFTWAREGROUP\SpyHunter, No Action By User, [1670], [331803],1.0.1064PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGIGUARD, No Action By User, [1670], [331706],1.0.1064PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3315828, No Action By User, [13614], [234010],1.0.1064PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3D60227B-EC2E-43F3-9840-4EDA6B914CAF}, No Action By User, [117], [308967],1.0.1064 Registry Value: 5PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0PUP.Optional.Wajam, HKU\S-1-5-21-2850075346-2245016049-747838122-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [131], [-1],0.0.0PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGIGUARD|IMAGEPATH, No Action By User, [1670], [331706],1.0.1064PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3D60227B-EC2E-43F3-9840-4EDA6B914CAF}|PATH, No Action By User, [117], [308967],1.0.1064 Registry Data: 0(No malicious items detected) Data Stream: 0(No malicious items detected) Folder: 38PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Quarantine, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Antivir, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Update, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Down, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\PROGRAMDATA\Spyware Clear, No Action By User, [7305], [179820],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content, No Action By User, [11059], [175505],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, No Action By User, [11059], [175505],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin, No Action By User, [11059], [175505],1.0.1064PUP.Optional.ArcadeParlor, C:\USERS\Dick\APPDATA\ROAMING\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, No Action By User, [11059], [175505],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\USERS\Dick\APPDATA\ROAMING\PC Tech Hotline, No Action By User, [1341], [178844],1.0.1064PUP.Optional.SpywareClear, C:\USERS\Dick\APPDATA\ROAMING\Spyware Clear, No Action By User, [7305], [179820],1.0.1064PUP.Optional.PCTechHotline, C:\Program Files (x86)\PCTechHotline\Update, No Action By User, [1341], [178845],1.0.1064PUP.Optional.PCTechHotline, C:\PROGRAM FILES (X86)\PCTechHotline, No Action By User, [1341], [178845],1.0.1064PUP.Optional.Revizer.PrxySvrRST, C:\PROGRAM FILES (X86)\ver4Re-markit, No Action By User, [10974], [181036],1.0.1064PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{4F448A27-C506-00E1-43C0-9EA3D982156D}, No Action By User, [2050], [341897],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SearchExtensions, C:\PROGRAM FILES (X86)\SEARCH EXTENSIONS, No Action By User, [17181], [242702],1.0.1064PUP.Optional.ArcadeParlor, C:\USERS\Dick\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ARCADEPARLOR, No Action By User, [11059], [175509],1.0.1064PUP.Optional.AstroArcade, C:\USERS\Dick\APPDATA\LOCAL\ASTROARCADE, No Action By User, [8482], [235600],1.0.1064PUP.Optional.PCOptimizerPro, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC OPTIMIZER PRO, No Action By User, [1285], [182301],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER, No Action By User, [1670], [331702],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\img, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\PROGRAM FILES (X86)\PCPITSTOP\PC Magnum, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC PITSTOP\PC Magnum, No Action By User, [2340], [358079],1.0.1064PUP.Optional.Amonetize, C:\USERS\Dick\APPDATA\LOCAL\20513, No Action By User, [13], [186702],1.0.1064PUP.Optional.ConverterFreeOnline, C:\Program Files (x86)\Converter Free Online\extension@Converter_Free_Online.com\content, No Action By User, [12602], [236936],1.0.1064PUP.Optional.ConverterFreeOnline, C:\Program Files (x86)\Converter Free Online\extension@Converter_Free_Online.com, No Action By User, [12602], [236936],1.0.1064PUP.Optional.ConverterFreeOnline, C:\PROGRAM FILES (X86)\CONVERTER FREE ONLINE, No Action By User, [12602], [236936],1.0.1064PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR, No Action By User, [7305], [187215],1.0.1064PUP.Optional.OptimizerPro, C:\USERS\Dick\DOCUMENTS\OPTIMIZER PRO, No Action By User, [1024], [241439],1.0.1064 File: 151PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\185_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\186_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\187_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\188_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\189_en_2.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\191_en_5.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\192_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\193_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\242_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\243_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\251_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\275_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\276_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\277_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\278_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\302_en_1.pngx, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\scan_0001.rpt, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\send_0001.rpt, No Action By User, [7305], [179820],1.0.1064PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\SC_CPL.xml, No Action By User, [7305], [179820],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\browser.xul, No Action By User, [11059], [175505],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin\style.css, No Action By User, [11059], [175505],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\icon.png, No Action By User, [11059], [175505],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\install.rdf, No Action By User, [11059], [175505],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SupportIcon00.