What is Win Tonic?
The Malwarebytes research team has determined that Win Tonic is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
How do I know if I am infected with Win Tonic?
This is how the main screen of the sytem optimizer looks:
You will find these icons in your taskbar, your startmenu, and on your desktop:
and see this warning during install:
and these screens during "operations":
You may see this entry in your list of installed programs:
and this task in your list of Scheduled Tasks:
How did Win Tonic get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:
How do I remove Win Tonic?
Our program Malwarebytes can detect and remove this potentially unwanted application.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes Win Tonic completely.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes would have protected you against the Win Tonic installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and we block access to their domain:
Technical details for experts
You may see these entries in FRST logs:
(pctonics.com) C:\Program Files\Win Tonic\wtc.exe
C:\abtext.txt
C:\Windows\System32\Tasks\Win Tonic_Logon
C:\Users\Public\Desktop\Win Tonic.lnk
C:\ProgramData\pctonics.com
C:\Users\{username}\AppData\Roaming\pctonics.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tonic
C:\Program Files\Win Tonic
Win Tonic (HKLM\...\{58C1E04C-4538-46EF-93C7-788C935E0031}_is1) (Version: 1.0.0.5 - pctonics.com)
Task: {E0666E53-4010-4C8B-ACAB-126E3235EE13} - System32\Tasks\Win Tonic_Logon => C:\Program Files\Win Tonic\wtc.exe [2017-12-11] (pctonics.com)Alterations made by the installer:File system details [View: All details] (Selection)
---------------------------------------------------
In the existing folder C:
Adds the file abtext.txt"="12/21/2017 11:04 AM, 2008 bytes, A
Adds the folder C:\Program Files\Win Tonic
Adds the file HtmlRenderer.dll"="12/6/2017 12:34 PM, 229184 bytes, A
Adds the file HtmlRenderer.WPF.dll"="12/6/2017 12:34 PM, 55616 bytes, A
Adds the file Interop.IWshRuntimeLibrary.dll"="12/6/2017 12:34 PM, 56640 bytes, A
Adds the file langs.db"="12/11/2017 6:49 PM, 1622016 bytes, A
Adds the file Microsoft.Win32.TaskScheduler.dll"="12/6/2017 12:34 PM, 178496 bytes, A
Adds the file Microsoft.WindowsAPICodePack.dll"="12/6/2017 12:34 PM, 105792 bytes, A
Adds the file Microsoft.WindowsAPICodePack.Shell.dll"="12/6/2017 12:34 PM, 549696 bytes, A
Adds the file Newtonsoft.Json.dll"="12/6/2017 12:34 PM, 454976 bytes, A
Adds the file sscfont.ttf"="12/1/2017 10:22 AM, 60852 bytes, A
Adds the file System.Data.SQLite.DLL"="12/6/2017 12:35 PM, 339264 bytes, A
Adds the file System.Threading.dll"="8/26/2017 1:33 PM, 387408 bytes, A
Adds the file TAFactory.IconPack.dll"="12/6/2017 12:35 PM, 51856 bytes, A
Adds the file unins000.dat"="12/21/2017 11:02 AM, 47391 bytes, A
Adds the file unins000.exe"="12/21/2017 11:02 AM, 1210688 bytes, A
Adds the file unins000.msg"="12/21/2017 11:02 AM, 22701 bytes, A
Adds the file WpfAnimatedGif.dll"="12/6/2017 12:35 PM, 48448 bytes, A
Adds the file WPFToolkit.dll"="8/26/2017 1:33 PM, 467288 bytes, A
Adds the file wtc.exe"="12/11/2017 6:52 PM, 6552384 bytes, A
Adds the file wtc.exe.config"="12/1/2017 7:55 PM, 4198 bytes, A
Adds the folder C:\Program Files\Win Tonic\websec
Adds the file ICSharpCode.SharpZipLib.dll"="12/6/2017 12:34 PM, 200000 bytes, A
Adds the file langs.db"="11/7/2017 11:09 AM, 65536 bytes, A
Adds the file Microsoft.Win32.TaskScheduler.dll"="12/6/2017 12:34 PM, 178496 bytes, A
Adds the file Newtonsoft.Json.dll"="12/6/2017 12:34 PM, 454976 bytes, A
Adds the file System.Data.SQLite.DLL"="12/6/2017 12:35 PM, 339264 bytes, A
Adds the file System.Data.SQLite.Linq.dll"="12/6/2017 12:35 PM, 204096 bytes, A
Adds the file System.Threading.dll"="8/26/2017 1:33 PM, 387408 bytes, A
