Jump to content


Photo

Very sluggish PC - scans show 400+ threats


  • Please log in to reply
20 replies to this topic

#1 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 17 June 2018 - 06:27 AM

My PC has become more and more sluggish and unresponsive in the past months, from opening MS Office apps, to switching between Chrome tabs.  
I do not use Mozilla since it is so slow.
 
I have signed for Malwarebytes 14 day trial period. Please let me know if I should turn off Malwarebytes at any time. 
 
BTW, I have McAfee in the PC but expired long ago. I will rather get it off the PC if possible, but I understand it is not 'simple'.  An older PC had it and thanks to you guys I was able to remove McAfee, and install Avast.
 
I don't recall installing File Cure but has been in my PC for years.  Is it safe? It does its scans daily, but I never pay attention to what it says since I don't want to mess with the registry. Advice appreciated.
 
After the scans below, I did an ESET online scan and clean the files shown from the scan. The ESET log is at the end of this list.
 
Attached are the requested logs. Thanks!
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/16/18
Scan Time: 12:38 AM
Log File: 245f44c2-711f-11e8-b0c6-681729552089.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5504
License: Trial
 
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: JSOTO-PC\Jorge
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 841488
Threats Detected: 441
Threats Quarantined: 441
Time Elapsed: 18 hr, 19 min, 49 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 43
PUP.Optional.FileViewPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FileViewPro_is1, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [242], [464596],1.0.5504
PUP.Optional.Reimage, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1361], [327203],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1361], [327197],1.0.5504
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\WOW6432NODE\REG\Clean, Quarantined, [3217], [348488],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ParetoLogic Registration3, Quarantined, [1246], [457731],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8EEDE97C-B1B4-4E6C-B50F-086BF21694A7}, Quarantined, [1246], [457731],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{8EEDE97C-B1B4-4E6C-B50F-086BF21694A7}, Quarantined, [1246], [457731],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1361], [327193],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1361], [327193],1.0.5504
PUP.Optional.GoForFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F1770E90-0203-483F-B9C8-549A375CCB3B}, Quarantined, [4545], [262129],1.0.5504
PUP.Optional.WinYahoo, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Quarantined, [245], [182758],1.0.5504
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Quarantined, [245], [182758],1.0.5504
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Quarantined, [245], [182758],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E4C449E1-3A9C-4189-A2EB-88DBA6A6FF8D}, Quarantined, [1246], [370963],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E4C449E1-3A9C-4189-A2EB-88DBA6A6FF8D}, Quarantined, [1246], [370963],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ParetoLogic Update Version3, Quarantined, [1246], [370963],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1361], [327193],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{55FC8B73-5EF9-474F-9A49-95E4B384F16E}, Quarantined, [1246], [370963],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{55FC8B73-5EF9-474F-9A49-95E4B384F16E}, Quarantined, [1246], [370963],1.0.5504
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ParetoLogic Update Version3 Startup Task, Quarantined, [1246], [370963],1.0.5504
PUP.Optional.InstallCore, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [392], [481004],1.0.5504
PUP.Optional.Reimage, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Reimage, Quarantined, [1361], [357494],1.0.5504
PUP.Optional.RegCleanPro, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\REG\Clean, Quarantined, [1664], [347493],1.0.5504
PUP.Optional.Reimage, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1361], [327204],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1361], [332494],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1361], [332494],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1361], [332494],1.0.5504
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1361], [327206],1.0.5504
 
Registry Value: 6
PUP.Optional.GoForFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F1770E90-0203-483F-B9C8-549A375CCB3B}|PATH, Quarantined, [4545], [262129],1.0.5504
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Quarantined, [245], [182758],1.0.5504
PUP.Optional.InstallCore, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [392], [481004],1.0.5504
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Quarantined, [245], [182758],1.0.5504
PUP.Optional.WinYahoo, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Quarantined, [245], [182757],1.0.5504
PUP.Optional.Reimage, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1361], [327204],1.0.5504
 
Registry Data: 3
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [245], [293461],1.0.5504
PUP.Optional.WinYahoo, HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [245], [292990],1.0.5504
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [245], [293461],1.0.5504
 
Data Stream: 0
(No malicious items detected)
 
Folder: 39
PUP.Optional.FileViewPro, C:\Users\Jorge\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0, Quarantined, [2067], [319819],1.0.5504
PUP.Optional.FileViewPro, C:\Users\Jorge\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm, Quarantined, [2067], [319819],1.0.5504
PUP.Optional.FileViewPro, C:\USERS\JORGE\APPDATA\LOCAL\FILEVIEWPRO, Quarantined, [2067], [319819],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Cursors, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Raw, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Wps, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\7z, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\fr, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\it, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\PROGRAM FILES\FILEVIEWPRO, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\pt_BR, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\en, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\fr, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\hi, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\vi, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\skin\icons, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_metadata, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\vendor, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\skin, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\USERS\JORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [242], [464596],1.0.5504
 
