Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Computer is acting fishy...  (Read 6826 times)

0 Members and 1 Guest are viewing this topic.

kamikaze33

    Topic Starter


    Intermediate

    Computer is acting fishy...
    « on: January 19, 2015, 05:35:47 PM »
    hey guys
    Ive been noticing some oddities on my computer; for one thing every once and a while when i wont be doing anything, i hear the "click" sound play like when you navigate forward/backward in a web browser, however i wont have the browser open. Also i had some trouble uninstalling some old sketchy software, so in my ignorance i tried to use a few uninstaller programs and now i cant seem to get rid of those! To make matters worse, i have TRIED to move around various install locations on my hard drives (i have an ssd and a bunch of hdd's) and at this point they are all spread all over *censored* across several hard drives. I believe this is a main cause of my issues as things havnt been installing/uninstalling properly and ive got some bad files kicking around.
    I have avast basic, i have MBAM premium (which wont seem to "update") and ive done all the scans required as mentioned in the stickied post in this thread, and nothing comes up! Also Hijack this says i have no firewall running, but the windows security center is telling me it is turned on and all is well. I will post all of my logs below!

    *****************************HijackThis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:20:45 PM, on 1/19/2015
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v11.0 (11.00.9600.17496)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
    C:\Users\Joel\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe
    C:\ProgramData\Razer\SwitchBlade\Apps\Razer\DF495DFD-79F6-34DF-BB1E-E58DB5BDCF2C\RzMiMo.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
    C:\Users\Joel\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
    D:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
    D:\Program Files\Cyberlink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    D:\Program Files\LG_Tool_Kit\fwupdate.exe
    D:\Program Files\WinArchiver\WAHELPER.EXE
    Y:\Program Files\Razer\SwitchBlade\RzSBHelper.exe
    C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    Y:\Program Files\Acrobat\acrotray.exe
    Y:\Program Files\iTunes\iTunesHelper.exe
    C:\ProgramData\Razer\SwitchBlade\DeathStalker\Razer\1068AAE3-6299-4086-A7F6-0600F5F1D1E5\RzHome.exe
    Y:\Program Files\Razer\SwitchBlade\RzAppManager.exe
    C:\ProgramData\Razer\SwitchBlade\Apps\Razer\FEA8B4E6-99A0-4DAB-B06F-DE5AEE782D61\RzSBUISettings.exe
    C:\ProgramData\Razer\SwitchBlade\Apps\sebho.zapfe.com\D7621AA7-81E2-45DA-BB74-2F629BDD4914\SwResMon2.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ismagent.exe
    C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\updateui.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Y:\Program Files\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    N:\HDD\Programs\Computer Restoration Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
    O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "d:\Program Files\Adobe Reader 9.3\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
    O4 - HKLM\..\Run: [CLMLServer] "D:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "D:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" "D:\Program Files\Cyberlink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [RemoteControl10] "D:\Program Files\Cyberlink\PowerDVD10\PDVD10Serv.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    O4 - HKLM\..\Run: [LGODDFU] "D:\Program Files\LG_Tool_Kit\lgfw.exe" blrun
    O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [WAHELPER.EXE] "D:\Program Files\WinArchiver\WAHELPER.EXE"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [RzSBHelper] Y:\Program Files\Razer\SwitchBlade\RzSBHelper.exe
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "Y:\Program Files\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "Y:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
    O4 - HKCU\..\Run: [Steam] "K:\HDD\Programs\Steam2\Steam.exe" -silent
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\Joel\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Joel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Innova OBD PC-Link] C:\Program Files (x86)\Innova OBD PC-Link\Innova.exe
    O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BLCWHR605KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] Y:\Program Files\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "Y:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Facebook Messenger.lnk = Joel\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
    O4 - Global Startup: RazerFPSStartup.lnk = C:\ProgramData\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe
    O4 - Global Startup: RzMiMoAppService.lnk = C:\ProgramData\Razer\SwitchBlade\Apps\Razer\DF495DFD-79F6-34DF-BB1E-E58DB5BDCF2C\RzMiMo.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - Y:\Program Files\SASCORE64.EXE (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Product - 2013/03/30 15:47:20 (CLKMSVC10_18EB2E78) - CyberLink - D:\Program Files\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: Intel Scheduler2 Service (IntSch2Svc) - Intel - C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - Y:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WinArchiver Service - Unknown owner - D:\Program Files\WinArchiver\WAService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    kamikaze33

