Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of shortcuts.. background procceses.. and a weird webpage on startup


  • Please log in to reply
8 replies to this topic

#1 Ugex HustleHudge

Ugex HustleHudge

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2015 - 01:28 PM

Hello!

 

i would love to thank you all for your great work, i've seen lots of posts in this website of people needing help and receiving it from true professionals with magnificent results.. i hope you would help me with this..

 

i use: windows 7

 

so at first.. one day when i started my computer, i found a strange webpage popping out of no where, and it was full of ads.. i can't find it in my browser's (chrome) home page settings and i can't find it in my 

web history either, it only kept popping up every time i started my computer...i ignored it because i couldn't remove it..

 

a week later, when i booted my computer i found lots and lots of shortcuts (that look like shortcuts to folders) but are actually applications.. some application icons that i have turned to this type of shortcuts too.. and when i try to open them they always lead me to libraries file.. and in every folder i have in my system i find a shortcut file of the sort i am speaking of..

 

when i open my task manager i find system processes look alikes such as: winlogon and csrss and other wierd processes like ping.exe runing in the back ground while the actual system processes are running!

 

i also face random system shutdowns when i am trying to download something or watch youtube

 

i dont know if all of this is connected, maybe it is not.. just tell me what are the things connected to each other and what are the separated problems.. i will delete the seperated problems from the post right away

 

one thing to be mentioned: i used to use Utorrent.. at least until the problems started.. after the problems started the application is unremovable from the control panel .. and looks like the shortcuts even after deleting it from it's installation folder

 

Thanks in advance..and have a nice day..

 

 

 


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:32 AM

Posted 26 February 2015 - 02:28 PM

Welcome to BC !

 

Start with these two programs. Post the results of AdwCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2015 - 02:51 PM

Thanks for the fast response!

 

AdwCleaner.exe log:

 

# AdwCleaner v4.111 - Logfile created 26/02/2015 at 22:47:06

# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Ugex - UGEX-PC
# Running from : C:\Users\Ugex\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\MyPC Backup
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3265 bytes] - [26/02/2015 16:21:16]
AdwCleaner[R1].txt - [970 bytes] - [26/02/2015 22:44:20]
AdwCleaner[S0].txt - [3383 bytes] - [26/02/2015 16:23:03]
AdwCleaner[S1].txt - [900 bytes] - [26/02/2015 22:47:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [958  bytes] ##########

Edited by Ugex HustleHudge, 26 February 2015 - 02:54 PM.


#4 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2015 - 02:58 PM

Just a note: i used the AdwCleaner before your response ( before using the ccleaner) and the log was like this:

 

AdwCleaner.exe log:

 

# AdwCleaner v4.111 - Logfile created 26/02/2015 at 16:23:03

# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Ugex - UGEX-PC
# Running from : C:\Users\Ugex\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : BackupStack
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Ugex\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Ugex\Desktop\Sync Folder.lnk
File Deleted : C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Profiles\i0bs6qh3.default\user.js
File Deleted : C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cmd]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3265 bytes] - [26/02/2015 16:21:16]
AdwCleaner[S0].txt - [3232 bytes] - [26/02/2015 16:23:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3291  bytes] ##########


#5 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:32 AM

Posted 26 February 2015 - 03:11 PM

Thanks for posting the first AdwCleaner log. 

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2015 - 03:59 PM

Thank you again..after using MBAM the fake background process and the fake shortcuts are gone..but the system restart thing is still happening...i will post other logs once they are done

 

MBAM log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2/26/2015
Scan Time: 11:29:33 PM
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.26.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ugex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398038
Time Elapsed: 9 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Trojan.Dropper, HKU\S-1-5-21-2108125665-3578209175-1559368474-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BitTorrent, Quarantined, [c4e569b9751575c1e2af2b4f02fefb05], 
Malware.Trace, HKU\S-1-5-21-2108125665-3578209175-1559368474-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Quarantined, [00a948da19710f27cd9c256534d0c33d], 
 
Registry Values: 3
Trojan.Dropper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bron-Spizaetus, "C:\Windows\ShellNew\bronstab.exe", Quarantined, [b7f268badab087af5c35aecc9e6213ed]
Trojan.Dropper, HKU\S-1-5-21-2108125665-3578209175-1559368474-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, "C:\Users\Ugex\AppData\Local\smss.exe", Quarantined, [4d5ce83aacde0234b8d966144cb49d63]
Hijack.FolderOptions, HKU\S-1-5-21-2108125665-3578209175-1559368474-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [56537fa3503a30065477aeaa37cd2cd4]
 