Adds the file TAFactory.IconPack.dll"="12/6/2017 12:35 PM, 51856 bytes, A
Adds the file WebExtNotifier.exe"="12/6/2017 12:35 PM, 999232 bytes, A
Adds the file WebExtNotifier.exe.config"="9/22/2017 5:16 PM, 1321 bytes, A
Adds the folder C:\Program Files\Win Tonic\websec\x64
Adds the file SQLite.Interop.dll"="12/6/2017 12:35 PM, 1487680 bytes, A
Adds the folder C:\Program Files\Win Tonic\websec\x86
Adds the file SQLite.Interop.dll"="12/6/2017 12:35 PM, 1054528 bytes, A
Adds the folder C:\Program Files\Win Tonic\x64
Adds the file SQLite.Interop.dll"="12/6/2017 12:35 PM, 1487680 bytes, A
Adds the folder C:\Program Files\Win Tonic\x86
Adds the file SQLite.Interop.dll"="12/6/2017 12:35 PM, 1054528 bytes, A
Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tonic
Adds the file Buy Win Tonic.lnk"="12/21/2017 11:02 AM, 816 bytes, A
Adds the file Uninstall Win Tonic.lnk"="12/21/2017 11:02 AM, 837 bytes, A
Adds the file Win Tonic.lnk"="12/21/2017 11:02 AM, 806 bytes, A
Adds the folder C:\ProgramData\pctonics.com\Win Tonic
Adds the file mdb.db"="11/1/2017 5:52 PM, 838656 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Ad-BlockerPro
Adds the file langs.db"="11/7/2017 11:09 AM, 65536 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic
Adds the file act.xml"="12/21/2017 11:03 AM, 22496 bytes, A
Adds the file Errorlog.txt"="12/21/2017 11:04 AM, 3996 bytes, A
Adds the file exlist.bin"="12/21/2017 11:03 AM, 275677 bytes, A
Adds the file notifier.xml"="12/21/2017 11:03 AM, 337 bytes, A
Adds the file param.ini"="12/21/2017 11:02 AM, 376 bytes, A
Adds the file update.xml"="12/21/2017 11:03 AM, 1004 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\icon
Adds the file 110308.ico"="12/21/2017 11:03 AM, 29659 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog
Adds the file Bookmark_Backup.xml"="12/21/2017 11:04 AM, 1248 bytes, A
Adds the file Cache.xml"="12/21/2017 11:04 AM, 27691 bytes, A
Adds the file Cookies.xml"="12/21/2017 11:04 AM, 5596 bytes, A
Adds the file Dump_Files.xml"="12/21/2017 11:04 AM, 154 bytes, A
Adds the file History.xml"="12/21/2017 11:04 AM, 1876 bytes, A
Adds the file LogFilesActivityTrace.xml"="12/21/2017 11:04 AM, 513 bytes, A
Adds the file OldPrefetch.xml"="12/21/2017 11:04 AM, 9369 bytes, A
Adds the file Session.xml"="12/21/2017 11:04 AM, 2048 bytes, A
Adds the file Temp_Internet_Files_Folder.xml"="12/21/2017 11:04 AM, 62771 bytes, A
Adds the file TempFiles.xml"="12/21/2017 11:04 AM, 58868 bytes, A
Adds the file ThumbnailCache.xml"="12/21/2017 11:04 AM, 730 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico
Adds the file 0mi4po3e.png"="12/21/2017 11:03 AM, 1003 bytes, A
Adds the file 1betrlur.png"="12/21/2017 11:03 AM, 1804 bytes, A
Adds the file 5tlp3j0b.png"="12/21/2017 11:03 AM, 2506 bytes, A
Adds the file 5wm3smw2.png"="12/21/2017 11:03 AM, 1003 bytes, A
Adds the file beblpkpt.png"="12/21/2017 11:03 AM, 1086 bytes, A
Adds the file cmows1si.png"="12/21/2017 11:03 AM, 2506 bytes, A
Adds the file dvh3yw24.png"="12/21/2017 11:03 AM, 1003 bytes, A
Adds the file rls5rm4k.png"="12/21/2017 11:03 AM, 1086 bytes, A
Adds the file thsd1m2g.png"="12/21/2017 11:03 AM, 1804 bytes, A
Adds the file x1ayn35b.png"="12/21/2017 11:03 AM, 1003 bytes, A
In the existing folder C:\Users\Public\Desktop
Adds the file Win Tonic.lnk"="12/21/2017 11:03 AM, 1823 bytes, A
In the existing folder C:\Windows\System32\Tasks
Adds the file Win Tonic_Logon"="12/21/2017 11:03 AM, 3022 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\cGN0b25pY3MuY29t\V2luIFRvbmlj\ACT]
"data"="REG_BINARY, ...............................................................................................................................................................................................................................................................................................................