      Topic Starter


      Intermediate

      Re: Computer is acting fishy...
      « Reply #1 on: January 19, 2015, 05:41:28 PM »
      ***************MBAM
      <?xml version="1.0" encoding="UTF-16"?>

      -<mbam-log>


      -<header>

      <date>2015/01/15 12:14:37 -0700</date>

      <logfile>mbam-log-2015-01-15 (12-14-37).xml</logfile>

      <isadmin>yes</isadmin>

      </header>


      -<engine>

      <version>0.00.0.0000</version>

      <malware-database>v0000.00.00.00</malware-database>

      <rootkit-database>v0000.00.00.00</rootkit-database>

      <license>premium</license>

      <file-protection>disabled</file-protection>

      <web-protection>disabled</web-protection>

      <self-protection>disabled</self-protection>

      </engine>


      -<system>

      <osversion>Windows 7 Service Pack 1</osversion>

      <arch>x64</arch>

      <username>Joel</username>

      <filesys>NTFS</filesys>

      </system>


      -<summary>

      <type>threat</type>

      <result>completed</result>

      <objects>4313</objects>

      <time>19</time>

      <processes>0</processes>

      <modules>0</modules>

      <keys>0</keys>

      <values>0</values>

      <datas>0</datas>

      <folders>0</folders>

      <files>0</files>

      <sectors>0</sectors>

      </summary>


      -<options>

      <memory>enabled</memory>

      <startup>enabled</startup>

      <filesystem>enabled</filesystem>

      <archives>enabled</archives>

      <rootkits>disabled</rootkits>

      <deeprootkit>disabled</deeprootkit>

      <heuristics>enabled</heuristics>

      <pup>warn</pup>

      <pum>enabled</pum>

      </options>

      <items> </items>

      </mbam-log>

      kamikaze33

        Topic Starter


        Intermediate

        Re: Computer is acting fishy...
        « Reply #2 on: January 19, 2015, 05:47:12 PM »
        **********************Security Check
        Results of screen317's Security Check version 0.99.93 
         Windows 7 Service Pack 1 x64 (UAC is disabled!) 
         Internet Explorer 11 
        ``````````````Antivirus/Firewall Check:``````````````[/u]
         Windows Firewall Enabled! 
        avast! Antivirus   
         Antivirus up to date!   
        `````````Anti-malware/Other Utilities Check:`````````[/u]
         Out of date HijackThis  installed!
         HijackThis 2.0.2   
         Java 8 Update 25 
         Java version 32-bit out of Date!
         Adobe Flash Player 16.0.0.257 
         Adobe Reader 9 Adobe Reader out of Date!
         Mozilla Firefox (for.)
         Google Chrome (39.0.2171.71)
         Google Chrome (39.0.2171.95)
        ````````Process Check: objlist.exe by Laurent````````[/u] 
         Malwarebytes Anti-Malware mbam.exe 
         Malwarebytes Anti-Malware mbamscheduler.exe   
         AVAST Software Avast AvastSvc.exe 
         AVAST Software Avast avastui.exe 
        `````````````````System Health check`````````````````[/u]
         Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
        ````````````````````End of Log``````````````````````[/u]



        *****************************ADW Cleaner
        # AdwCleaner v4.108 - Report created 19/01/2015 at 17:44:45
        # Updated 17/01/2015 by Xplode
        # Database : 2015-01-18.1 [Live]
        # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
        # Username : Joel - JOEL-DESKTOP
        # Running from : C:\Users\Joel\Downloads\adwcleaner_4.108.exe
        # Option : Scan

        ***** [ Services ] *****


        ***** [ Files / Folders ] *****


        ***** [ Scheduled Tasks ] *****


        ***** [ Shortcuts ] *****


        ***** [ Registry ] *****


        ***** [ Browsers ] *****

        -\\ Internet Explorer v0.0.0.0


        -\\ Google Chrome v39.0.2171.95


        *************************

        AdwCleaner[R0].txt - [5670 octets] - [18/01/2015 13:24:05]
        AdwCleaner[R1].txt - [668 octets] - [19/01/2015 17:44:45]
        AdwCleaner[S0].txt - [5737 octets] - [18/01/2015 13:25:08]

        ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [787 octets] ##########

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 991
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Computer is acting fishy...
        « Reply #3 on: January 19, 2015, 05:58:48 PM »
        Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

        1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
        2. The fixes are specific to your problem and should only be used for this issue on this machine.
        3. If you don't know or understand something, please don't hesitate to ask.
        4. Please DO NOT run any other tools or scans while I am helping you.
        5. It is important that you reply to this thread. Do not start a new topic.
        6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
        7. Absence of symptoms does not mean that everything is clear.

        If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
        *************************************************************************
        Is your C drive an SSD?
        Please run MBAM in safe mode with Networking.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        kamikaze33

          Topic Starter


          Intermediate

          Re: Computer is acting fishy...
          « Reply #4 on: January 21, 2015, 06:52:54 PM »
          Hi Superdave

          Yes my c drive is an ssd.
          Ill run MBAM again with those changes and post the log!

          kamikaze33

            Topic Starter


            Intermediate

            Re: Computer is acting fishy...
            « Reply #5 on: January 21, 2015, 10:09:01 PM »
            <?xml version="1.0" encoding="UTF-16"?>

            -<mbam-log>


            -<header>

            <date>2015/01/21 19:02:51 -0700</date>

            <logfile>mbam-log-2015-01-21 (19-02-39).xml</logfile>

            <isadmin>yes</isadmin>

            </header>


            -<engine>

            <version>0.00.0.0000</version>

            <malware-database>v0000.00.00.00</malware-database>

            <rootkit-database>v0000.00.00.00</rootkit-database>

            <license>premium</license>

            <file-protection>disabled</file-protection>

            <web-protection>disabled</web-protection>

            <self-protection>disabled</self-protection>

            </engine>


            -<system>

            <osversion>Windows 7 Service Pack 1</osversion>

            <arch>x64</arch>

            <username>Joel</username>

            <filesys>NTFS</filesys>

            </system>


            -<summary>

            <type>custom</type>

            <result>completed</result>

            <objects>410366</objects>

            <time>8978</time>

            <processes>0</processes>

            <modules>0</modules>

            <keys>0</keys>

            <values>0</values>

            <datas>0</datas>

            <folders>0</folders>

            <files>0</files>

            <sectors>0</sectors>

            </summary>


            -<options>

            <memory>enabled</memory>

            <startup>enabled</startup>

            <filesystem>enabled</filesystem>

            <archives>enabled</archives>

            <rootkits>enabled</rootkits>

            <deeprootkit>disabled</deeprootkit>

            <heuristics>enabled</heuristics>

            <pup>enabled</pup>

            <pum>enabled</pum>

            </options>

            <items> </items>

            </mbam-log>

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 991
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Computer is acting fishy...
            « Reply #6 on: January 22, 2015, 10:30:25 AM »
            The MBAM log doesn't look correct. Were you able to run it?
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            kamikaze33

              Topic Starter


              Intermediate

              Re: Computer is acting fishy...
              « Reply #7 on: January 22, 2015, 12:00:41 PM »
              yep. My logs arent stored in the same location as the guide on this site says. Ive been posting the logs from the following location; this is what my interface looks like:

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 991
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Computer is acting fishy...
              « Reply #8 on: January 22, 2015, 07:21:27 PM »
              Please run MBAM again and post the log.

              Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

              Open HijackThis and select Do a system scan only

              Place a check mark next to the following entries: (if there)

              O15 - Trusted Zone: *.clonewarsadventures.com
              O15 - Trusted Zone: *.freerealms.com
              O15 - Trusted Zone: *.soe.com
              O15 - Trusted Zone: *.sony.com


              Important: Close all open windows except for HijackThis and then click Fix checked.

              Once completed, exit HijackThis.
              ****************************************
              Update Your Java (JRE)

              Old versions of Java have vulnerabilities that malware can use to infect your system.


              First Verify your Java Version

              If there are any other version(s) installed then update now.

              Get the new version (if needed)

              If your version is out of date install the newest version of the Sun Java Runtime Environment.

              Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

              Be sure to close ALL open web browsers before starting the installation.