Registry Data: 5
Trojan.Dropper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Explorer.exe "C:\Windows\eksplorasi.exe", Good: (), Bad: (C:\Windows\eksplorasi.exe),Replaced,[921727fbe0aace68e1b0e69432cef10f]
Trojan.Dropper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, Good: (), Bad: (C:\Windows\eksplorasi.exe), Replaced,[921727fbe0aace68e1b0e69432cef10f]
Trojan.Dropper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, Good: (), Bad: (C:\Windows\eksplorasi.exe), Replaced,[921727fbe0aace68e1b0e69432cef10f]
Hijack.Shell, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Explorer.exe "C:\Windows\eksplorasi.exe", Good: (Explorer.exe), Bad: (Explorer.exe "C:\Windows\eksplorasi.exe"),Replaced,[07a2ff23adddfe38718201cc46bf738d]
PUM.Hijack.Regedit, HKU\S-1-5-21-2108125665-3578209175-1559368474-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[b1f87da5f397d363c48be0ed91747e82]
 
Folders: 17
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-13, Quarantined, [25840f139befcd69ce1c0a51867d15eb], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-10, Quarantined, [5b4e72b0305a79bdd51587d4966d1ee2], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-11, Quarantined, [cedb4bd76f1bd75fc327d88355ae49b7], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-12, Quarantined, [733654ce52386bcbfeec3b205da6d22e], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-14, Quarantined, [5b4e2bf74e3cdb5b4d9d89d2c43f2dd3], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-15, Quarantined, [09a0b36fc6c41323a3479fbc61a258a8], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-16, Quarantined, [22871a08404ab87ea04afd5e20e3d32d], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-17, Quarantined, [03a60f132367c373df0b6bf0649f27d9], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-18, Quarantined, [16936ab88bff4aec5b8f0f4ceb1852ae], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-19, Quarantined, [f0b94bd7a2e82d0936b41b4063a03ec2], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-20, Quarantined, [ddcca47ee6a40f27c921570438cb5ea2], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-22, Quarantined, [991037eb890165d1db0f69f2d52e18e8], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-23, Quarantined, [cfdabb6792f8989e37b38ccfee156b95], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-24, Quarantined, [affac65c5e2c76c08e5ca2b9be45f30d], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-25, Quarantined, [aefb1111434744f2ab3f2833dc271ae6], 
Worm.Brontok, C:\Users\Ugex\AppData\Local\Bron.tok-9-26, Quarantined, [8a1f99892565df57c129ef6c34cf01ff], 
 