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58C1E04C-4538-46EF-93C7-788C935E0031}_is1]
"DisplayIcon"="REG_SZ", "C:\Program Files\Win Tonic\wtc.exe"
"DisplayName"="REG_SZ", "Win Tonic"
"DisplayVersion"="REG_SZ", "1.0.0.5"
"EstimatedSize"="REG_DWORD", 27150
"HelpLink"="REG_SZ", "http://www.pctonics.com/wtc/support/"
"Inno Setup: App Path"="REG_SZ", "C:\Program Files\Win Tonic"
"Inno Setup: Icon Group"="REG_SZ", "Win Tonic"
"Inno Setup: Language"="REG_SZ", "en"
"Inno Setup: Setup Version"="REG_SZ", "5.5.5 (u)"
"Inno Setup: User"="REG_SZ", "{username}"
"InstallDate"="REG_SZ", "20171221"
"InstallLocation"="REG_SZ", "C:\Program Files\Win Tonic\"
"MajorVersion"="REG_DWORD", 1
"MinorVersion"="REG_DWORD", 0
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "pctonics.com"
"QuietUninstallString"="REG_SZ", ""C:\Program Files\Win Tonic\unins000.exe" /SILENT"
"UninstallString"="REG_SZ", ""C:\Program Files\Win Tonic\unins000.exe""
"URLInfoAbout"="REG_SZ", "http://www.pctonics.com/wtc/"
[HKEY_LOCAL_MACHINE\SOFTWARE\pctonics.com\Win Tonic]
"affired"="REG_DWORD", 0
"afterInstallUrl"="REG_SZ", "http://www.winactiv.com/install/wtc/?"
"apst"="REG_DWORD", 0
"btnid"="REG_SZ", ""
"country"="REG_SZ", ""
"cta"="REG_DWORD", 0
"expired"="REG_DWORD", 0
"hdata"="REG_BINARY, ........................................................................................................................................................................................................................................................................................................................................................................................................................................................
