infected and need help

Jul 14, 2018
5
0
10
]hi, my computer is infected, and whenever I open malwarebytes free, it auto closes, along with any google search with antivirus in it. i was able to install and run hjt and I have the log here (sorry dont know how to attach files on this site, Im doing this on my phone)
------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:28:42 PM, on 7/14/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19081)


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Tommy\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Tommy\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Tommy\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
C:\Users\Tommy\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\Tommy\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Windows\syswow64\MsiExec.exe
C:\Users\Tommy\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Users\Tommy\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Wondershare Video Converter Ultimate 7.1.0 - {451C804F-C205-4F03-B48E-537EC94937BF} - C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [PriceMeterW] "C:\Users\Tommy\AppData\Local\PriceMeter\pricemeterw.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GenieFloater] C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\Tommy\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [lite] C:\Users\Tommy\AppData\Local\Lite\Application\lite.exe --no-startup-window
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MEGAsync.lnk = Tommy\AppData\Local\MEGAsync\MEGAsync.exe
O4 - Global Startup: NETGEAR WNDA4100 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: WSWSVCUchrome - {1CA93FF0-A218-44F1 - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdatem) (pricemeterliveUpdatem) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe

--
End of file - 12082 bytes
 
Solution
Before going any further, go to c:\windows\system32 and right click on the file cmd.exe. Select RunAs Administrator and when the Command form shows up, type
net user Administrator /active:yes
then hit the Enter key. Close the form and restart the machine.

You should see an extra log in icon for Administrator. Log in to gthat (no password needed) and when it finishes settng up the desktop, etc., run all the scans again, ending up with another HijackThis run and put the log up here. You could tick anything you don't recognise in the 04 and 23 sections.

Working outside your own user account is always a good thing to do when the account is under attack. Leave the Administrator account in place for now but when you do want to put...
It's years since I analysed a HJT report but I suggest you trim down all those auto starts in the 04 list and turn off the Logmein because that might be the cause of the problem. Avast isn't doing much for you so you might consider reviewing keeping it.

Had you run Spybot as well as MBAM, and if not, do it and let it fix anything it finds.

Run HJT again and put up the latest log here.
 
Jul 14, 2018
5
0
10


I have tried to run malwarebytes, but the virus closes it whenever I opened it, Ill post a spybot report, and get rid of avast, because it obviously isnt doing it job lol
 
Jul 14, 2018
5
0
10


still no luck with mbam, here is the spybot scan, i did the scan and fixed all of the things it found


Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318199822-1076821739-1756395208-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318199822-1076821739-1756395208-501\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2318199822-1076821739-1756395208-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2318199822-1076821739-1756395208-501\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2318199822-1076821739-1756395208-1000\Software\WinRAR\ArcHistory
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318199822-1076821739-1756395208-1000\Software\WinRAR\General\LastFolder
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2318199822-1076821739-1756395208-1000\Software\WinRAR\DialogEditHistory\ExtrPath
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $BCOOKIES] Browser: Cookie (107) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (24) (Browser: Cache, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $BHISTORY] Browser: History (16) (Browser: History, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $BCOOKIES] Browser: Cookie (3208) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (2269) (Browser: Cache, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $BHISTORY] Browser: History (2219) (Browser: History, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54


--- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) ---

2018-04-20 blindman.exe (2.7.64.152)
2018-04-20 explorer.exe (2.7.64.191)
2018-02-06 SDBootCD.exe (2.7.64.109)
2018-04-20 SDCleaner.exe (2.7.64.110)
2018-04-20 SDDelFile.exe (2.7.64.94)
2018-04-20 SDFiles.exe (2.7.64.137)
2018-04-20 SDFileScanHelper.exe (2.7.64.7)
2018-04-20 SDFSSvc.exe (2.7.64.219)
2018-04-20 SDHelp.exe (2.7.64.1)
2018-02-06 SDHookHelper.exe (2.7.64.2)
2018-02-06 SDHookInst32.exe (2.7.64.2)
2018-02-06 SDHookInst64.exe (2.7.64.2)
2018-04-20 SDImmunize.exe (2.7.64.133)
2018-04-20 SDLogReport.exe (2.7.64.107)
2018-04-20 SDOnAccess.exe (2.7.64.12)
2018-04-20 SDPESetup.exe (2.7.64.3)
2018-04-20 SDPEStart.exe (2.7.64.86)
2018-04-20 SDPhoneScan.exe (2.7.64.29)
2018-04-20 SDPRE.exe (2.7.64.22)
2018-02-06 SDPrepPos.exe (2.7.64.15)
2018-04-20 SDQuarantine.exe (2.7.64.103)
2018-02-06 SDRootAlyzer.exe (2.7.64.116)
2018-02-06 SDSBIEdit.exe (2.7.64.39)
2018-04-20 SDScan.exe (2.7.64.191)
2018-02-06 SDScript.exe (2.7.64.54)
2018-04-20 SDSettings.exe (2.7.64.139)
2018-04-20 SDShell.exe (2.7.64.2)
2018-02-06 SDShred.exe (2.7.64.108)
2018-02-06 SDSysRepair.exe (2.7.64.102)
2018-02-06 SDTools.exe (2.7.64.157)
2018-04-20 SDTray.exe (2.7.64.129)
2018-04-20 SDUpdate.exe (2.7.64.98)
2018-04-20 SDUpdSvc.exe (2.7.64.82)
2018-04-20 SDWelcome.exe (2.7.64.131)
2018-02-06 SDWSCSvc.exe (2.7.64.3)
2018-07-14 unins000.exe (51.1052.0.0)
2017-11-28 xcacls.exe
2017-11-28 borlndmm.dll (10.0.2288.42451)
2018-01-29 DelZip190.dll (1.9.0.119)
2018-01-29 DelZip192.dll (1.9.2.136)
2018-01-29 libeay32.dll (1.0.2.14)
2017-11-28 libssl32.dll (1.0.0.4)
2018-02-06 NotificationSpreader.dll (2.7.64.4)
2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98)
2018-04-20 SDAV.dll (2.4.40.7)
2018-02-06 SDECon32.dll (2.7.64.114)
2018-03-23 SDECon64.dll (2.7.64.113)
2018-02-06 SDEvents.dll (2.7.64.2)
2018-04-20 SDFileScanLibrary.dll (2.7.64.24)
2018-02-06 SDHook32.dll (2.7.64.2)
2018-02-06 SDHook64.dll (2.7.64.2)
2018-04-20 SDImmunizeLibrary.dll (2.7.64.3)
2018-04-20 SDLicense.dll (2.7.64.3)
2018-04-20 SDLists.dll (2.7.64.8)
2018-02-06 SDResources.dll (2.7.64.7)
2018-04-20 SDScanLibrary.dll (2.7.64.131)
2018-04-20 SDTasks.dll (2.7.64.15)
2018-02-06 SDWinLogon.dll (2.7.64.0)
2018-01-29 sqlite3.dll (3.22.0.0)
2018-01-29 ssleay32.dll (1.0.2.14)
2018-02-06 Tools.dll (2.7.64.36)
2018-02-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2018-07-04 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2017-11-28 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2018-06-20 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-04-04 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2018-05-30 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2018-04-12 Includes\Malware-002.sbi (*)
2016-11-07 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2018-05-23 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2018-05-02 Includes\PUPS-000.sbi (*)
2018-05-02 Includes\PUPS-001.sbi (*)
2018-05-02 Includes\PUPS-002.sbi (*)
2018-05-02 Includes\PUPS-003.sbi (*)
2018-05-02 Includes\PUPS-004.sbi (*)
2018-07-11 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2017-09-27 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2018-06-20 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2017-06-28 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2017-10-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2018-06-21 Includes\Trojans-009.sbi (*)
2018-06-21 Includes\Trojans-010.sbi (*)
2018-07-11 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
 
My goodness; this has been going on for months! Let Spybot fix everything it found but you might also like to consider a complete fresh installation of Windows. Gather all your personal files, move them to another machine and scan it thoroughly before formating your hard disk and start all over.
 
Jul 14, 2018
5
0
10


I will do this if I must have to, there were never any signs before! Is there anything else I can possibly do, or was that the best option?
 

mdd1963

Distinguished
From an uninfected computer, make a Hiren's Win10 PE Rescue Disk with Rufus....

Hiren's https://www.hirensbootcd.org/
Rufus https://rufus.akeo.ie/

Set your BIOS to boot from newly created USB flash drive, scan the drive with Malwarebytes, and whatever malware utilities are included....

(If you have critical files, get those off from within PE environment...)

At some point, it will be easier to download/create new install media from MS, and simply start over...; a full install from USB to an SSD takes, what, 10-20 minutes?
 

Eximo

Distinguished
Herald
Combofix from BleepingComputer.com in conjunction with MBAM usually gets rid of most common malware, I've found. Mostly my father's PC which he regularly gets infected by trying to visit Chinese manufacturing companies for parts datasheets. So many fake ones out there now. That and the other thing he probably does. :)
 

Eximo

Distinguished
Herald


I hope not. It was great for getting rid of Anti-Virus *current year* which was the most common thing my father ended up with.

Shows a last update from this month, so it is being maintained at least.
 
Jul 14, 2018
5
0
10


How would I go about targeting the trojans?
They are really starting to slow my computer down and I just want to focus on those
 
Before going any further, go to c:\windows\system32 and right click on the file cmd.exe. Select RunAs Administrator and when the Command form shows up, type
net user Administrator /active:yes
then hit the Enter key. Close the form and restart the machine.

You should see an extra log in icon for Administrator. Log in to gthat (no password needed) and when it finishes settng up the desktop, etc., run all the scans again, ending up with another HijackThis run and put the log up here. You could tick anything you don't recognise in the 04 and 23 sections.

Working outside your own user account is always a good thing to do when the account is under attack. Leave the Administrator account in place for now but when you do want to put him to bed, the syntax is the same except it is /active:no.
 
Solution