Files: 220
Trojan.Dropper, C:\Windows\ShellNew\bronstab.exe, Quarantined, [b7f268badab087af5c35aecc9e6213ed], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\smss.exe, Quarantined, [4d5ce83aacde0234b8d966144cb49d63], 
Trojan.Dropper, C:\Windows\eksplorasi.exe, Quarantined, [921727fbe0aace68e1b0e69432cef10f], 
Trojan.Dropper, C:\ProgramData\NVIDIA\NVIDIA.exe, Quarantined, [3d6c061ccac059dd226f7406857b9769], 
Trojan.Dropper, C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\34BE82C4-E596-4e99-A191-52C6199EBF69.exe, Quarantined, [02a7160c345694a228698ded1ee2a55b], 
Trojan.Dropper, C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64.exe, Quarantined, [bfeafb27cac0c076058c2b4f08f8d030], 
Trojan.Dropper, C:\ProgramData\Adobe\SLStore\SLStore.exe, Quarantined, [2b7e68baabdf92a497fa651546ba639d], 
Trojan.Dropper, C:\ProgramData\Adobe\Updater6\Updater6.exe, Quarantined, [d2d7db478efcec4a127ff88255ab53ad], 
Trojan.Dropper, C:\ProgramData\Apple Computer\iTunes\iTunes.exe, Quarantined, [783125fd0f7b24120a87621802fe7b85], 
Trojan.Dropper, C:\ProgramData\IObit\IObit.exe, Quarantined, [a900be64ee9c51e5b3de9edcfb0549b7], 
Trojan.Dropper, C:\ProgramData\IObit\Advanced SystemCare V8\Advanced SystemCare V8.exe, Quarantined, [a5049f83e5a5e551e0b19cde07f97d83], 
Trojan.Dropper, C:\ProgramData\IObit\ASCDownloader\ASCDownloader.exe, Quarantined, [3e6b6ab8d2b83ff7a7eacbaf11ef9c64], 
Trojan.Dropper, C:\ProgramData\Microsoft\IdentityCRL\IdentityCRL.exe, Quarantined, [6c3db46e2565e155b8d90d6df010758b], 
Trojan.Dropper, C:\ProgramData\Microsoft\MF\MF.exe, Quarantined, [9a0f39e9dbaf3afcddb48ceee818db25], 
Trojan.Dropper, C:\ProgramData\Microsoft\User Account Pictures\User Account Pictures.exe, Quarantined, [ccddec365b2fe74f830e6e0ca7592ed2], 
Trojan.Dropper, C:\ProgramData\Microsoft\Windows Defender\Windows Defender.exe, Quarantined, [05a4a47e54360c2a6b26b5c58a76d729], 
Trojan.Dropper, C:\ProgramData\Mirillis\Action\Action.exe, Quarantined, [446522000981c5717a1793e7a65a4ab6], 
Trojan.Dropper, C:\ProgramData\NVIDIA Corporation\NVIDIA Corporation.exe, Quarantined, [e5c490927317ff37b1e07dfd01ffd729], 
Trojan.Dropper, C:\ProgramData\NVIDIA Corporation\Drs\Drs.exe, Quarantined, [d7d28f933f4be353533e51291ce4b44c], 
Trojan.Dropper, C:\ProgramData\NVIDIA Corporation\GeForce Experience\GeForce Experience.exe, Quarantined, [bced9a88e6a45fd7d2bfcdadc83856aa], 
Trojan.Dropper, C:\ProgramData\NVIDIA Corporation\NetService\NetService.exe, Quarantined, [d5d4ae74f79343f33c551466c04043bd], 
Trojan.Dropper, C:\ProgramData\NVIDIA Corporation\nvStreamSvc\nvStreamSvc.exe, Quarantined, [4e5be73b5d2d171fe5acc2b8619f2ad6], 
Trojan.Dropper, C:\ProgramData\NVIDIA Corporation\ShadowPlay\ShadowPlay.exe, Quarantined, [2089a77be5a5fc3a59381961738d5fa1], 
Trojan.Dropper, C:\ProgramData\Origin\Origin.exe, Quarantined, [efba3ae8a3e7b086118037437a861ee2], 
Trojan.Dropper, C:\ProgramData\Origin\Logs\Logs.exe, Quarantined, [f3b62bf7e9a18aac5041b8c2748cc937], 
Trojan.Dropper, C:\ProgramData\Origin\Telemetry\Telemetry.exe, Quarantined, [2782e83adeaca78fcbc67307aa56bd43], 
Trojan.Dropper, C:\ProgramData\Package Cache\{71688083-99e8-4e10-9522-8e98a130c438}\{71688083-99e8-4e10-9522-8e98a130c438}.exe, Quarantined, [56531111a0ea2016880929517d832fd1], 
Trojan.Dropper, C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\{7f51bdb9-ee21-49ee-94d6-90afc321780e}.exe, Quarantined, [07a21c0696f4c076eaa7ec8ee21e2ed2], 
Trojan.Dropper, C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}.exe, Quarantined, [aefb160ce9a13bfbcbc6186234cc17e9], 
Trojan.Dropper, C:\ProgramData\Package Cache\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}.exe, Quarantined, [6742ff2353373afc9df487f319e723dd], 
Trojan.Dropper, C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\{a1909659-0a08-4554-8af1-2175904903a1}.exe, Quarantined, [a207e53d8406f1455938df9b90709b65], 
Trojan.Dropper, C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}.exe, Quarantined, [a702df43f991979fbad789f1fb0527d9], 
Trojan.Dropper, C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\{95716cce-fc71-413f-8ad5-56c2892d4b3a}.exe, Quarantined, [6d3c968cb5d5d75f7e13f5858b7537c9], 
Trojan.Dropper, C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\{ce085a78-074e-4823-8dc1-8a721b94b76d}.exe, Quarantined, [aaffe33fdbaf2e08ff9282f89868837d], 
Trojan.Dropper, C:\ProgramData\PAYDAY 2\PAYDAY 2.exe, Quarantined, [8b1e7aa82b5f74c26a270e6c87797b85], 
Trojan.Dropper, C:\ProgramData\PreEmptive Solutions\Common\Common.exe, Quarantined, [e0c980a28bffdd59cbc6abcf43bd748c], 
Trojan.Dropper, C:\ProgramData\ProductData\ProductData.exe, Quarantined, [595080a2d7b3a195850c5723e8187789], 
Trojan.Dropper, C:\ProgramData\regid.1986-12.com.adobe\regid.1986-12.com.adobe`.exe, Quarantined, [6b3eab777b0f6acc5b36db9f7e82f907], 
Trojan.Dropper, C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft`.exe, Quarantined, [1e8b74aec0ca65d14e43502a649c56aa], 
Trojan.Dropper, C:\ProgramData\Skype\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}.exe, Quarantined, [931699895b2f4beb830e17639f61bc44], 
Trojan.Dropper, C:\ProgramData\Tunngle\webcache\webcache.exe, Quarantined, [65442bf71f6b81b5d6bbea9021df31cf], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\Windows App Certification Kit.exe, Quarantined, [affa70b24d3d0c2a3d54b0ca8d7329d7], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\cs-cz\cs-cz.exe, Quarantined, [713824fe5e2cd462fb965426619ff010], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\de-de\de-de.exe, Quarantined, [05a46cb6a2e8a98da6ebc3b729d71ce4], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\en-us\en-us.exe, Quarantined, [03a627fbd0baed49f59c1e5cb749ec14], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\es-es\es-es.exe, Quarantined, [eabfb171810973c37c15e595629ee020], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\fr-fr\fr-fr.exe, Quarantined, [1297d44e3555be782c65f68469978e72], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\it-it\it-it.exe, Quarantined, [189153cf513991a5058cf08a6d9331cf], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\ja-jp\ja-jp.exe, Quarantined, [cbded15196f4a4928f02d3a7b64ae917], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\ko-kr\ko-kr.exe, Quarantined, [4960988a9ceed165b4dd3e3c4db3fa06], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\pl-pl\pl-pl.exe, Quarantined, [adfc75ad1872e94dc2cf502ae11f4bb5], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\pt-br\pt-br.exe, Quarantined, [05a4d0525b2f3501e7aa81f9b14f1ae6], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\qps-ploc\qps-ploc.exe, Quarantined, [2386df433a50b284464b0575b44c46ba], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\ru-ru\ru-ru.exe, Quarantined, [e4c563bf345680b65c359edce21e6b95], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\tr-tr\tr-tr.exe, Quarantined, [6c3d11117713f73f068bcab089779868], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\zh-cn\zh-cn.exe, Quarantined, [7237948e7a101323bed3ff7b46ba7c84], 
Trojan.Dropper, C:\ProgramData\Windows App Certification Kit\zh-tw\zh-tw.exe, Quarantined, [e3c612106e1c2c0a0a87ec8e2cd46b95], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Adobe\Color\Color.exe, Quarantined, [ffaa7aa81377ef470b864337669a9d63], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Adobe\LogTransport2CC\LogTransport2CC.exe, Quarantined, [743581a16723d75f96fb2753f30dc739], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Apple Computer\iTunes\iTunes.exe, Quarantined, [aefb73af90fa92a49df4ef8bc9372fd1], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Apple Computer\Logs\Logs.exe, Quarantined, [eebb33ef4f3b79bdeda46f0bfd0329d7], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Apple Computer\Preferences\Preferences.exe, Quarantined, [e4c5c26099f1ae8849486b0f817f748c], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Azureus\Azureus.exe, Quarantined, [1d8c4ed4f09aec4a98f90e6cb44cb749], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Azureus\active\active.exe, Quarantined, [7b2e9c86afdbe94d0a87cbaf8b75b14f], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Azureus\custom\custom.exe, Quarantined, [6148ee3434562313b0e181f9956b0000], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Azureus\dht\dht.exe, Quarantined, [d2d7859da9e1d4624c45b2c83dc38b75], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Azureus\net\net.exe, Quarantined, [b5f469b997f364d295fcb1c9a0609a66], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Azureus\subs\subs.exe, Quarantined, [a7021e044446b482c7cab4c63fc107f9], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Azureus\torrents\torrents.exe, Quarantined, [ddcc130f3555df576e238befa957629e], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\BitTorrent\BitTorrent.exe, Quarantined, [c4e569b9751575c1e2af2b4f02fefb05], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\BitTorrent