"InstallString"="REG_SZ", "C:\Program Files\Win Tonic"
"ipaddrurl"="REG_SZ", "http://www.winactiv.com/getip/"
"isinstfont"="REG_DWORD", 1
"issilent"="REG_DWORD", 0
"ISTELNO"="REG_DWORD", 0
"LangCode"="REG_SZ", "en"
"lpid"="REG_SZ", ""
"ovoffdis"="REG_DWORD", 0
"paramurl"="REG_SZ", "http://trkr.winactiv.com/ipfiles/"
"playsound"="REG_DWORD", 0
"prereg"="REG_DWORD", 0
"PurchaseURL"="REG_SZ", "http://store.pctonics.com/wtn/plan/"
"pxl"="REG_SZ", "WAD2233_WAD2187_RUNT"
"referurl"="REG_SZ", ""
"reg"="REG_DWORD", 0
"RenewURL"="REG_SZ", "http://store.pctonics.com/wtn/renewal/"
"runcam"="REG_DWORD", 1
"runpixel"="REG_DWORD", 1
"runsrc"="REG_DWORD", 1
"showballoontip"="REG_DWORD", 0
"showpriceplan"="REG_DWORD", 1
"showtn"="REG_DWORD", 0
"showunins"="REG_DWORD", 0
"showwfo"="REG_DWORD", 1
"stdismax"="REG_DWORD", -1
"supporturl"="REG_SZ", "http://www.pctonics.com/wtc/support/"
"TELNO"="REG_SZ", ""
"utm_campaign"="REG_SZ", "wadsphere"
"utm_medium"="REG_SZ", ""
"utm_pubid"="REG_SZ", "316e7265-5769-4b85-adc0-4e256c5c8ed1"
"utm_source"="REG_SZ", "wadsphere"
"WebURL"="REG_SZ", "http://www.pctonics.com/wtc/"
"wfoset"="REG_DWORD", 1
"x-at"="REG_SZ", "vs128"
"x-ccode"="REG_SZ", "nl"
"x-context"="REG_SZ", "d2I3DGHR23DF6FCAH5HJTT7M"
"x-datetime"="REG_SZ", "12-21-2017 10:02:57 AM"
"x-fetch"="REG_SZ", "1"
"x-ip"="REG_SZ", "163_158_232_234"
"x-plt"="REG_SZ", ""
"x-var1"="REG_SZ", ""
"x-var2"="REG_SZ", ""
"x-var3"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\wtc-pr]
"affiliateid"="REG_SZ", ""
"btnid"="REG_SZ", ""
"country"="REG_SZ", ""
"LangCode"="REG_SZ", "en"
"lpid"="REG_SZ", ""
"phone"="REG_SZ", ""
"pxl"="REG_SZ", "WAD2233_WAD2187_RUNT"
"referurl"="REG_SZ", ""
"utm_campaign"="REG_SZ", "wadsphere"
"utm_medium"="REG_SZ", ""
"utm_pubid"="REG_SZ", "316e7265-5769-4b85-adc0-4e256c5c8ed1"
"utm_source"="REG_SZ", "wadsphere"
"x-at"="REG_SZ", "vs128"
"x-context"="REG_SZ", "d2I3DGHR23DF6FCAH5HJTT7M"
"x-plt"="REG_SZ", ""
"x-var1"="REG_SZ", ""
"x-var2"="REG_SZ", ""
"x-var3"="REG_SZ", ""
[HKEY_CURRENT_USER\Software\pctonics.com\Win Tonic]
"btnid"="REG_SZ", ""
"InstallString"="REG_SZ", "C:\Program Files\Win Tonic"
"LangCode"="REG_SZ", "en"
"lpid"="REG_SZ", ""
"pxl"="REG_SZ", "WAD2233_WAD2187_RUNT"
"referurl"="REG_SZ", ""
"utm_campaign"="REG_SZ", "wadsphere"
"utm_medium"="REG_SZ", ""
"utm_pubid"="REG_SZ", "316e7265-5769-4b85-adc0-4e256c5c8ed1"
"utm_source"="REG_SZ", "wadsphere"
"x-at"="REG_SZ", "vs128"
"x-context"="REG_SZ", "d2I3DGHR23DF6FCAH5HJTT7M"
"x-datetime"="REG_SZ", "12-21-2017 10:02:57 AM"
"x-fetch"="REG_SZ", "1"
"x-ip"="REG_SZ", "163_158_232_234"
"x-plt"="REG_SZ", ""
"x-var1"="REG_SZ", ""
"x-var2"="REG_SZ", ""
"x-var3"="REG_SZ", ""
[HKEY_CURRENT_USER\Software\pctonics.com\Win Tonic\1.0.0.5]
Malwarebytes log:Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/21/17
Scan Time: 11:13 AM
Log File: 9ce1bfec-e637-11e7-988a-080027750297.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3535
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244846
Threats Detected: 88
Threats Quarantined: 88
Time Elapsed: 2 min, 23 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 1
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\wtc.exe, Quarantined, [15117], [467815],1.0.3535
Module: 10
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\x64\SQLite.Interop.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\System.Data.SQLite.DLL, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\HtmlRenderer.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\HtmlRenderer.WPF.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Interop.IWshRuntimeLibrary.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Microsoft.Win32.TaskScheduler.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Newtonsoft.Json.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\TAFactory.IconPack.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\WpfAnimatedGif.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\wtc.exe, Quarantined, [15117], [467815],1.0.3535
Registry Key: 4
PUP.Optional.WinTonic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{58C1E04C-4538-46EF-93C7-788C935E0031}_is1, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Tonic_Logon, Quarantined, [15117], [-1],0.0.0
PUP.Optional.WinTonic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0666E53-4010-4C8B-ACAB-126E3235EE13}, Quarantined, [15117], [-1],0.0.0
PUP.Optional.WinTonic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0666E53-4010-4C8B-ACAB-126E3235EE13}, Quarantined, [15117], [-1],0.0.0
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 9
PUP.Optional.WinTonic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIN TONIC, Quarantined, [7319], [467816],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\x64, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\x86, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\x64, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\x86, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\icon, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\USERS\{username}\APPDATA\ROAMING\PCTONICS.COM\WIN TONIC, Quarantined, [7319], [467817],1.0.3535