File: 350
PUP.Optional.FileViewPro, C:\Users\Jorge\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\user.config, Quarantined, [2067], [319819],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\7z\7z.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended\Patch-Mode.xshd, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended\Python-Mode.xshd, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Code\Extended\SQL-Mode.xshd, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Cursors\PanToolCursor.cur, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.Data.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.Printing.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.RichEdit.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.Utils.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraBars.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraEditors.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraGrid.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\de\DevExpress.XtraPrinting.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.Data.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.Printing.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.RichEdit.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.Utils.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraBars.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraEditors.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraGrid.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\es\DevExpress.XtraPrinting.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.Data.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.Printing.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.RichEdit.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.Utils.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraBars.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraEditors.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraGrid.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ru\DevExpress.XtraPrinting.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.Data.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.Printing.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.RichEdit.v12.1.Core.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.Utils.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraBars.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraEditors.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraGrid.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ja\DevExpress.XtraPrinting.v12.1.resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ar.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\cs.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\da.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\de.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\el.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\en-US.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\en.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\es.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\fi.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\fr.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\hi.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\hu.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\it.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ja.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ko.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\nl.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\no.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\pl.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\pt-br.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\pt-pt.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ro.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\ru.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\sv.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\tr.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\zh-cn.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Langs\zh-tw.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Raw\dcraw.exe, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Wps\wps2html.exe, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Aspose.Slides.lic, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Be.Windows.Forms.HexBox.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Declarations.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Data.v12.1.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Data.v12.1.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Office.v12.1.Core.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Office.v12.1.Core.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Printing.v12.1.Core.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Printing.v12.1.Core.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.RichEdit.v12.1.Core.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Utils.v12.1.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.Utils.v12.1.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraBars.v12.1.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraBars.v12.1.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraEditors.v12.1.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraEditors.v12.1.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraGrid.v12.1.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraGrid.v12.1.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraPrinting.v12.1.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.Design.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.Extensions.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.Printing.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraRichEdit.v12.1.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\EULA_FileViewPro.rtf, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Facebook.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Facebook.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.exe, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.exe.config, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Facebook.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Facebook.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Licensing.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Licensing.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Localization.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Localization.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Strings.3.resources, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Document.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Document.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Media.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Media.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Message.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.RichEdit.v12.1.Core.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\DevExpress.XtraPrinting.v12.1.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Common.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Message.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Xps.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Mime.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Mime.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Pdf.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Pdf.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Torrent.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Torrent.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wpd.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wpd.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wps.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Wps.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Views.Xps.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.Common.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.vshost.exe, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.vshost.exe.config, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\FileViewPro.vshost.exe.manifest, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ICSharpCode.SharpZipLib.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ICSharpCode.TextEditor.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ImageView.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\ImageView.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Implementation.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Interop.WIA.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\IsLicense50.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\LibVlcWrapper.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\licenses.licx, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Microsoft.CSharp.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\new_icon.ico, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\NLog.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFRender4NET.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFRender4NET.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFView4NET.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\O2S.Components.PDFView4NET.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Base.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Core.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Data.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Effects.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.Resources.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PaintDotNet.SystemLayer.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\PluginInstaller.exe, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Plugins.xml, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\QlmControls.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\QlmLicenseLib.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SDL.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SevenZipSharp.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SimplePsd.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SocialExplorer.FastDBF.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\SocialExplorer.FastDBF.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Svg.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\Svg.pdb, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\swscale-0.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\System.Windows.Forms.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\TorrentParser.dll, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\unassoc.bat, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\unins000.dat, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\unins000.exe, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\Program Files\FileViewPro\unins000.msg, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.FileViewPro, C:\USERS\JORGE\DESKTOP\Shortcuts\POCO O NO USADOS\FileViewPro.lnk, Quarantined, [2067], [319821],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\HelveticaNeueLT-Roman.woff, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\neue-bold.woff, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\neue.woff, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\close-FF8A5A.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\collection-9B9B9B.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\collection-FF691E.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\doc-icon-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\error-FF691E.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\pdf-2-doc-9B9B9B.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\pdf-2-doc-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\pdf-icon-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\success-FF8A5A.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\tab-arrow-FF691E.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\upload-FF691E.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\amazon-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\amazon.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\close.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\enlarge-000000-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\enlarge-FFCA00-000000.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\hulu-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\hulu.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\minimize-000000-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\netflix-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\netflix.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\refresh-FFFFFF-000000.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\shrink-FFCA00-000000.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\shuffle-000000.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\shuffle-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\vudu-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\vudu.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\128.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\16.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\48.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\close.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\favicon.ico, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\trends.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\bing-maps-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\from-to-icon-8881FF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\google-maps-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\location-icon-8881FF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\search-4A4A4A.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\search-8881FF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\switch-8881FF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\tab-arrow-8881FF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\whereto-logo-8881FF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\whereto-logo-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\facebook_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\aliexpress.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\aliexpress_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\amazon.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\amazon_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\booking.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\booking_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\ebay.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\ebay_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\expedia.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\expedia_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\facebook.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\gmail.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\gmail_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\google-translate-icon-FFFFFF.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\gtranslte.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\pinterest.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\pinterest_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\twitter.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\twitter_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\wix.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\wix_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\yahoo.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\yahoo_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\youtube.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\youtube_tile_v2.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\DOC-to-PDF.jpg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\PDF-to-DOC.jpg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\Translation.jpg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\View-PDF.jpg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\01d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\01n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\02d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\02n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\03d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\03n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\04d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\04n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\09d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\09n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\10d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\10n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\11d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\11n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\13d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\13n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\50d.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\50n.svg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\down.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\alot.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\angle-arrow-down.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bing.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bing_large.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bluesky-bg.jpg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\brush.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bt.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\clock.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\cloud.png, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\cupcake-bg.jpg, Quarantined, [242], [464596],1.0.5504
PUP.Optional.SearchManager, C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjo

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 18 June 2018 - 10:19 AM

Hello azuleno and welcome back to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

 

I have signed for Malwarebytes 14 day trial period. Please let me know if I should turn off Malwarebytes at any time.