              Remove any old versions

              1. Download JavaRa and unzip the file to your Desktop.
              2. Open JavaRA.exe and choose Remove Older Versions
              3. Once complete exit JavaRA.

              Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
              ****************************************
              Malwarebytes' Anti-Rootkit

              Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
              • Be sure to print out and follow the instructions provided on that same page for performing a scan.
              • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
              • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
              • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
              • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
              • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
              • Copy and paste the contents of these two log files in your next reply.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              kamikaze33

                Topic Starter


                Intermediate

                Re: Computer is acting fishy...
                « Reply #9 on: January 23, 2015, 04:54:51 PM »
                I did the steps suggested for Hijack This, however i am running into a circular set of problems with Java; My version WAS out of date, so i downloaded the uninstaller, followed your link to update java and now i am getting an error message saying there is a newer version already installed, however when i go to Java's page to verify my version, it says i dont have java installed
                EDIT: i restarted my browser and the update worked, MBAR found no problems either
                « Last Edit: January 23, 2015, 05:13:45 PM by kamikaze33 »

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Computer is acting fishy...
                « Reply #10 on: January 23, 2015, 05:52:33 PM »
                I'd like to scan your machine with ESET OnlineScan

                •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                ESET OnlineScan

                •Click the button.
                •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                • Click on to download the ESET Smart Installer. Save it to your desktop.
                • Double click on the icon on your desktop.
                •Check
                •Click the button.
                •Accept any security warnings from your browser.
                • Leave the check mark next to Remove found threats.
                •Check
                •Push the Start button.
                •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                •When the scan completes, push
                •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                •Push the button.
                •Push
                A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                kamikaze33

                  Topic Starter


                  Intermediate

                  Re: Computer is acting fishy...
                  « Reply #11 on: January 24, 2015, 05:05:49 PM »
                  C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir   a variant of Win64/Systweak.A potentially unwanted application   deleted - quarantined
                  C:\Program Files (x86)\BitLord 2\StubInstaller.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
                  N:\HDD\Programs\Bitlord Downloads\Windows XP Professional SP3 x86 - Black Edition 2014.1.22.zip   a variant of Win32/Toolbar.Babylon.E potentially unwanted application   deleted - quarantined
                  N:\HDD\Programs\Steam2\SteamApps\common\Dark Blood\DarkBlood.exe   a variant of Win32/Packed.Themida potentially unwanted application   deleted - quarantined
                  N:\HDD\Programs\Windows XP Professional SP3 x86 - Black Edition 2014.1.22\Windows XP Professional SP3 x86 - Black Edition 2014.1.22.iso   a variant of Win32/Toolbar.Babylon.E potentially unwanted application   deleted - quarantined

                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 991
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: Computer is acting fishy...
                  « Reply #12 on: January 24, 2015, 06:50:30 PM »
                  How's your computer working now? Any other issues or questions?
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                  kamikaze33

                    Topic Starter


                    Intermediate

                    Re: Computer is acting fishy...
                    « Reply #13 on: January 28, 2015, 03:25:58 PM »
                    Seems to be running the same, if nothing was turned up in all the other searches then maybe everything is fine! I havnt heard that 'click' sound in a while either! Thanks for all your help!

                    SuperDave

                    • Malware Removal Specialist


                    • Genius
                    • Thanked: 991
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 8
                    Re: Computer is acting fishy...
                    « Reply #14 on: January 28, 2015, 04:33:46 PM »
                    That's good news. Let's do some clean up.

                    Click Start> Computer> right click the C Drive and choose Properties> enter
                    Click Disk Cleanup from there.



                    Click OK on the Disk Cleanup Screen.
                    Click Yes on the Confirmation screen.



                    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                    ******************************************
                    This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
                    This is a very crucial step so make sure you don't skip it.
                    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

                    Double-click Delfix.exe to start the tool.
                    Make sure the following items are checked:
                    • Activate UAC (optional; some users prefer to keep it off)
                    • Remove disinfection tools
                    • Create Registry backup
                    • Purge System Restore Points
                    • Re-set system settings
                    Now click "Run" and wait patiently.
                    Once finished a logfile will be created. You don't have to attach it to your next reply.
                    ****************************************
                    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                    Safe Surfing!
                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender