What is US System Care?
The Malwarebytes research team has determined that US System Care is a fake system optimizer. These so-called "optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Unpacked blog.
How do I know if I am infected with US System Care?
This is how the main screen of the system optimizer application looks:
You will find these icons in your taskbar and on your desktop:
And see this warning during install:
and this browser window when you click Repair:
You may see this entry in your list of installed programs:
and this task in your Task Scheduler:
How did US System Care get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was bundled by other software.
How do I remove US System Care?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes US System Care completely.
- This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the US System Care installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and it would have blocked some communications with their site:
Technical details for experts
You may see these entries in FRST logs:
(uspcworks.com) C:\Program Files\US System Care\usscr.exe
S2 USSCValidator; C:\ProgramData\USSCValidator\USSCValidatorService.exe [28672 2016-04-05] (AppVerifierService) [File not signed]
C:\Windows\System32\Tasks\US System Care_Logon
C:\Users\Public\Desktop\US System Care.lnk
C:\Users\{username}\AppData\Roaming\uspcworks.com
C:\Users\{username}\AppData\Roaming\FileOpenerWindows
C:\ProgramData\USSCValidator
C:\ProgramData\uspcworks.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US System Care
C:\Program Files\US System Care
US System Care (HKLM\...\747D6111-5B27-471E-99C4-0EA6960007C2_is1) (Version: 1.0.0.5742 - uspcworks.com)
Task: {712E11CF-A5E3-463F-BC0D-BA4FDA5BD7B4} - System32\Tasks\US System Care_Logon => C:\Program Files\US System Care\usscr.exe [2016-04-06] (uspcworks.com)Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files\US System Care
Adds the file danish_iss.ini"="2/1/2016 11:11 AM, 2402 bytes, A
Adds the file Dutch_iss.ini"="2/1/2016 11:11 AM, 2600 bytes, A
Adds the file english_iss.ini"="2/1/2016 11:11 AM, 2256 bytes, A
Adds the file finish_iss.ini"="2/1/2016 11:11 AM, 2368 bytes, A
Adds the file French_iss.ini"="2/1/2016 11:11 AM, 2792 bytes, A
Adds the file german_iss.ini"="2/1/2016 11:11 AM, 2658 bytes, A
Adds the file HtmlRenderer.dll"="2/1/2016 11:11 AM, 221696 bytes, A
Adds the file HtmlRenderer.WinForms.dll"="2/1/2016 11:11 AM, 60416 bytes, A
Adds the file Interop.IWshRuntimeLibrary.dll"="2/1/2016 11:11 AM, 49152 bytes, A
Adds the file italian_iss.ini"="2/1/2016 11:11 AM, 2552 bytes, A
Adds the file japanese_iss.ini"="2/1/2016 11:11 AM, 1844 bytes, A
Adds the file langs.db"="2/1/2016 11:19 AM, 401408 bytes, A
Adds the file Microsoft.Win32.TaskScheduler.dll"="2/1/2016 11:11 AM, 171008 bytes, A
Adds the file NAudio.dll"="2/1/2016 11:11 AM, 471040 bytes, A
Adds the file norwegian_iss.ini"="2/1/2016 11:11 AM, 2358 bytes, A
Adds the file portuguese_iss.ini"="2/1/2016 11:11 AM, 2424 bytes, A
Adds the file russian_iss.ini"="2/1/2016 11:11 AM, 2494 bytes, A
Adds the file spanish_iss.ini"="2/1/2016 11:11 AM, 2548 bytes, A
Adds the file swedish_iss.ini"="2/1/2016 11:11 AM, 2270 bytes, A
Adds the file System.Data.SQLite.DLL"="2/1/2016 11:11 AM, 290816 bytes, A
Adds the file TAFactory.IconPack.dll"="2/1/2016 11:11 AM, 36864 bytes, A
Adds the file TaskScheduler.dll"="2/1/2016 11:11 AM, 47280 bytes, A