Not for now. I'll let you know if needed.


I see you have Team Viewer installed. This is a remote access program, and is a potential risk if unneeded or unused. If not needed, I would recommend uninstalling it. If you decide to keep it, be sure you have a strong password of at least 8 characters (more is better), including at least one lower case letter, one upper case letter, at least one number, and at least one special character (upper case on the number keys).
 

 

 

I don't recall installing File Cure but has been in my PC for years.  Is it safe? It does its scans daily, but I never pay attention to what it says since I don't want to mess with the registry. Advice appreciated.

This program, which finds software to open files, scans your Windows Registry to find out which formats your existing programs support. Personally, I would not trust either in a program that messes with the Windows Registry. Below, I gave you instructions so you can remove it.

 

 

BTW, I have McAfee in the PC but expired long ago. I will rather get it off the PC if possible, but I understand it is not 'simple'. An older PC had it and thanks to you guys I was able to remove McAfee, and install Avast.

If you want to remove the McAfee applications, please do this:

Right-click in the screen’s bottom-left corner and choose the Control Panel from the pop-up menu;
When the Control Panel appears, choose Uninstall a Program from the 'Programs' category;
Click the McAfee VirusScan Enterprise program and then click Uninstall button;
When Windows asks whether you’re sure, click Yes and wait until the removal process is complete.

Then, repeat the same process for the McAfee Agent program.


Next, remove also the following programs through the Control Panel.

Coupon Printer for Windows
ParetoLogic FileCure
Shopping Helper Smartbar

 

Now, restart the computer and proceed with the instructions below:

 

 

Next,

Open Google Chrome;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the following extensions:

Screen capture, screenshot share/save
Foxtab Speed Dial
Lightshot (screenshot tool)


A confirmation dialog appears, click Remove.


Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53448;https=127.0.0.1:53448
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Handler: WSAllMyTubechrome - No CLSID Value
FF Extension: (BeFrugal) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\shopcbtoolbar2@befrugal.com.xpi [2018-06-02]
FF SearchPlugin: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\searchplugins\yahoo! powered search.xml [2017-05-20]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-08-28] (Coupons, Inc.)
CHR NewTab: Default ->  Not-active:"chrome-extension://cbdfhfjemjbndkgeafknoifghpfmhpbl/tab.html"
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [178160 2014-08-28] (Coupons.com Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
U3 mfeavfk01; no ImagePath
S3 glavcam; \SystemRoot\system32\DRIVERS\glavcam.sys [X]
2014-12-16 00:21 - 2014-12-16 00:21 - 000163840 _____ () C:\Users\Jorge\AppData\Local\Temp\aacenc3.exe
2014-09-21 12:41 - 2014-09-21 12:41 - 002936832 _____ () C:\Users\Jorge\AppData\Local\Temp\ffmpeg16.exe
2014-12-15 01:00 - 2014-12-15 01:00 - 003166208 _____ () C:\Users\Jorge\AppData\Local\Temp\ffmpeg19.exe
2017-05-21 14:02 - 2017-05-21 14:02 - 034412944 _____ (Digital Wave Ltd) C:\Users\Jorge\AppData\Local\Temp\FreeYTVDownloader.exe
2014-10-02 13:38 - 2014-10-02 13:38 - 000004608 _____ () C:\Users\Jorge\AppData\Local\Temp\i4jdel0.exe
2014-10-27 00:03 - 2014-10-27 00:03 - 000346987 _____ (Java™ Native Access (JNA)) C:\Users\Jorge\AppData\Local\Temp\jna7654968938232771711.dll
2017-01-18 22:24 - 2017-01-18 22:24 - 000739904 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-09-23 14:14 - 2017-09-23 14:14 - 000740416 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u144-windows-au.exe
2018-04-17 13:41 - 2018-04-17 13:41 - 001884616 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u171-windows-au.exe
2016-03-07 19:12 - 2016-03-07 19:12 - 000736352 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u73-windows-au.exe
2014-12-15 00:56 - 2014-12-15 00:56 - 000607296 _____ (NCH Software) C:\Users\Jorge\AppData\Local\Temp\prismsetup.exe
2014-09-21 12:41 - 2014-09-21 12:41 - 000802816 _____ () C:\Users\Jorge\AppData\Local\Temp\soxdec.exe
2015-03-28 09:08 - 2015-03-28 09:08 - 005750263 _____ () C:\Users\Jorge\AppData\Local\Temp\tmp8877.tmp.exe
2015-12-27 18:03 - 2015-12-27 18:03 - 003080088 _____ (ParetoLogic Inc.) C:\Users\Jorge\AppData\Local\Temp\Update.exe
2017-04-22 21:19 - 2017-04-22 21:19 - 014456872 _____ (Microsoft Corporation) C:\Users\Jorge\AppData\Local\Temp\vc_redist.x86.exe
2014-12-16 00:21 - 2014-12-16 00:21 - 000483328 _____ () C:\Users\Jorge\AppData\Local\Temp\x264enc6.exe
2015-06-28 16:27 - 2006-05-22 14:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jorge\AppData\Local\Temp\_is9345.exe
2015-06-28 16:29 - 2006-10-28 20:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jorge\AppData\Local\Temp\_isE3CD.exe
CustomCLSID: HKU\S-1-5-21-2289314783-225378754-3216661433-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jorge\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
Task: {6BA03365-67F7-4565-AD97-0E4386C4B287} - System32\Tasks\FileCure Default => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe [2015-05-05] (ParetoLogic) <==== ATTENTION
Task: {C46FA36B-B763-4C4A-998E-89588482C337} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {C5F1B12E-864E-4D81-87EF-A74F296449F8} - System32\Tasks\{1C96D483-109C-4D01-97BA-914E277DECD4} => C:\windows\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: C:\windows\Tasks\FileCure Default.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe <==== ATTENTION
Task: C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [143]
FirewallRules: [{EC68552D-3385-47DA-8872-F0BB1B7737F9}] => (Allow) C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp\CnetInstaller-75989951.exe
FirewallRules: [{468507E3-A171-4F9E-B377-97A3968BDD58}] => (Allow) C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp\CnetInstaller-75989951.exe
C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp
C:\Program Files (x86)\Coupons
Hosts:
RemoveProxy:
CMD: ipconfig /flushDNS
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
End::

Save the file as fixlist.txt in to the same location as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST is running from. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Please download Zemana.Antimalware.Portable and save it to your computer Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Wait a few seconds until the update of database signature is complete.
  • Without changing any options, click the Scan button to begin.
  • After the short scan is finished, if threats are detected click Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your computer's Desktop and click the Save button.

Please copy and paste the content of the log in your next reply.


To summarize, please post the content of:
Fixlog.txt
Zemana log

How is the computer running now?

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 18 June 2018 - 07:48 PM

Hi Android 8888,

 

Wow! The speed is back. I tried all browsers and so far so 'fast'!. Tried misc. MS Office (XL, PPT)... boom! fast... 

 

I was able to remove essentially all of the above, except McAfee Agent. I kept getting a message: "McAfee Agent cannot be removed while it is in managed mode." I guess as long as it does not interfere (I will install Avast) I don't mind if it 'stays' unless there is a way to uninstall.

 

Here are the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by Jorge at 2014-07-19 19:21:55 Run:1
Running from C:\Users\Jorge\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\pokki.exe"
FF SearchPlugin: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\searchplugins\trovi-search.xml
U3 mfeavfk01; No ImagePath
S3 cpuz134; \??\C:\Users\Jorge\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\searchplugins\trovi-search.xml => Moved successfully.
mfeavfk01 => Service deleted successfully.
cpuz134 => Service deleted successfully.
 
==== End of Fixlog ====
 
 
Zemana AntiMalware 2.74.2.150 (Portable)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018/6/18
Operating System       : Windows 8 64-bit
Processor              : 8X Intel® Core™ i7-4700MQ CPU @ 2.40GHz
BIOS Mode              : UEFI
CUID                   : 124D514504A5EC8F721BF1
Scan Type              : System Scan
Duration               : 140m 24s
Scanned Objects        : 584231
Detected Objects       : 5
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : RLI-HQ,1,3
 
Detected Objects
-------------------------------------------------------
 
Firefox Search
Status             : Scanned
Object             : Yahoo! Powered Search - http://us.search.yahoo.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search
 
Chrome Policy
Status             : Scanned
Object             : ebmeppiamopalpaabfkjlibdeakknjkm
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Policy
 
ParetoLogic FileCure.exe
Status             : Scanned
Object             : %userprofile%\downloads\paretologic filecure.exe
MD5                : E9CB547508A4E55BF869F789D8EF5DF9
Publisher          : Paretologic Inc
Size               : 3353392
Version            : 2.0.2.0
Detection          : Scareware:Win32/FakeAV.Paretologic!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\paretologic filecure.exe
 
couponprinter_x64.ocx
Status             : Scanned
Object             : %systemroot%\couponprinter_x64.ocx
MD5                : 0E20E40B0FF7764169591BA6975ACC6A
Publisher          : Coupons, Inc.
Size               : 659440
Version            : 5.0.2.1
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\couponprinter_x64.ocx
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32\@ = C:\windows\COUPON~2.OCX
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\InprocServer32\@ = C:\windows\COUPON~2.OCX
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\@ = C:\windows\COUPON~2.OCX
 
bytefence
Status             : Scanned
Object             : NE->c:\program files\bytefence
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/ByteFence.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 5
Reported as safe      : 0
Failed                : 0
 
 
 
If there is anything else to do, please let me know. I feel like the PC is doing well now.
 
I have known you guys for a long time. You've helped me take care of what seem to be insurmountable issues... to this little human 'azuleno'
 
Today I will make a donation which is represented by 2 x 2 x 2 x 2 x 2 x 2 x 2 = 2^8 = 2^(2^3) = $256 which is a significant number in many ways to me [it also spells the initials of my name :-) ] It is a token of appreciation for all the hard work that all of you folks put together. Hats off to you guys, and hoping to all of you the best. Kindly - azuleno


#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 19 June 2018 - 07:26 AM

Hello azuleno.

I'm very glad to hear that! :good:

Thank you for the donation. We really appreciate your kindness.

However, we are not done yet.


It looks like the fix script with FRST did not work correctly because it is not complete.