\apps\apps.exe, Quarantined, [2b7e27fbdeaced49fb96cbaf9b65fe02], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\BitTorrent\dlimagecache\dlimagecache.exe, Quarantined, [2b7e48da2d5ddf579001245631cf7888], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\BitTorrent\ie\ie.exe, Quarantined, [6c3d4cd62e5c4ee809889fdb31cf1de3], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\BitTorrent\updates\updates.exe, Quarantined, [84258c96206a9c9a1a7787f3976937c9], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\dclogs\dclogs.exe, Quarantined, [a90059c9ef9b033358397a00ba4609f7], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\DMCache\DMCache.exe, Quarantined, [a900839fa5e57eb8f49de39743bd926e], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\IDM\IDM.exe, Quarantined, [42677fa3cebcd75fa1f088f22bd505fb], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\IDM\idmmzcc5\idmmzcc5.exe, Quarantined, [d5d4c9593c4ecb6b840d156544bc24dc], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\IDM\Scheduler\Scheduler.exe, Quarantined, [74355ac87d0d9c9adeb39ae03bc59d63], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\IObit\IObit.exe, Quarantined, [50593ae821696bcb217081f9fb0527d9], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\IObit\Advanced SystemCare V8\Advanced SystemCare V8.exe, Quarantined, [7c2d36ecd3b7af877a17136741bfc040], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\IObit\IObit Uninstaller\IObit Uninstaller.exe, Quarantined, [3079988aaddd5dd9e1b06b0f58a8df21], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\L.A.Noire\Uninstall\Uninstall.exe, Quarantined, [b1f86db5ee9cd6608d04a3d7c23ec937], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Max Payne 3\Uninstall\Uninstall.exe, Quarantined, [3a6f3ae8e5a57eb8b1e03d3d42be34cc], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Microsoft\HTML Help\HTML Help.exe, Quarantined, [c7e236ecff8b0135dbb6ea90808051af], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Microsoft\Protect\Protect.exe, Quarantined, [882125fd0b7f4ee8f8998feb1de331cf], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Mirillis\Action\Action.exe, Quarantined, [1792b072fe8c2f07177ac4b6748c9f61], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Firefox.exe, Quarantined, [39705fc32a60a78f543d93e7fc0456aa], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\MPC-HC\MPC-HC.exe, Quarantined, [9e0b9c869ded54e2ccc50d6d7e826e92], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Need For Speed The Run\Uninstall\Uninstall.exe, Quarantined, [0b9e0e143f4b1323fa97ff7bfe02c53b], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\NuGet\NuGet.exe, Quarantined, [5d4c968c33576fc798f9cab0649ccf31], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\NVIDIA\ComputeCache\ComputeCache.exe, Quarantined, [5554c0627f0b1f17c4cd641660a0639d], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Origin\Origin.exe, Quarantined, [b7f21b07bccee254d0c12f4bce32ba46], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Origin\Cloud Saves\Cloud Saves.exe, Quarantined, [2e7b65bd573372c4a1f0c2b878889e62], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Origin\CommonTitles\CommonTitles.exe, Quarantined, [a900d34f3d4db284632e7604da263ec2], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\ProductData\ProductData.exe, Quarantined, [32779c86bbcf4beb454caecc1ce430d0], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Skype\Skype.exe, Quarantined, [6c3d2ef4dfab9e98a6eb6b0f5aa6c937], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Skype\DataRv\DataRv.exe, Quarantined, [0d9c2ff3dbaf87af4b46ef8b2fd16b95], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Skype\live#3aejraam12\live#3aejraam12.exe, Quarantined, [4c5d7aa8d6b43006860be1994db360a0], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Skype\shared_dynco\shared_dynco.exe, Quarantined, [248556cc246686b0dfb24535ff01e61a], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Skype\shared_httpfe\shared_httpfe.exe, Quarantined, [f5b469b93753e155aee3f585f70952ae], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Sony\Sony.exe, Quarantined, [3d6cb66ca9e126104f42314956aa1be5], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Sony\Render Templates\Render Templates.exe, Quarantined, [dbcee63cdfab3bfb850c2a500ff10cf4], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Surgeon Simulator 2013 - Anniversary Edition\Uninstall\Uninstall.exe, Quarantined, [c7e29f837e0c50e6444d473308f828d8], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\TS3Client\TS3Client.exe, Quarantined, [1792150d7a107cba80116b0fbf410ef2], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Tunngle\Tunngle.exe, Quarantined, [baef8f934f3b072f9df42c4ec33d956b], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\WinRAR\WinRAR.exe, Quarantined, [9217988a800a3204cbc6f2889e62b44c], 