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Icon_FAQ.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_Left.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_Right.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_X00.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_X01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_X02.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7Dark001_SettingsActive.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7Dark001_SettingsBack.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7Dark001_SettingsHover.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7Dark_NoTabs_Back00.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7Dark_NoTabs_PhoneIcon.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7logoNew_dark01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUblue.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUgreen.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUmonitorIcon00.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUmonitorIcon01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_graph.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_LivechatIcon00.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_LivechatIcon01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_lowerstripe.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_manphoto.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SupportIcon01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SystemCheckIcon00.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SystemCheckIcon01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\24x7_UploaderDark01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\ArrowSmall.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\ArrowSmallHot.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\bubble.xml, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Hardware_Icon.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Icon_FAQ_nonactive.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Icon_Settings.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Icon_Settings_nonactive.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\MainImg_SettingsDark01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Navigation_HomeIcon00_Dark01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Navigation_HomeIcon01_Dark01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Navigation_SettingsIcon00_Dark01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Navigation_SettingsIcon01_Dark01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\OK_IconGreen01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\PeriodicSystemCheckBubble.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Phones_Icon.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Security_Icon.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\skin.xml, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Software_Icon.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\SupportCheck01_arrow00.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\SupportCheck01_arrow01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Warning_Icon01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Warning_IconOrange01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Users\Dick\AppData\Roaming\PC Tech Hotline\skin\Warning_IconRed01.png, No Action By User, [1341], [178844],1.0.1064PUP.Optional.PCTechHotline, C:\Program Files (x86)\PCTechHotline\unins000.dat, No Action By User, [1341], [178845],1.0.1064PUP.Optional.PCTechHotline, C:\Program Files (x86)\PCTechHotline\unins000.msg, No Action By User, [1341], [178845],1.0.1064PUP.Optional.Revizer.PrxySvrRST, C:\Program Files (x86)\ver4Re-markit\178.dat, No Action By User, [10974], [181036],1.0.1064PUP.Optional.Revizer.PrxySvrRST, C:\Program Files (x86)\ver4Re-markit\178.xpi, No Action By User, [10974], [181036],1.0.1064PUP.Optional.Revizer.PrxySvrRST, C:\Program Files (x86)\ver4Re-markit\a.db, No Action By User, [10974], [181036],1.0.1064PUP.Optional.Revizer.PrxySvrRST, C:\Program Files (x86)\ver4Re-markit\b.db, No Action By User, [10974], [181036],1.0.1064PUP.Optional.Revizer.PrxySvrRST, C:\Program Files (x86)\ver4Re-markit\q2Re-markitXz178.bin, No Action By User, [10974], [181036],1.0.1064PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{4F448A27-C506-00E1-43C0-9EA3D982156D}\MOSO.TXT, No Action By User, [2050], [341897],1.0.1064PUP.Optional.WinYahoo.Generic, C:\ProgramData\{4F448A27-C506-00E1-43C0-9EA3D982156D}\aowLC, No Action By User, [2050], [341897],1.0.1064PUP.Optional.WinYahoo.Generic, C:\ProgramData\{4F448A27-C506-00E1-43C0-9EA3D982156D}\hdat1, No Action By User, [2050], [341897],1.0.1064PUP.Optional.WinYahoo.Generic, C:\ProgramData\{4F448A27-C506-00E1-43C0-9EA3D982156D}\hdat2, No Action By User, [2050], [341897],1.0.1064PUP.Optional.WinYahoo.Generic, C:\ProgramData\{4F448A27-C506-00E1-43C0-9EA3D982156D}\nidece, No Action By User, [2050], [341897],1.0.1064PUP.Optional.WinYahoo.Generic, C:\ProgramData\{4F448A27-C506-00E1-43C0-9EA3D982156D}\nodo, No Action By User, [2050], [341897],1.0.1064PUP.Optional.WinYahoo.Generic, C:\ProgramData\{4F448A27-C506-00E1-43C0-9EA3D982156D}\YdozK, No Action By User, [2050], [341897],1.0.1064PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR\UNINS000.DAT, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\driver.cab, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\24x7.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\analyze.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\bloatware.