So let's try the fix again:

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53448;https=127.0.0.1:53448
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Handler: WSAllMyTubechrome - No CLSID Value
FF Extension: (BeFrugal) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\shopcbtoolbar2@befrugal.com.xpi [2018-06-02]
FF SearchPlugin: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\searchplugins\yahoo! powered search.xml [2017-05-20]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-08-28] (Coupons, Inc.)
CHR NewTab: Default ->  Not-active:"chrome-extension://cbdfhfjemjbndkgeafknoifghpfmhpbl/tab.html"
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [178160 2014-08-28] (Coupons.com Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
U3 mfeavfk01; no ImagePath
S3 glavcam; \SystemRoot\system32\DRIVERS\glavcam.sys [X]
2014-12-16 00:21 - 2014-12-16 00:21 - 000163840 _____ () C:\Users\Jorge\AppData\Local\Temp\aacenc3.exe
2014-09-21 12:41 - 2014-09-21 12:41 - 002936832 _____ () C:\Users\Jorge\AppData\Local\Temp\ffmpeg16.exe
2014-12-15 01:00 - 2014-12-15 01:00 - 003166208 _____ () C:\Users\Jorge\AppData\Local\Temp\ffmpeg19.exe
2017-05-21 14:02 - 2017-05-21 14:02 - 034412944 _____ (Digital Wave Ltd) C:\Users\Jorge\AppData\Local\Temp\FreeYTVDownloader.exe
2014-10-02 13:38 - 2014-10-02 13:38 - 000004608 _____ () C:\Users\Jorge\AppData\Local\Temp\i4jdel0.exe
2014-10-27 00:03 - 2014-10-27 00:03 - 000346987 _____ (Java™ Native Access (JNA)) C:\Users\Jorge\AppData\Local\Temp\jna7654968938232771711.dll
2017-01-18 22:24 - 2017-01-18 22:24 - 000739904 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-09-23 14:14 - 2017-09-23 14:14 - 000740416 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u144-windows-au.exe
2018-04-17 13:41 - 2018-04-17 13:41 - 001884616 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u171-windows-au.exe
2016-03-07 19:12 - 2016-03-07 19:12 - 000736352 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u73-windows-au.exe
2014-12-15 00:56 - 2014-12-15 00:56 - 000607296 _____ (NCH Software) C:\Users\Jorge\AppData\Local\Temp\prismsetup.exe
2014-09-21 12:41 - 2014-09-21 12:41 - 000802816 _____ () C:\Users\Jorge\AppData\Local\Temp\soxdec.exe
2015-03-28 09:08 - 2015-03-28 09:08 - 005750263 _____ () C:\Users\Jorge\AppData\Local\Temp\tmp8877.tmp.exe
2015-12-27 18:03 - 2015-12-27 18:03 - 003080088 _____ (ParetoLogic Inc.) C:\Users\Jorge\AppData\Local\Temp\Update.exe
2017-04-22 21:19 - 2017-04-22 21:19 - 014456872 _____ (Microsoft Corporation) C:\Users\Jorge\AppData\Local\Temp\vc_redist.x86.exe
2014-12-16 00:21 - 2014-12-16 00:21 - 000483328 _____ () C:\Users\Jorge\AppData\Local\Temp\x264enc6.exe
2015-06-28 16:27 - 2006-05-22 14:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jorge\AppData\Local\Temp\_is9345.exe
2015-06-28 16:29 - 2006-10-28 20:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jorge\AppData\Local\Temp\_isE3CD.exe
CustomCLSID: HKU\S-1-5-21-2289314783-225378754-3216661433-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jorge\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
Task: {6BA03365-67F7-4565-AD97-0E4386C4B287} - System32\Tasks\FileCure Default => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe [2015-05-05] (ParetoLogic) <==== ATTENTION
Task: {C46FA36B-B763-4C4A-998E-89588482C337} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {C5F1B12E-864E-4D81-87EF-A74F296449F8} - System32\Tasks\{1C96D483-109C-4D01-97BA-914E277DECD4} => C:\windows\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: C:\windows\Tasks\FileCure Default.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe <==== ATTENTION
Task: C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [143]
FirewallRules: [{EC68552D-3385-47DA-8872-F0BB1B7737F9}] => (Allow) C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp\CnetInstaller-75989951.exe
FirewallRules: [{468507E3-A171-4F9E-B377-97A3968BDD58}] => (Allow) C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp\CnetInstaller-75989951.exe
C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp
C:\Program Files (x86)\Coupons
Hosts:
RemoveProxy:
CMD: ipconfig /flushDNS
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST is running from. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.



Alright, to remove the McAfee Agent please start doing this:

Download SystemLook (64-Bit Version) and save it to your computer Desktop.

  • Right-click SystemLook_64.exe and select Run as administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Once SystemLook is open, copy the content of the following code-box and paste it into the main textfield of SystemLook:
    :filefind
    frminst.exe
    
  • Click the Look button to start the scan;
  • When finished, a Notepad file will open with the results of the scan. Please post the entire content of that log in your next reply.

Note: The log can also be found on your computer Desktop entitled SystemLook.txt.


Please post the content of the Fixlog.txt and also the content of SystemLook.txt and wait for further instructions.


Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 19 June 2018 - 03:52 PM

Hi Android 8888,

 

Here are the logs::

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.06.2018
Ran by Jorge (19-06-2018 17:04:45) Run:2
Running from C:\Users\Jorge\Downloads
Loaded Profiles: Jorge (Available Profiles: Jorge)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53448;https=127.0.0.1:53448
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Handler: WSAllMyTubechrome - No CLSID Value
FF Extension: (BeFrugal) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\shopcbtoolbar2@befrugal.com.xpi [2018-06-02]
FF SearchPlugin: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\searchplugins\yahoo! powered search.xml [2017-05-20]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-08-28] (Coupons, Inc.)
CHR NewTab: Default ->  Not-active:"chrome-extension://cbdfhfjemjbndkgeafknoifghpfmhpbl/tab.html"
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [178160 2014-08-28] (Coupons.com Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
U3 mfeavfk01; no ImagePath
S3 glavcam; \SystemRoot\system32\DRIVERS\glavcam.sys [X]
2014-12-16 00:21 - 2014-12-16 00:21 - 000163840 _____ () C:\Users\Jorge\AppData\Local\Temp\aacenc3.exe
2014-09-21 12:41 - 2014-09-21 12:41 - 002936832 _____ () C:\Users\Jorge\AppData\Local\Temp\ffmpeg16.exe
2014-12-15 01:00 - 2014-12-15 01:00 - 003166208 _____ () C:\Users\Jorge\AppData\Local\Temp\ffmpeg19.exe
2017-05-21 14:02 - 2017-05-21 14:02 - 034412944 _____ (Digital Wave Ltd) C:\Users\Jorge\AppData\Local\Temp\FreeYTVDownloader.exe
2014-10-02 13:38 - 2014-10-02 13:38 - 000004608 _____ () C:\Users\Jorge\AppData\Local\Temp\i4jdel0.exe
2014-10-27 00:03 - 2014-10-27 00:03 - 000346987 _____ (Java� Native Access (JNA)) C:\Users\Jorge\AppData\Local\Temp\jna7654968938232771711.dll
2017-01-18 22:24 - 2017-01-18 22:24 - 000739904 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-09-23 14:14 - 2017-09-23 14:14 - 000740416 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u144-windows-au.exe
2018-04-17 13:41 - 2018-04-17 13:41 - 001884616 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u171-windows-au.exe
2016-03-07 19:12 - 2016-03-07 19:12 - 000736352 _____ (Oracle Corporation) C:\Users\Jorge\AppData\Local\Temp\jre-8u73-windows-au.exe
2014-12-15 00:56 - 2014-12-15 00:56 - 000607296 _____ (NCH Software) C:\Users\Jorge\AppData\Local\Temp\prismsetup.exe
2014-09-21 12:41 - 2014-09-21 12:41 - 000802816 _____ () C:\Users\Jorge\AppData\Local\Temp\soxdec.exe
2015-03-28 09:08 - 2015-03-28 09:08 - 005750263 _____ () C:\Users\Jorge\AppData\Local\Temp\tmp8877.tmp.exe
2015-12-27 18:03 - 2015-12-27 18:03 - 003080088 _____ (ParetoLogic Inc.) C:\Users\Jorge\AppData\Local\Temp\Update.exe
2017-04-22 21:19 - 2017-04-22 21:19 - 014456872 _____ (Microsoft Corporation) C:\Users\Jorge\AppData\Local\Temp\vc_redist.x86.exe
2014-12-16 00:21 - 2014-12-16 00:21 - 000483328 _____ () C:\Users\Jorge\AppData\Local\Temp\x264enc6.exe
2015-06-28 16:27 - 2006-05-22 14:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jorge\AppData\Local\Temp\_is9345.exe
2015-06-28 16:29 - 2006-10-28 20:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jorge\AppData\Local\Temp\_isE3CD.exe
CustomCLSID: HKU\S-1-5-21-2289314783-225378754-3216661433-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jorge\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
Task: {6BA03365-67F7-4565-AD97-0E4386C4B287} - System32\Tasks\FileCure Default => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe [2015-05-05] (ParetoLogic) <==== ATTENTION
Task: {C46FA36B-B763-4C4A-998E-89588482C337} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {C5F1B12E-864E-4D81-87EF-A74F296449F8} - System32\Tasks\{1C96D483-109C-4D01-97BA-914E277DECD4} => C:\windows\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: C:\windows\Tasks\FileCure Default.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe <==== ATTENTION
Task: C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [143]
FirewallRules: [{EC68552D-3385-47DA-8872-F0BB1B7737F9}] => (Allow) C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp\CnetInstaller-75989951.exe
FirewallRules: [{468507E3-A171-4F9E-B377-97A3968BDD58}] => (Allow) C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp\CnetInstaller-75989951.exe
C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp
C:\Program Files (x86)\Coupons
Hosts:
RemoveProxy:
CMD: ipconfig /flushDNS
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => not found
"D:\Common\EpsonReg\Ereg.exe" => not found
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\WSAllMyTubechrome => not found
"C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\shopcbtoolbar2@befrugal.com.xpi" => not found
"C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\searchplugins\yahoo! powered search.xml" => not found
"C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found
"Chrome NewTab" => removed successfully
CouponPrinterService => service not found.
rpcapd => service not found.
mfeavfk01 => service not found.
glavcam => service not found.
"C:\Users\Jorge\AppData\Local\Temp\aacenc3.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\ffmpeg16.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\ffmpeg19.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\FreeYTVDownloader.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\i4jdel0.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\jna7654968938232771711.dll" => not found
"C:\Users\Jorge\AppData\Local\Temp\jre-8u121-windows-au.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\jre-8u144-windows-au.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\jre-8u171-windows-au.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\jre-8u73-windows-au.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\prismsetup.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\soxdec.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\tmp8877.tmp.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\Update.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\vc_redist.x86.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\x264enc6.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\_is9345.exe" => not found
"C:\Users\Jorge\AppData\Local\Temp\_isE3CD.exe" => not found
HKU\S-1-5-21-2289314783-225378754-3216661433-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA03365-67F7-4565-AD97-0E4386C4B287} => not found
"C:\windows\System32\Tasks\FileCure Default" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FileCure Default => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C46FA36B-B763-4C4A-998E-89588482C337} => not found
C:\windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F1B12E-864E-4D81-87EF-A74F296449F8} => not found
"C:\windows\System32\Tasks\{1C96D483-109C-4D01-97BA-914E277DECD4}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C96D483-109C-4D01-97BA-914E277DECD4} => not found
"C:\windows\Tasks\FileCure Default.job" => not found
"C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job" => not found
"C:\windows\Tasks\ParetoLogic Update Version3.job" => not found
"C:\ProgramData\TEMP" => ":C8B8CEBD" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC68552D-3385-47DA-8872-F0BB1B7737F9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{468507E3-A171-4F9E-B377-97A3968BDD58}" => not found
"C:\Users\Jorge\AppData\Local\Temp\nsk5444.tmp" => not found
"C:\Program Files (x86)\Coupons" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= ipconfig /flushDNS =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2605:a000:1236:c161:d1b5:8e07:2717:ad6c
   Temporary IPv6 Address. . . . . . : 2605:a000:1236:c161:38f7:f931:6924:91dd
   Link-local IPv6 Address . . . . . : fe80::d1b5:8e07:2717:ad6c%12
   Default Gateway . . . . . . . . . : fe80::2f7:6fff:fed5:d4a3%12
 