Trojan.Dropper, C:\Users\Data Ugex.exe, Quarantined, [c0e9061ced9dae88e5acaad06c94d32d], 
Trojan.Dropper, C:\Users\Users.exe, Quarantined, [c6e348dafb8f80b6c8c9c4b6e21e48b8], 
Trojan.Dropper, C:\Users\Ugex\Desktop\Desktop.exe, Quarantined, [5554849ea7e358deaae70c6ee11fdf21], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Windows\Windows.exe, Quarantined, [9712cf532e5cbb7b1d7498e2bd437789], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Windows\1033\1033.exe, Quarantined, [48616cb64d3de650fb963f3bd828d52b], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Windows\Caches\Caches.exe, Quarantined, [5a4f43dfcfbb43f31a77d2a8758b31cf], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Windows\Explorer\Explorer.exe, Quarantined, [5b4e2df596f4e056108108729769f40c], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Windows\Themes\Themes.exe, Quarantined, [21888a98800ab581e1b0f88237c92bd5], 
Trojan.Dropper, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe, Quarantined, [496089991b6f46f06c250c6edf21857b], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif, Quarantined, [04a530f27812999d0a87ea9021df5ba5], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe, Quarantined, [644551d10c7e221408896f0b4db30ef2], 
Trojan.Dropper, C:\Windows\SysWOW64\Ugex's Setting.scr, Quarantined, [baef33ef99f1d165abe6205a3dc35aa6], 
Trojan.Dropper, C:\Users\Default\Default.exe, Quarantined, [96133ce608824ee8f9987ffb37c9c040], 
Trojan.Dropper, C:\Users\Public\Public.exe, Quarantined, [2980df4358320f273f52f38742be38c8], 
Trojan.Dropper, C:\Users\Public\Documents\Documents.exe, Quarantined, [9d0c71b1474332048c05b0ca21df44bc], 
Trojan.Dropper, C:\Users\Public\Downloads\Downloads.exe, Quarantined, [7d2cab77c8c2b086f8991664966ac838], 
Trojan.Dropper, C:\Users\Public\Libraries\Libraries.exe, Quarantined, [3673ac765535fd3992ffa6d440c0c838], 
Trojan.Dropper, C:\Users\Public\Music\Music.exe, Quarantined, [0c9d75ad375361d5f29fa2d845bb55ab], 
Trojan.Dropper, C:\Users\Public\Pictures\Pictures.exe, Quarantined, [f4b57ba7098170c6a5ec2f4b35cb857b], 
Trojan.Dropper, C:\Users\Public\Recorded TV\Recorded TV.exe, Quarantined, [c7e2a280cac07db9e2afc1b968989967], 
Trojan.Dropper, C:\Users\Public\Videos\Videos.exe, Quarantined, [1891140ebbcffd39bcd59ddd5ca4b050], 
Trojan.Dropper, C:\Users\Ugex\Ugex.exe, Quarantined, [b1f8d151a0eaec4a118097e3c53b3bc5], 
Trojan.Dropper, C:\Users\Ugex\Contacts\Contacts.exe, Quarantined, [50594bd7503ab28492ff7cfe58a829d7], 
Trojan.Dropper, C:\Users\Ugex\Documents\Documents.exe, Quarantined, [9613041e5238e84e5140a8d247b903fd], 
Trojan.Dropper, C:\Users\Ugex\Downloads\Downloads.exe, Quarantined, [6a3f51d1385274c2ace583f7bf4125db], 
PUP.Riskware.Patcher, C:\Users\Ugex\Downloads\id21.10.MR.!.HERO.rar, Quarantined, [c0e9130f8efc2e08ccb9fe37b34e9d63], 
RiskWare.Tool.HCK, C:\Users\Ugex\Downloads\K.AR. By MR ! HERO.rar, Quarantined, [72374ad88efc4ee8daf9752105fd3ec2], 
PUP.Optional.IBryte, C:\Users\Ugex\Downloads\Unconfirmed 947887.crdownload, Quarantined, [6e3bb36f9ded67cf13e38d74aa5803fd], 
Trojan.Dropper, C:\Users\Ugex\Favorites\Favorites.exe, Quarantined, [94154cd64e3c65d1226f562442be4cb4], 
Trojan.Dropper, C:\Users\Ugex\Links\Links.exe, Quarantined, [8d1c6db5e1a9af87820fa1d926da758b], 
Trojan.Dropper, C:\Users\Ugex\Music\Music.exe, Quarantined, [acfd051da2e843f33c557307aa5631cf], 
Trojan.Dropper, C:\Users\Ugex\Pictures\Pictures.exe, Quarantined, [7039d9490882330399f85b1f3cc47a86], 
Trojan.Dropper, C:\Users\Ugex\Saved Games\Saved Games.exe, Quarantined, [6d3cf62cc6c47db981105b1f669a8b75], 
Trojan.Dropper, C:\Users\Ugex\Searches\Searches.exe, Quarantined, [367381a1acdea78fd4bd83f7b74931cf], 