Adds the file unins000.dat"="6/2/2016 9:08 AM, 72205 bytes, A
Adds the file unins000.exe"="6/2/2016 9:08 AM, 1209528 bytes, A
Adds the file unins000.msg"="6/2/2016 9:08 AM, 22701 bytes, A
Adds the file USSCContent.dll"="4/6/2016 11:00 AM, 15938560 bytes, A
Adds the file usscr.exe"="4/6/2016 11:04 AM, 1987768 bytes, A
Adds the file usscr.exe.config"="2/17/2016 4:09 PM, 3601 bytes, A
Adds the folder C:\Program Files\US System Care\x64
Adds the file SQLite.Interop.dll"="2/1/2016 11:11 AM, 1175552 bytes, A
Adds the folder C:\Program Files\US System Care\x86
Adds the file SQLite.Interop.dll"="2/1/2016 11:11 AM, 854528 bytes, A
Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US System Care
Adds the file Buy US System Care.lnk"="6/2/2016 9:08 AM, 865 bytes, A
Adds the file Uninstall US System Care.lnk"="6/2/2016 9:08 AM, 872 bytes, A
Adds the file US System Care.lnk"="6/2/2016 9:08 AM, 853 bytes, A
Adds the folder C:\ProgramData\uspcworks.com\US System Care
Adds the file mdb.db"="2/1/2016 11:11 AM, 835584 bytes, A
Adds the file pcspstartrepair_en.mp3"="2/1/2016 11:11 AM, 130973 bytes, A
Adds the folder C:\ProgramData\USSCValidator
Adds the file InstallUtil.InstallLog"="6/2/2016 9:08 AM, 664 bytes, A
Adds the file USSCValidatorService.exe"="4/5/2016 5:46 PM, 28672 bytes, A
Adds the file USSCValidatorService.exe.config"="4/1/2016 2:33 PM, 1460 bytes, A
Adds the file USSCValidatorService.InstallLog"="6/2/2016 9:08 AM, 702 bytes, A
Adds the file USSCValidatorService.InstallState"="6/2/2016 9:08 AM, 5012 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows
Adds the file langswfo.db"="2/1/2016 11:21 AM, 16384 bytes, A
Adds the file System.Data.SQLite.DLL"="2/1/2016 11:11 AM, 290816 bytes, A
Adds the file wfo.exe"="4/6/2016 11:04 AM, 74424 bytes, A
Adds the file wfo.exe.config"="2/1/2016 11:11 AM, 894 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x64
Adds the file SQLite.Interop.dll"="2/1/2016 11:11 AM, 1175552 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x86
Adds the file SQLite.Interop.dll"="2/1/2016 11:11 AM, 854528 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\uspcworks.com\US System Care
Adds the file Errorlog.txt"="6/2/2016 9:13 AM, 14386 bytes, A
Adds the file exlist.bin"="6/2/2016 9:09 AM, 258001 bytes, A
Adds the file res.xml"="6/2/2016 9:10 AM, 10949 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\uspcworks.com\US System Care\smico
In the existing folder C:\Users\Public\Desktop
Adds the file US System Care.lnk"="6/2/2016 9:08 AM, 835 bytes, A
In the existing folder C:\Windows\System32\Tasks
Adds the file US System Care_Logon"="6/2/2016 9:09 AM, 3040 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
"(Default)"= REG_SZ, "C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "%1""
"windowsfileopener.Dat"="REG_SZ", "C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command]
"(Default)"= REG_SZ, "C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "%1""
"windowsfileopener.Dat"="REG_SZ", "C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\dXNwY3dvcmtzLmNvbQ==\VVMgU3lzdGVtIENhcmU=\ACT]
"data"="REG_BINARY, ...................................................................................................................................................................................................................................................................................................................