========= End of CMD: =========
 
 
========= ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : neo.rr.com
   IPv6 Address. . . . . . . . . . . : 2605:a000:1236:c161:d1b5:8e07:2717:ad6c
   Temporary IPv6 Address. . . . . . : 2605:a000:1236:c161:38f7:f931:6924:91dd
   Link-local IPv6 Address . . . . . : fe80::d1b5:8e07:2717:ad6c%12
   IPv4 Address. . . . . . . . . . . : 10.0.1.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::2f7:6fff:fed5:d4a3%12
                                       10.0.1.1
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36051380 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 366188035 B
Edge => 0 B
Chrome => 522646244 B
Firefox => 36641320 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 9514 B
NetworkService => 0 B
Jorge => 278006727 B
 
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:09:07 ====
 
 
SystemLook 04.09.10 by jpshortstuff
Log created at 17:36 on 19/06/2018 by Jorge
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "frminst.exe"
C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe --a---- 400928 bytes [11:08 22/03/2013] [11:08 22/03/2013] 9193FC324926C157329B469DBDA41810
 
-= EOF =-


#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 19 June 2018 - 05:24 PM

Hello azuleno and thank you for the logs.

Please do the following:

Press the Windows + X keys simultaneously and select Command Prompt (Admin) on the Power User Tasks menu;
If you use receive a User Account Control prompt, please allow it to continue;
Now type the text (in bold) below. Please note that there is a space between the letter 'e' and the slash '/'

 

C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe /remove=agent

 

Press the Enter key;
Close the Command Prompt window.

Now go to Programs and Features and try to remove the McAfee Agent program.

Let me know how you get on.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 19 June 2018 - 06:12 PM

I get the DOS 'Administrator: Command Prompt' window but cannot type anything. After the "MS Windows V 6.2.9200 and © 2012 MS Corp All rights reserved" message I get:

 

C:[back slash] windows [back slash] system32>

 

but cannot move anywhere before or after the end of the string, with the left or right arrows; enter, back space, nothing. :-( 



#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 20 June 2018 - 04:35 AM

Okay, please try this:

Press Windows + X keys simultaneously and select 'Search';
In the search box type powershell.exe;
Right-click on Windows PowerShell and select Run as administrator;
If you use receive a User Account Control prompt, please allow it to continue;
Now type the text (in bold) below. Please note that there is a space between the letter 'e' and the slash '/'

C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe /remove=agent

Press the Enter key;
Close the Command Prompt window.

Now go to Programs and Features and try to remove the McAfee Agent program.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#9 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 20 June 2018 - 09:57 PM

Got to the "Administrator: Windows PowerShell" window. It read:

 

Windows PowerShell

Copyright© 2012 MS Corp. All rights reserved.

 

PS C:\windows\system32> **

 

 

Right at the double asterisk is where the cursor was located. If I hit <enter>, it would go to the next line and type same again:

 

 

PS C:\windows\system32>      "and over and over if I hit enter again, thus I typed the requested text as shown:"

 

 

PS C:\windows\system32> C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe /remove=agent

 

Upon hitting enter, got the following message in red font, plus the PS string shown below:

 

x86 : The term ‘x86’ is not recognized as the name of a cmdlet, function, script file, or operable program.  Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

At line1: char:19

+ C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe /remove=agent

+

  + CategoryInfo  : ObjectNotFound: (x86:String) [], CommandNotFoundException

  + FullyQualifiedErrorId     : CommandNotFoundException

 

PS C:\windows\system32>

 

 

So I thought, go to Programs and see if the Uninstall works, in spite of the above. It didn't. Got the McAfee message error box:

 

McAfee Agent cannot be removed while it is in managed mode. 

