Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/12/20 Scan Time: 6:52 PM Log File: 372dbc18-648a-11ea-9a45-001e33904a32.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.835 Update Package Version: 1.0.20602 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: LonLy-PC\LonLy -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 203443 Threats Detected: 51 Threats Quarantined: 51 Time Elapsed: 13 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 Trojan.PasswordStealer, C:\PROGRAM FILES\WIN\MSN.EXE, Quarantined, 3588, 562787, , , , Trojan.CrthRazy, C:\Program Files\MachinerData\Atomic_SMS.exe, Quarantined, 3169, 676766, , , , Spyware.LokiBot, C:\USERS\LONLY\APPDATA\LOCAL\TEMP\YVOIMELZSE.EXE, Quarantined, 4195, 799250, , , , Module: 3 Trojan.PasswordStealer, C:\PROGRAM FILES\WIN\MSN.EXE, Quarantined, 3588, 562787, , , , Trojan.CrthRazy, C:\Program Files\MachinerData\Atomic_SMS.exe, Quarantined, 3169, 676766, , , , Spyware.LokiBot, C:\USERS\LONLY\APPDATA\LOCAL\TEMP\YVOIMELZSE.EXE, Quarantined, 4195, 799250, , , , Registry Key: 6 PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, 6946, 252393, 1.0.20602, , ame, PUP.Optional.GarbageCleaner, HKU\S-1-5-21-1931728027-1606494664-529009739-1000\SOFTWARE\GCleaner, Quarantined, 1202, 676886, 1.0.20602, , ame, Trojan.CrthRazy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Main Service, Quarantined, 3169, 676766, , , , Adware.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}, Quarantined, 423, 785573, 1.0.20602, , ame, Trojan.CrthRazy, HKLM\SOFTWARE\Machiner, Quarantined, 3169, 676882, 1.0.20602, , ame, Trojan.CrthRazy.Generic, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ngpampappnmepgilojfohadhhmbhlaek, Quarantined, 14991, 676732, , , , Registry Value: 4 PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, 6946, 252393, 1.0.20602, , ame, Trojan.PasswordStealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|apo5, Quarantined, 3588, 562787, , , , Trojan.CrthRazy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MAIN SERVICE|IMAGEPATH, Quarantined, 3169, 708187, 1.0.20602, , ame, Trojan.CrthRazy.Generic, HKU\S-1-5-21-1931728027-1606494664-529009739-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ngpampappnmepgilojfohadhhmbhlaek, Quarantined, 14991, 676732, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 Trojan.CrthRazy, C:\PROGRAM FILES\MACHINERDATA, Quarantined, 3169, 676766, 1.0.20602, , ame, PUP.Optional.GarbageCleaner, C:\PROGRAMDATA\GARBAGE CLEANER, Quarantined, 1202, 676884, 1.0.20602, , ame, Trojan.CrthRazy.Generic, C:\USERS\LONLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek, Quarantined, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\USERS\LONLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGPAMPAPPNMEPGILOJFOHADHHMBHLAEK, Quarantined, 14991, 676732, 1.0.20602, , ame, Trojan.CrthRazy.E.Generic, C:\USERS\LONLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68WSFCCJ.DEFAULT-RELEASE\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}, Quarantined, 14970, 689343, 1.0.20602, , ame, File: 30 Trojan.PasswordStealer, C:\PROGRAM FILES\WIN\MSN.EXE, Quarantined, 3588, 562787, 1.0.20602, 7CF007B2B9E0D4920E470444, dds, 00628770 PUP.Optional.GarbageCleaner, C:\USERS\LONLY\DESKTOP\GARBAGE CLEANER.LNK, Quarantined, 1202, 676885, 1.0.20602, , ame, Trojan.CrthRazy, C:\Program Files\MachinerData\Atomic_SMS.exe, Quarantined, 3169, 676766, , , , Trojan.CrthRazy, C:\Program Files\MachinerData\main.exe, Quarantined, 3169, 676766, , , , PUP.Optional.GarbageCleaner, C:\ProgramData\Garbage Cleaner\Bunifu_UI_v1.5.3.dll, Quarantined, 1202, 676884, , , , PUP.Optional.GarbageCleaner, C:\ProgramData\Garbage Cleaner\Garbage Cleaner.exe, Quarantined, 1202, 676884, , , , Trojan.CrthRazy.Generic, C:\USERS\LONLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\USERS\LONLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\Users\LonLy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek\000003.log, Quarantined, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\Users\LonLy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek\CURRENT, Quarantined, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\Users\LonLy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek\LOCK, Quarantined, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\Users\LonLy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek\LOG, Quarantined, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\Users\LonLy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek\LOG.old, Quarantined, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\Users\LonLy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek\MANIFEST-000001, Quarantined, 14991, 676732, , , , Trojan.CrthRazy.Generic, C:\USERS\LONLY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGPAMPAPPNMEPGILOJFOHADHHMBHLAEK\6.36.5_0\F1426WQXF8.JS, Quarantined, 14991, 676732, 1.0.20602, , ame, Trojan.CrthRazy.E.Generic, C:\USERS\LONLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68WSFCCJ.DEFAULT-RELEASE\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}\8JJYAPAX3J.JS, Quarantined, 14970, 689343, 1.0.20602, , ame, Trojan.CrthRazy.E.Generic, C:\Users\LonLy\AppData\Roaming\Mozilla\Firefox\Profiles\68wsfccj.default-release\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\5CH55EZZYI.js, Quarantined, 14970, 689343, , , , Trojan.CrthRazy.E.Generic, C:\Users\LonLy\AppData\Roaming\Mozilla\Firefox\Profiles\68wsfccj.default-release\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\6VUDXYVT5L.js, Quarantined, 14970, 689343, , , , Trojan.CrthRazy.E.Generic, C:\Users\LonLy\AppData\Roaming\Mozilla\Firefox\Profiles\68wsfccj.default-release\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\DA6CCWER4K.js, Quarantined, 14970, 689343, , , , Trojan.CrthRazy.E.Generic, C:\Users\LonLy\AppData\Roaming\Mozilla\Firefox\Profiles\68wsfccj.default-release\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\F5HJULNPAD.js, Quarantined, 14970, 689343, , , , Trojan.CrthRazy.E.Generic, C:\Users\LonLy\AppData\Roaming\Mozilla\Firefox\Profiles\68wsfccj.default-release\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\manifest.json, Quarantined, 14970, 689343, , , , Trojan.CrthRazy.E.Generic, C:\Users\LonLy\AppData\Roaming\Mozilla\Firefox\Profiles\68wsfccj.default-release\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\P3RG59647S.js, Quarantined, 14970, 689343, , , , Trojan.CrthRazy.E.Generic, C:\Users\LonLy\AppData\Roaming\Mozilla\Firefox\Profiles\68wsfccj.default-release\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\SEZCGYWOV0.js, Quarantined, 14970, 689343, , , , Spyware.LokiBot, C:\USERS\LONLY\APPDATA\LOCAL\TEMP\YVOIMELZSE.EXE, Quarantined, 4195, 799250, 1.0.20602, , ame, Worm.AutoRun.Generic, C:\USERS\LONLY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\L.LNK, Quarantined, 3935, 752501, 1.0.20602, , ame, Adware.Agent, C:\PROGRAM FILES\USB DISK SECURITY\LINKZB.EXE, Quarantined, 90, 597820, 1.0.20602, , ame, Spyware.LokiBot, C:\USERS\LONLY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CVPU0OH9SGXW7D9O.EXE, Quarantined, 4195, 799250, 1.0.20602, B67BB082D4BDB067A826AADD, dds, 00628770 Trojan.MalPack.GS, C:\USERS\LONLY\APPDATA\LOCAL\TEMP\4925359422.EXE, Quarantined, 8186, 799240, 1.0.20602, 2D736658C2DC3814F7E35432, dds, 00628770 Adware.DownloadAssistant, C:\USERS\LONLY\APPDATA\LOCAL\TEMP\WJE6DYUQF\NR1L7RJNO9DKQKYWGA.EXE, Quarantined, 7517, 778876, 1.0.20602, , ame, Adware.DownloadAssistant, C:\USERS\LONLY\DESKTOP\CCLEANER PRO 5.63_632350030.EXE, Quarantined, 7517, 798293, 1.0.20602, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)