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\optimizer.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\ov.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\remover.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\restore.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\so.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\startup.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\systemsettings.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\unstableaddons.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\virtualkeyboard.xml, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.msg, No Action By User, [7305], [243463],1.0.1064PUP.Optional.SearchExtensions, C:\PROGRAM FILES (X86)\SEARCH EXTENSIONS\CONFIG.DAT, No Action By User, [17181], [242702],1.0.1064PUP.Optional.SearchExtensions, C:\Program Files (x86)\Search Extensions\TrustedRoot.cer, No Action By User, [17181], [242702],1.0.1064PUP.Optional.ArcadeParlor, C:\Users\Dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor\Play ArcadeParlor Online.url, No Action By User, [11059], [175509],1.0.1064PUP.Optional.AstroArcade, C:\USERS\Dick\APPDATA\LOCAL\ASTROARCADE\DATA2.DAT, No Action By User, [8482], [235600],1.0.1064PUP.Optional.PCOptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro\Live Support.url, No Action By User, [1285], [182301],1.0.1064PUP.Optional.PCOptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro\Uninstallation Guide.url, No Action By User, [1285], [182301],1.0.1064PUP.Optional.PCOptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro\Visit Website.url, No Action By User, [1285], [182301],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data\dns.dat, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140303_083528.log, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\INSTALL.LOG, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\cos.dat, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gas.dat, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gil.dat, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\safeol.dat, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\scanlog.log, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\supportlog.txt, No Action By User, [1670], [331702],1.0.1064PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\unkcache.dat, No Action By User, [1670], [331702],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\img\help.ico, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\img\splash.png, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\img\wait.gif, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\checkschedule.wsf, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\ChromeCacheView.exe, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\InfoCenter-Setup.exe, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\InstallHelper.dll, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\Interop.Shell32.dll, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\MozillaCacheView.exe, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\NoNet.html, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\PC Magnum.exe.config, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\PC Magnum.ico, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\PC Magnum.ini, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\PCMagnum.url, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\Remove-All.cmd, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\scan.wsf, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\Splash.html, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\sqlite3.dll, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\unins000.dat, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\unins000.exe, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\unins000.msg, No Action By User, [2340], [352547],1.0.1064PUP.Optional.PCMagnum, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop\PC Magnum\PC Magnum Online Documentation.lnk, No Action By User, [2340], [358079],1.0.1064PUP.Optional.PCMagnum, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop\PC Magnum\PC Magnum.lnk, No Action By User, [2340], [358079],1.0.1064PUP.Optional.PCMagnum, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop\PC Magnum\Uninstall PC Magnum.lnk, No Action By User, [2340], [358079],1.0.1064PUP.Optional.Amonetize, C:\USERS\Dick\APPDATA\LOCAL\20513\UPDATER.XML, No Action By User, [13], [186702],1.0.1064PUP.Optional.PCMagnum, C:\USERS\Dick\DESKTOP\PC MAGNUM.LNK, No Action By User, [2340], [352567],1.0.1064PUP.Optional.ConverterFreeOnline, C:\PROGRAM FILES (X86)\CONVERTER FREE ONLINE\UNINS000.DAT, No Action By User, [12602], [236936],1.0.1064PUP.Optional.ConverterFreeOnline, C:\Program Files (x86)\Converter Free Online\extension@Converter_Free_Online.com\content\browserOverlay.xul, No Action By User, [12602], [236936],1.0.1064PUP.Optional.ConverterFreeOnline, C:\Program Files (x86)\Converter Free Online\extension@Converter_Free_Online.com\install.rdf, No Action By User, [12602], [236936],1.0.1064PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR\SPYWARECLEAR.COM.URL, No Action By User, [7305], [187215],1.0.1064PUP.Optional.WinYahoo, C:\WINDOWS\TASKS\Yahoo! Powered focet.job, No Action By User, [117], [308966],1.0.1064PUP.Optional.WinYahoo, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Powered focet, No Action By User, [117], [308969],1.0.1064PUP.Optional.OptimizerPro, C:\USERS\Dick\DOCUMENTS\OPTIMIZER PRO\COOKIESEXCEPTION.TXT, No Action By User, [1024], [241439],1.0.1064 Physical Sector: 0(No malicious items detected) (end) the results of scan however the paste option is not available. Link to comment Share on other sites More sharing options...