 

 

So I came here to post and get advice. Thanks!



#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 21 June 2018 - 05:11 AM

Hello azuleno,

Let's try another method to remove McAfee Agent.

Please download the free portable version of Revo Uninstaller and save the compressed file to your computer's Desktop.

  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort.exe and select Run as administrator to open the tool;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select McAfee Agent and click Uninstall. Follow the instructions to complete the removal process;
  • When finished, in 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers of the program;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
    Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.

 

Please let me know if you were able to remove McAfee Agent this time.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 21 June 2018 - 10:32 PM

Hi again Android 8888,

 

Got to the 5th bullet above (Select McAfee Agent and click Uninstall), and again got a McAfee Agent error window:

 

"McAfee Agent cannot be removed while it is in managed mode"

 

I searched for "mcafee agent cannot be removed" and got some links but did not attempt their suggestions. The first one https://it.uoregon.edu/node/4094seems interesting. Mentions that  have to first change McAfee into Unmanaged Mode, and how to do so.

 

Again, I did not attempt the procedure to avoid messing up your approach. 



#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 22 June 2018 - 02:47 AM

Alright, please try step by step the instructions of the link that you posted and see if you have success in removing McAfee Agent.

 

If you continue to be unsuccessful using the Command Prompt, please perform the same steps of those instructions but use Windows PowerShell instead of Command Prompt.

 

Let me know how you get on.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#13 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 23 June 2018 - 07:54 PM

Hi Android 8888,

 

Removed the McAfee successfully. 

 

Is there anything else to 'double check?



#14 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 24 June 2018 - 09:59 AM

I am using Excel today and notice it is sluggish even on simple things that should be essentially instantaneous, like setting the width of a column. Chrome is also a tad slower... Just wondering if there may be another suggestion. I still have the MalwareBytes trial, and it is blocking PUPs and others... seems it is worth the price.

 

EDIT::: Rebooted the PC and the Excel is working OK now. Chrome seems to be fine after all. 


Edited by azuleno, 24 June 2018 - 07:48 PM.


#15 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 26 June 2018 - 05:29 AM

Hello azuleno,

I'm glad to hear that the programs are running well. :good:

Now let's check for leftovers with ESET Online Scanner. This is a very thorough scan so may take several hours to complete but it's worth it.

  • Click here to download the installer for ESET Online Scanner and save it to your computer Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a check-mark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a check-mark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Open the scan log and copy and paste the content to your next reply (if it produced one).

Enable all your antivirus and antimalware software.
 
 
Please let me know how your computer is running now? Are there any malware related problems?

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#16 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 27 June 2018 - 12:59 PM

Ran ESET online and when done, had found five threats. Somehow the computer rebooted and I cannot find the log. Since ESET ONline is on the desktop, assumed it would be there, but couldn't find such log. Ran ESET ONline again, and found no threats. Did not get a log on this. Puzzled as to how to proceed. Thoughts?



#17 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,843 posts

Posted 27 June 2018 - 04:43 PM

With regard to ESET:

 

Note: If nothing is found, it will not produce a log.

 


a102.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#18 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 27 June 2018 - 06:46 PM

I have a question as something happened to the WavePad Sound Editor during the last 24 hours, maybe related to the ESET online scanning? I have had it for many years, and all of the sudden I cannot find it. Can you suggest how can I search for it to see if it is still in the PC? It is not in the Programs anymore. Via Search box, it is not found. It was not in the Recycle bin.... ??

 

EDIT:: Reinstalled free version of WavePad Sound Editor.    

 

PS: Do you consider that the maintenance/cleaning is done?


Edited by azuleno, 28 June 2018 - 05:48 PM.


#19 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 29 June 2018 - 04:15 AM

Hi azuleno,

Regarding to ESET, as Rocket Grannie said -- if nothing is found it will not produce a log. So your computer appears to be clean and free of malware. :good:

I cannot tell you what happened to WavePad Sound Editor since we did not removed anything related to it and I don't think that was due to the ESET scan either.

 

If all is working well you can now search for updates.

Please download and run the free version of FileHippo Update Checker or UCheck to see what programs need to be updated.
 

 

After doing that you can remove the programs we used during the cleanup by running DelFix. This is a simple application that will be removed by itself after ran.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable file to your computer Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. I do not need to see that log, just close and delete it. It can be found in C:\Delfix.txt

 

Are there any issues or concerns with the computer at this time?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#20 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 230 posts

Posted 29 June 2018 - 11:28 PM

No issues or concerns at this point in time.

 

Updates going on.... DelFix removed all disinfection tools.

 

I appreciate your time + effort. Have a wonderful weekend. Thanks! 



#21 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,119 posts

Posted 02 July 2018 - 02:58 AM

No issues or concerns at this point in time.

Good! :good:
 
 

I appreciate your time + effort. Have a wonderful weekend. Thanks!

You're most welcome azuleno.
 
 

To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System and antivirus up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to programs and all your Internet Browsers in particular. Vulnerabilities are often exploited in order to install malware on your PC.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
How did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of ASAP and UNITE
Support SpywareInfo Forum - click the button