Trojan.Dropper, C:\Users\Ugex\Videos\Videos.exe, Quarantined, [7f2a37eb02884cea3a57d5a5926e38c8], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\csrss.exe, Quarantined, [23867aa81674053189084337748ca858], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\inetinfo.exe, Quarantined, [d5d4958d98f28aac08893d3d837dcf31], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Local.exe, Quarantined, [4f5a5ac8424893a3fd94d1a97e82f60a], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\lsass.exe, Quarantined, [5455041ed6b496a0444ddc9e20e01de3], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\services.exe, Quarantined, [bdecc06249416dc9444d5b1f867a06fa], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\winlogon.exe, Quarantined, [a702d05294f653e3850c0773d12f6e92], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Device Metadata\Device Metadata.exe, Quarantined, [4f5aed35a5e5330396fb15653cc4af51], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Feeds\Feeds.exe, Quarantined, [3376bc66deac171f860bc4b6ed136f91], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Internet Explorer\Internet Explorer.exe, Quarantined, [664347db4644171f8d041664ad5318e8], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Media Player\Media Player.exe, Quarantined, [52572101b1d975c1642def8ba7591ae6], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Portable Devices\Portable Devices.exe, Quarantined, [9b0e081ac7c32d09761b4c2e29d76799], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Redist\Redist.exe, Quarantined, [5f4a4ad893f78aac5041bdbd669aaf51], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Windows Mail\Windows Mail.exe, Quarantined, [31782cf6078345f1b0e16a10ba46f709], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Microsoft\Windows Sidebar\Windows Sidebar.exe, Quarantined, [97125ec43c4e0630137e5f1b6e928f71], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Adobe\Color\Color.exe, Quarantined, [f6b376ac6228d85e236ec8b2cd332ad6], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Adobe\contentstore\contentstore.exe, Quarantined, [d9d0e73bc5c53cfa7120c6b4758b5aa6], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Adobe\OOBE\OOBE.exe, Quarantined, [d6d334eef99171c5f8997307dc24f907], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Adobe\Updater6\Updater6.exe, Quarantined, [abfe0121206a290d4b4691e955ab4db3], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Apple Computer\iTunes\iTunes.exe, Quarantined, [97120d15ff8bac8a95fc146647b9649c], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Mirillis\Action\Action.exe, Quarantined, [7633978baedcaf870c85a8d2fd0313ed], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\NVIDIA\NvBackend\NvBackend.exe, Quarantined, [ddccb46e2466b3836829c8b2ee120000], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\NVIDIA Corporation\GFExperience\GFExperience.exe, Quarantined, [1198ce54a6e4e74fe4ada7d39a6616ea], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\NVIDIA Corporation\ShadowPlay\ShadowPlay.exe, Quarantined, [43662af8a8e226102e635a20bd43a45c], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Origin\AvatarsCache\AvatarsCache.exe, Quarantined, [07a264be2b5fc076b3de1e5c17e9619f], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Origin\Origin\Origin.exe, Quarantined, [3b6e170b0b7f2c0a0f824832808001ff], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\PAYDAY 2\PAYDAY 2.exe, Quarantined, [e5c435ed5f2ba096b5dce595b14f669a], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Loc.Mail.Bron.Tok\Loc.Mail.Bron.Tok`.exe, Quarantined, [1b8e170b3e4c181e8f026b0f629ec53b], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Skype\Apps\Apps.exe, Quarantined, [9a0f061cd0ba3afc9cf59fdbd9271de3], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Sony Online Entertainment\ApplicationUpdater\ApplicationUpdater.exe, Quarantined, [98112ef4beccf73f6031bebc50b0c13f], 
Trojan.Dropper, C:\Users\Ugex\AppData\Local\Sony Online Entertainment\Digests\Digests.exe, Quarantined, [b6f354ce9cee6dc9d7ba6317f10f4fb1], 
Trojan.Dropper, C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Profiles\i0bs6qh3.default\i0bs6qh3.default`.exe, Quarantined, [b6f339e9dfab1422d2bf0674cd332bd5], 
Trojan.Dropper, C:\Users\Public\Music\Sample Music\Sample Music.exe, Quarantined, [cfdaaf7366241d19870afa80e91712ee], 
Trojan.Dropper, C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe, Quarantined, [3d6cf52d0b7f072f811082f808f8a957], 
Trojan.Dropper, C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe, Quarantined, [109934eeb1d9f046f69b5723c739659b], 
Trojan.Dropper, C:\Users\Public\Videos\Sample Videos\Sample Videos.exe, Quarantined, [fdacc75b4743c076078a7604fd0351af], 
Trojan.Dropper, C:\Users\Ugex\Desktop\THE WALKING DEAD S01 SUB\THE WALKING DEAD S01 SUB.exe, Quarantined, [8920ca5857333600eba6ceac946c936d], 
Trojan.Dropper, C:\Users\Ugex\Desktop\THE WALKING DEAD S02 SUB\THE WALKING DEAD S02 SUB.exe, Quarantined, [7831e939315940f6266bf288fd036a96], 
Trojan.Dropper, C:\Users\Ugex\Desktop\THE WALKING DEAD S03 SUB\THE WALKING DEAD S03 SUB.exe, Quarantined, [f4b571b10a8068ce95fc6e0c738ddf21], 
Trojan.Dropper, C:\Users\Ugex\Desktop\Fixfolder & Trojorm tool\Fixfolder & Trojorm tool.exe, Quarantined, [decbaa78e4a6d660355cfa8028d8da26], 
Trojan.Dropper, C:\Users\Ugex\Desktop\General\General.exe, Quarantined, [aefbbe643e4c9b9b4150a6d446ba1ee2], 
Trojan.Dropper, C:\Users\Ugex\Desktop\AC_UNITY+12Tr-LNG_v1.4.0-Multi\AC_UNITY+12Tr-LNG_v1.4.0-Multi`.exe, Quarantined, [4c5dc0627b0f5dd98f023c3e42be57a9], 
Fake.Dropped.Malware, C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Cookies\Cookies.exe, Quarantined, [6d3c7ba77d0d181efca474cf19eb7987], 
Worm.Brontok.Gen, C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Templates\WowTumpeh.com, Quarantined, [b0f90a18aae0be782d8ff49e14f015eb], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2014-12-24-4.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-23-6.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2014-12-25-5.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2014-12-26-6.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-08-5.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-09-6.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-14-4.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-15-5.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-16-6.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-17-7.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-18-1.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-19-2.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-20-3.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-21-4.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-22-5.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-24-7.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-25-1.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-26-2.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-27-3.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-28-4.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-29-5.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-30-6.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-01-31-7.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-01-1.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-02-2.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-03-3.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-04-4.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-05-5.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-06-6.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-07-7.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-08-1.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-09-2.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-10-3.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-11-4.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
Stolen.Data, C:\Users\Ugex\AppData\Roaming\dclogs\2015-02-12-5.dc, Quarantined, [2782e53d1a701f1719ee00b92dd72bd5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2015 - 04:01 PM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Ugex on Thu 02/26/2015 at 23:51:55.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/26/2015 at 23:55:24.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:32 AM

Posted 26 February 2015 - 10:12 PM

After seeing the type of malware involved and consulting with others, it is to your benefit to start a new topic in the Malware Removal Forum.

Some special tools and expertise in using them is needed to root out the culprits.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2015 - 11:45 PM

Hello..

 

you replied while i was trying to post the log for ESET online scan...the scan was 81% done after 6 hours, and i had to stop it after taking this long... the log was too big that when i try to post it here i keep seeing: "posting" with the green loading bar for 40 minutes... until now i cant post it

 

the new topic: http://www.bleepingcomputer.com/forums/t/568470/infected-with-trojans-and-worms/

 

Thanks for every thing good sir, for your time, and effort.. and i wish you a nice day...


Edited by Ugex HustleHudge, 27 February 2015 - 03:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users