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\747D6111-5B27-471E-99C4-0EA6960007C2_is1]
"DisplayIcon"="REG_SZ", "C:\Program Files\US System Care\usscr.exe"
"DisplayName"="REG_SZ", "US System Care"
"DisplayVersion"="REG_SZ", "1.0.0.5742"
"EstimatedSize"="REG_DWORD", 25742
"HelpLink"="REG_SZ", "http://www.uspcworks.com/help/"
"Inno Setup: App Path"="REG_SZ", "C:\Program Files\US System Care"
"Inno Setup: Icon Group"="REG_SZ", "US System Care"
"Inno Setup: Language"="REG_SZ", "en"
"Inno Setup: Setup Version"="REG_SZ", "5.5.5 (u)"
"Inno Setup: User"="REG_SZ", "{username}"
"InstallDate"="REG_SZ", "20160602"
"InstallLocation"="REG_SZ", "C:\Program Files\US System Care\"
"MajorVersion"="REG_DWORD", 1
"MinorVersion"="REG_DWORD", 0
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "uspcworks.com"
"QuietUninstallString"="REG_SZ", ""C:\Program Files\US System Care\unins000.exe" /SILENT"
"UninstallString"="REG_SZ", ""C:\Program Files\US System Care\unins000.exe""
"URLInfoAbout"="REG_SZ", "http://www.uspcworks.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\uspcworks.com\US System Care]
"affired"="REG_DWORD", 1
"afterInstallUrl"="REG_SZ", "http://www.uspcworks.com/ussc/afterinstall/?"
"cbkpoff"="REG_DWORD", 1
"country"="REG_SZ", "us"
"cta"="REG_DWORD", 0
"EmailURL"="REG_SZ", "[email protected]"
"expired"="REG_DWORD", 0
"hdata"="REG_BINARY, .........................................................................................................................................................................................................................................................................................
"Installstring"="REG_SZ", "C:\Program Files\US System Care"
"ipaddrurl"="REG_SZ", "http://www.uspcworks.com/getIpAddress.asp"
"issilent"="REG_DWORD", 0
"ISTELNO"="REG_DWORD", 1
"LangCode"="REG_SZ", "en"
"lstregscancount"="REG_DWORD", 28
"lstscandate"="REG_SZ", "6/2/2016 9:10:22 AM"
"lstscanstat"="REG_DWORD", 2
"lstsecscancount"="REG_DWORD", 0
"lsttotalscancount"="REG_DWORD", 28
"paramurl"="REG_SZ", "http://trkr.uspcworks.com/ipfiles/"
"prereg"="REG_DWORD", 0
"PurchaseURL"="REG_SZ", "http://www.uspcworks.com/ussc/price.asp?"
"pxl"="REG_SZ", "unw421_unw405_runt"
"reg"="REG_DWORD", 0
"RenewURL"="REG_SZ", "http://www.uspcworks.com/ussc/renewal.asp?"
"runcam"="REG_DWORD", 1
"showtn"="REG_DWORD", 0
"showunins"="REG_DWORD", 1
"showwfo"="REG_DWORD", 1
"stdismax"="REG_DWORD", -1
"supporturl"="REG_SZ", "http://www.uspcworks.com/help/"
"TELNO"="REG_SZ", "(855)-332-0124"
"TELNO_at"="REG_SZ", "(800)-180-0926"
"TELNO_au"="REG_SZ", "(61)280-733403"
"TELNO_ch"="REG_SZ", "(800)-180-0926"
"TELNO_de"="REG_SZ", "(800)-180-0926"
"TELNO_fr"="REG_SZ", "(334)-88627945"
"TELNO_gb"="REG_SZ", "0800-031-5066"
"TELNO_lu"="REG_SZ", "(800)-180-0926"
"TELNO_uk"="REG_SZ", "0800-031-5066"
"TELNO_us"="REG_SZ", "(855)-332-0124"
"utm_source"="REG_SZ", "unwadn1"
"WebURL"="REG_SZ", "http://www.uspcworks.com/"
"wfoset"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\ussc-pr]
"affiliateid"="REG_SZ", ""
"country"="REG_SZ", "us"
"LangCode"="REG_SZ", "en"
"phone"="REG_SZ", ""
"utm_campaign"="REG_SZ", ""
"utm_medium"="REG_SZ", ""
"utm_pubid"="REG_SZ", ""
"utm_source"="REG_SZ", "unwadn1"
"x-at"="REG_SZ", ""
"x-context"="REG_SZ", ""
"x-plt"="REG_SZ", ""
"x-var1"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\USSCValidatorService\USSCValidatorService]
"country"="REG_SZ", "us"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USSCValidator]
"Description"="REG_SZ", "USSC Validator"
"DisplayName"="REG_SZ", "USSC Validator"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\USSCValidator\USSCValidatorService.exe""
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 16
[HKEY_CURRENT_USER\Software\uspcworks.com\US System Care]
"Installstring"="REG_SZ", "C:\Program Files\US System Care"
"LangCode"="REG_SZ", "en"
"utm_source"="REG_SZ", "unwadn1"
[HKEY_CURRENT_USER\Software\uspcworks.com\US System Care\1.0.0.5742]
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/2/2016
Scan Time: 9:22 AM
Logfile: mbamUSSystemCare.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.06.02.01
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312318
Time Elapsed: 8 min, 19 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.USSystemCare, C:\Program Files\US System Care\usscr.exe, 2332, Delete-on-Reboot, [d257e414dbbe350100b5884634cd7b85]
Modules: 0
(No malicious items detected)
Registry Keys: 7
PUP.Optional.USSystemCare, HKLM\SOFTWARE\uspcworks.com, Quarantined, [9e8bba3e0e8b3600829c07df7e8552ae],
PUP.Optional.USSystemCare, HKLM\SOFTWARE\ussc-pr, Quarantined, [1415d820831605319a850fd740c3c53b],
PUP.Optional.USSystemCare, HKLM\SOFTWARE\USSCValidatorService, Quarantined, [ff2ad7217d1c6fc7859bb135db28e41c],
PUP.Optional.USSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\US System Care_Logon, Delete-on-Reboot, [a68303f56e2ba3931409b2349b686997],
PUP.Optional.USSystemCare, HKCU\SOFTWARE\uspcworks.com, Quarantined, [83a64aae3f5a87af9f7dcd19e61d758b],
PUP.Optional.USSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\747D6111-5B27-471E-99C4-0EA6960007C2_is1, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\USSCValidator, Quarantined, [39f061976237ed4944453c42d3319f61],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 13
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x64, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x86, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.USSystemCare, C:\ProgramData\uspcworks.com, Delete-on-Reboot, [e8418a6e475291a534618f2423dfd828],
PUP.Optional.USSystemCare, C:\ProgramData\uspcworks.com\US System Care, Delete-on-Reboot, [e8418a6e475291a534618f2423dfd828],
PUP.Optional.USSystemCare, C:\Users\{username}\AppData\Roaming\uspcworks.com, Quarantined, [d059d42471286ec861344f640cf62ad6],
PUP.Optional.USSystemCare, C:\Users\{username}\AppData\Roaming\uspcworks.com\US System Care, Quarantined, [d059d42471286ec861344f640cf62ad6],
PUP.Optional.USSystemCare, C:\Users\{username}\AppData\Roaming\uspcworks.com\US System Care\smico, Quarantined, [d059d42471286ec861344f640cf62ad6],
PUP.Optional.USSystemCare, C:\Program Files\US System Care, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\x64, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\x86, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US System Care, Quarantined, [4cdd46b28712999dd9be654ebc464ab6],
PUP.Optional.USSystemCare, C:\ProgramData\USSCValidator, Quarantined, [39f061976237ed4944453c42d3319f61],
Files: 52
PUP.Optional.USSystemCare, C:\Program Files\US System Care\usscr.exe, Delete-on-Reboot, [d257e414dbbe350100b5884634cd7b85],
PUP.Optional.USSystemCare, C:\Users\{username}\Desktop\USSystemCare.exe, Quarantined, [de4b4cacf4a5b97d9e176f5f32cf55ab],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe.config, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\langswfo.db, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\System.Data.SQLite.DLL, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x64\SQLite.Interop.dll, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x86\SQLite.Interop.dll, Quarantined, [220724d40f8a93a3f588aa3140c38e72],
PUP.Optional.USSystemCare, C:\Users\Public\Desktop\US System Care.lnk, Quarantined, [8b9e1ade5c3d75c1ab6e5e88ad56b14f],
PUP.Optional.USSystemCare, C:\Windows\System32\Tasks\US System Care_Logon, Quarantined, [b772bf39a8f1b58106149254719237c9],
PUP.Optional.USSystemCare, C:\ProgramData\uspcworks.com\US System Care\mdb.db, Delete-on-Reboot, [e8418a6e475291a534618f2423dfd828],
PUP.Optional.USSystemCare, C:\ProgramData\uspcworks.com\US System Care\pcspstartrepair_en.mp3, Delete-on-Reboot, [e8418a6e475291a534618f2423dfd828],
PUP.Optional.USSystemCare, C:\Users\{username}\AppData\Roaming\uspcworks.com\US System Care\Errorlog.txt, Quarantined, [d059d42471286ec861344f640cf62ad6],
PUP.Optional.USSystemCare, C:\Users\{username}\AppData\Roaming\uspcworks.com\US System Care\exlist.bin, Quarantined, [d059d42471286ec861344f640cf62ad6],
PUP.Optional.USSystemCare, C:\Users\{username}\AppData\Roaming\uspcworks.com\US System Care\res.xml, Quarantined, [d059d42471286ec861344f640cf62ad6],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\danish_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\Dutch_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\english_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\finish_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\French_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\german_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\HtmlRenderer.dll, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\HtmlRenderer.WinForms.dll, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\italian_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\japanese_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\langs.db, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\NAudio.dll, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\norwegian_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\portuguese_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\russian_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\spanish_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\swedish_iss.ini, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\System.Data.SQLite.DLL, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\TAFactory.IconPack.dll, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\TaskScheduler.dll, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\unins000.dat, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\unins000.exe, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\unins000.msg, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\USSCContent.dll, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\usscr.exe.config, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\x64\SQLite.Interop.dll, Delete-on-Reboot, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\Program Files\US System Care\x86\SQLite.Interop.dll, Quarantined, [5bcef00882171b1bdabc4370d2309c64],
PUP.Optional.USSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US System Care\Buy US System Care.lnk, Quarantined, [4cdd46b28712999dd9be654ebc464ab6],
PUP.Optional.USSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US System Care\Uninstall US System Care.lnk, Quarantined, [4cdd46b28712999dd9be654ebc464ab6],
PUP.Optional.USSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US System Care\US System Care.lnk, Quarantined, [4cdd46b28712999dd9be654ebc464ab6],
PUP.Optional.USSystemCare, C:\ProgramData\USSCValidator\USSCValidatorService.exe.config, Quarantined, [39f061976237ed4944453c42d3319f61],
PUP.Optional.USSystemCare, C:\ProgramData\USSCValidator\InstallUtil.InstallLog, Quarantined, [39f061976237ed4944453c42d3319f61],
PUP.Optional.USSystemCare, C:\ProgramData\USSCValidator\USSCValidatorService.exe, Quarantined, [39f061976237ed4944453c42d3319f61],
PUP.Optional.USSystemCare, C:\ProgramData\USSCValidator\USSCValidatorService.InstallLog, Quarantined, [39f061976237ed4944453c42d3319f61],
PUP.Optional.USSystemCare, C:\ProgramData\USSCValidator\USSCValidatorService.InstallState, Quarantined, [39f061976237ed4944453c42d3319f61],
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