Juliet Posted February 7, 2017 Share Posted February 7, 2017 When you ran the scan, did you allow it to quarantine what it had found? IF not, not a problem. Our culprit was found PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{4F448A27-C506-00E1-43C0-9EA3D982156D}\MOSO.TXT, No Action By User, [2050], [341897],1.0.1064 The above needs to be quarantined. If you have not selected at this time for other items not to be deleted, please remove any check marks you find by these PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.SQLite, No Action By User, [2321], [352588],1.0.1064 PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AB7CDB6E-4F65-49F2-A2AB-704A6BA8DACC}, No Action By User, [2321], [352588],1.0.1064 PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AB7CDB6E-4F65-49F2-A2AB-704A6BA8DACC}, No Action By User, [2321], [352588],1.0.1064 PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\PCPitstopErase2.IE, No Action By User, [2321], [352593],1.0.1064 PUP.Optional.PCPOptimize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CAABE140-E960-4A2F-A026-A2C84C6049E4}, No Action By User, [2321], [352593],1.0.1064 PUP.Optional.PCPOptimize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CAABE140-E960-4A2F-A026-A2C84C6049E4}, No Action By User, [2321], [352593],1.0.1064 PUP.Optional.PCMagnum, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Magnum_is1, No Action By User, [2340], [352547],1.0.1064 PUP.Optional.PCMagnum, C:\Program Files (x86)\PCPitstop\PC Magnum\img, No Action By User, [2340], [352547],1.0.1064 PUP.Optional.PCMagnum, C:\PROGRAM FILES (X86)\PCPITSTOP\PC Magnum, No Action By User, [2340], [352547],1.0.1064 PUP.Optional.PCMagnum, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC PITSTOP\PC Magnum, No Action By User, [2340], [358079],1.0.1064 Also, I want to experiment and send you a private message, wanted to see if it will allow you to copy and paste anything to me there. Link to comment Share on other sites More sharing options...
DBatt Posted February 7, 2017 Author Share Posted February 7, 2017 that now is the only file quarantined in the malware report. Is that what you wanted to happen? Will this still cause SS to notify me of a blocked file? Link to comment Share on other sites More sharing options...
Juliet Posted February 7, 2017 Share Posted February 7, 2017 Will this still cause SS to notify me of a blocked file?it shouldn't and to try to run another scan and clean with PC Matic. Link to comment Share on other sites More sharing options...
DBatt Posted February 8, 2017 Author Share Posted February 8, 2017 scanned again w/pcmatic. As of 7:24 P.M. still receiving notice of blocked file by S.S.???? Link to comment Share on other sites More sharing options...
Juliet Posted February 8, 2017 Share Posted February 8, 2017 AdwCleaner Please download AdwCleaner and save the file to your Desktop. In order to use AdwCleaner, you have to agree the Eula: Right-click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Logfile. Ensure all items have a checkmark Return to AdwCleaner. Click Clean. Follow the prompts and allow your computer to reboot. After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply. -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you would please, let's do another scan with Malwarebytes Anti-Malware This time, please make sure that everything has a checkmark to be removed. Open Malwarebytes Anti-Malware On the Dashboard click on Update Now Under SETTINGS.....APPLICATIONS leave everything at default Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on. Then go to the Dashboard and click on SCAN NOW When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste Then click on POST Exit Malwarebytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` Link to comment Share on other sites More sharing options...
DBatt Posted February 8, 2017 Author Share Posted February 8, 2017 AdwCleaner seems to have been the answer. No blocked messages since running it. Link to comment Share on other sites More sharing options...
Juliet Posted February 8, 2017 Share Posted February 8, 2017 Yea, let's do a victory dance. Can you locate this file AdwCleaner[C1].txt, copy and paste it into your next reply? Link to comment Share on other sites More sharing options...
DBatt Posted February 8, 2017 Author Share Posted February 8, 2017 # AdwCleaner v6.043 - Logfile created 08/02/2017 at 07:21:23# Updated on 27/01/2017 by Malwarebytes# Database : 2017-02-03.2 [server]# Operating System : Windows 7 Home Premium Service Pack 1 (X64)# Username : Dick - Dick-TOSHIBA# Running from : C:\Users\Dick\Downloads\AdwCleaner.exe# Mode: Scan# Support : https://www.malwarebytes.com/support ***** [ Services ] *****Service Found: esgiguard ***** [ Folders ] ***** Folder Found: C:\Users\Dick\AppData\Local\20513Folder Found: C:\Users\Dick\AppData\Local\SevereWeatherAlertsFolder Found: C:\Users\Dick\AppData\Roaming\PC Tech HotlineFolder Found: C:\Users\Dick\AppData\Roaming\pccustubinstallerFolder Found: C:\Users\Dick\AppData\Roaming\Spyware ClearFolder Found: C:\Users\Dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlorFolder Found: C:\Program Files\Enigma Software GroupFolder Found: C:\ProgramData\PartnerFolder Found: C:\ProgramData\Spyware ClearFolder Found: C:\ProgramData\TrymediaFolder Found: C:\ProgramData\Application Data\PartnerFolder Found: C:\ProgramData\Application Data\Spyware ClearFolder Found: C:\ProgramData\Application Data\TrymediaFolder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer ProFolder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech HotlineFolder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware ClearFolder Found: C:\Program Files (x86)\converter free onlineFolder Found: C:\Program Files (x86)\PCTechHotlineFolder Found: C:\Program Files (x86)\Search ExtensionsFolder Found: C:\Program Files (x86)\Spyware ClearFolder Found: C:\Program Files (x86)\ViewPlay ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: Yahoo! Powered focet ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\Toolbar.CT3315828Key Found: HKLM\SOFTWARE\Classes\PricePeep.PricePeepBhoKey Found: HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBhoKey Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1Key Found: [x64] HKLM\SOFTWARE\Classes\PricePeep.PricePeepBhoKey Found: [x64] HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBhoKey Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1Key Found: HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}Key Found: HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Found: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found: HKLM\SOFTWARE\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}Key Found: HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}Key Found: HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}Key Found: HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}Key Found: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found: HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}Key Found: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}Key Found: HKU\S-1-5-21-2850075346-2245016049-747838122-1001\Software\SoftwareUpdaterKey Found: HKU\S-1-5-21-2850075346-2245016049-747838122-1001\Software\Yahoo\CompanionKey Found: HKU\S-1-5-21-2850075346-2245016049-747838122-1001\Software\ICSW1.23Key Found: HKCU\Software\SoftwareUpdaterKey Found: HKCU\Software\Yahoo\CompanionKey Found: HKCU\Software\ICSW1.23Key Found: HKLM\SOFTWARE\Trymedia SystemsKey Found: [x64] HKCU\Software\SoftwareUpdaterKey Found: [x64] HKCU\Software\Yahoo\CompanionKey Found: [x64] HKCU\Software\ICSW1.23Key Found: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroupKey Found: HKU\S-1-5-21-2850075346-2245016049-747838122-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found: HKU\S-1-5-21-2850075346-2245016049-747838122-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9AD4A38E-6442-42F0-B404-28E20439EE3C}Data Found: HKU\S-1-5-21-2850075346-2245016049-747838122-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -Key Found: HKU\S-1-5-21-2850075346-2245016049-747838122-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DB1F97D9-8E93-416C-8055-EAB4310BBFB2}Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9AD4A38E-6442-42F0-B404-28E20439EE3C}Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DB1F97D9-8E93-416C-8055-EAB4310BBFB2}Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9AD4A38E-6442-42F0-B404-28E20439EE3C}Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DB1F97D9-8E93-416C-8055-EAB4310BBFB2} ***** [ Web browsers ] ***** No malicious Firefox based browser items found.No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[s0].txt - [6255 Bytes] - [08/02/2017 07:21:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6328 Bytes] ########## do not know what happened but here it is , I think Link to comment Share on other sites More sharing options...
Juliet Posted February 8, 2017 Share Posted February 8, 2017 (edited) you did good here is the file that needed to go Task Found: Yahoo! Powered focet from the log you posted it says found, not seeing the one where it deleted anything. Do you know when you ran the scan that you allowed it to quarantine anything? Edited February 9, 2017 by Juliet Link to comment Share on other sites More sharing options...
DBatt Posted February 9, 2017 Author Share Posted February 9, 2017 I believe it was set to clean Link to comment Share on other sites More sharing options...
Juliet Posted February 9, 2017 Share Posted February 9, 2017 if you run the tool below, this will clean off the tools and quarantine folders we used. Please download DelFix or from Here and save the file to your Desktop. Double-click DelFix.exe to run the programme. Place a checkmark next to the following items: Activate UAC Remove disinfection tools Click the Run button. -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete ). *********** Link to comment Share on other sites More sharing options...
DBatt Posted February 10, 2017 Author Share Posted February 10, 2017 SS blocks this program from running. Is it necessary to delete the Malware , and adware and adwcleaner programs ? if so can they be removed thru control panel and uninstall ? Link to comment Share on other sites More sharing options...
Juliet Posted February 10, 2017 Share Posted February 10, 2017 some may or may not be listed in add/remove control panel Check there first You may also locate the tool, right click and delete. Link to comment Share on other sites More sharing options...
DBatt Posted February 10, 2017 Author Share Posted February 10, 2017 Many thanks! Back on the road to sanity again, whatever that is. Link to comment Share on other sites More sharing options...
Juliet Posted February 10, 2017 Share Posted February 10, 2017 safe surfing Link to comment Share on other sites More sharing options...
Recommended Posts