File: 64
PUP.Optional.WinTonic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIN TONIC\BUY WIN TONIC.LNK, Quarantined, [7319], [467816],1.0.3535
PUP.Optional.WinTonic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tonic\Uninstall Win Tonic.lnk, Quarantined, [7319], [467816],1.0.3535
PUP.Optional.WinTonic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win Tonic\Win Tonic.lnk, Quarantined, [7319], [467816],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\PROGRAM FILES\WIN TONIC\WTC.EXE.CONFIG, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\x64\SQLite.Interop.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\x86\SQLite.Interop.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\ICSharpCode.SharpZipLib.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\langs.db, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\Microsoft.Win32.TaskScheduler.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\Newtonsoft.Json.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\System.Data.SQLite.DLL, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\System.Data.SQLite.Linq.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\TAFactory.IconPack.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\WebExtNotifier.exe, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\websec\WebExtNotifier.exe.config, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\x64\SQLite.Interop.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\x86\SQLite.Interop.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\System.Data.SQLite.DLL, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\HtmlRenderer.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\HtmlRenderer.WPF.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Interop.IWshRuntimeLibrary.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\langs.db, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Microsoft.Win32.TaskScheduler.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Microsoft.WindowsAPICodePack.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Microsoft.WindowsAPICodePack.Shell.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\Newtonsoft.Json.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\sscfont.ttf, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\TAFactory.IconPack.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\unins000.dat, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\unins000.exe, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\unins000.msg, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\WpfAnimatedGif.dll, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\Program Files\Win Tonic\wtc.exe, Quarantined, [15117], [467815],1.0.3535
PUP.Optional.WinTonic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Win Tonic_Logon, Quarantined, [15117], [-1],0.0.0
PUP.Optional.WinTonic, C:\USERS\{username}\APPDATA\ROAMING\PCTONICS.COM\WIN TONIC\NOTIFIER.XML, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\icon\111339.ico, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\Bookmark_Backup.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\Cache.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\Cookies.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\Dump_Files.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\History.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\LogFilesActivityTrace.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\OldPrefetch.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\Session.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\TempFiles.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\Temp_Internet_Files_Folder.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\junklog\ThumbnailCache.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\0mi4po3e.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\1betrlur.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\5tlp3j0b.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\5wm3smw2.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\beblpkpt.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\cmows1si.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\dvh3yw24.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\rls5rm4k.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\thsd1m2g.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\smico\x1ayn35b.png, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\act.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\Errorlog.txt, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\exlist.bin, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\param.ini, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\Result.cb, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\Users\{username}\AppData\Roaming\pctonics.com\Win Tonic\update.xml, Quarantined, [7319], [467817],1.0.3535
PUP.Optional.WinTonic, C:\USERS\{username}\DESKTOP\WINTONIC.EXE, Quarantined, [7319], [467820],1.0.3535
Physical Sector: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
