# Process would appear in task manager...but program won't start



## Xiaozhu

This seems to happen randomly, especially if the program somehow froze and crashed. For example, I was just using msn, then it suddenly froze for no reason and I had no choice but to end task. Afterwards I tried to restart msn, nothing would happen (not even the loading light flashes), but the process msnmsgr.exe appears in task manager like normal. I ended the process, then retried, still doesn't work. This also happens with most other programs (ie, after this happens, I cannot launch *most* programs at all other than the basic windows-related ones like my documents). Does anyone know what's wrong? I did a virus scan with Symantec Antivirus and nothing came up...


----------



## johnb35

Symantec sucks and an anitivirus program alone won't catch everything, please do the following.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## Xiaozhu

Thanks I'll try that. I will post the log once it's done.
There is another problem now, I can't upload anything to the net, like files or pictures, using any of the three browsers, Chrome, Firefox, and IE.
It seems to be something seriously wrong with Chrome as well... whenever I start chrome it would say something like "some add-ons/extensions of Chrome has stopped working, some features of the browser may not work, etc". I uninstalled Chrome and then reinstalled to latest version, and now it's simply stuck at the part where it imports IE's settings/history, even after clicking "stop import".


----------



## Xiaozhu

Oh wow...
When I tried to remove all infections in malwarebytes, the program just froze and stopped responding... should I wait for a while and hope it responds?
A lot of programs recently simply freezes and stops responding for no reason, like msn, browsers, iTunes, etc...
Edit: ugh not even something like system restore would open... it's like all applications are blocked from opening X_X must be a virus...


----------



## johnb35

Try running combofix in safemode.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## Xiaozhu

johnb35 said:


> Try running combofix in safemode.
> 
> *Download and Run ComboFix*
> *If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*
> 
> *Download this file* here :
> 
> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
> 
> 
> Then double click *combofix.exe* & follow the prompts.
> When finished, it shall produce *a log* for you. *Post that log* in your next reply
> *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
> 
> Combofix should never take more that 20 minutes including the reboot if malware is detected.
> 
> 
> In your next reply please post:
> 
> The ComboFix log
> A fresh HiJackThis log
> An update on how your computer is running


Ugh I'm speechless...
The moment I click "browse" in HijackThis, the program would freeze... I saved it in the default C:\ location and it gives this error when I do a system scan: (can't upload anything... so can't post screenshot)



> "Please help us improve HijackThis by reporting this error
> Click "yes" to submit
> Error details:
> An unexpected error has occurred at procedure: modMain_StartScan()
> Error#5 - Invalid procedure call or argument
> Windows version: Windows NT 5.01.2600
> MSIE version: 8.0.6001.18702
> HijackThis version: 2.0.2"



Then HijackThis would freeze and becomes unresponsive.
I'm using XP, NT is an earlier version or something?
Maybe time for a system restore... @@

Is it possible for another computer sharing the same wifi to infect another one with viruses? There are guests living at my house and they share the same wifi. We don't share files or anything though with that computer-to-computer local network thing. They were just given the wifi password and use it.

Edit: I also did a system restore yesterday to restore to around 8 days ago, which was when I believed the laptop was working fine. However this did not do anything at all.


----------



## johnb35

Try booting to safe mode with networking and run malwarebytes or combofix and see if it works.


----------



## codyd47

This is a old thread but I too am having the same problems.. Please get back to me, I have followed the tips and responses you have gave to Xiaozhu and I have my log from Combofix.


ComboFix 12-07-27.03 - Cody 07/29/2012   1:57.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4079.3273 [GMT -4:00]
Running from: c:\users\Cody\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Cody\AppData\Roaming\System\UFA\usft_ext.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-28 to 2012-07-29  )))))))))))))))))))))))))))))))
.
.
2012-07-29 05:45 . 2012-07-29 05:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 05:45 . 2012-07-03 17:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-29 05:41 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{255FBE83-6741-42E1-AAFE-7EFC900F5E75}\mpengine.dll
2012-07-28 08:20 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 08:10 . 2012-07-28 08:10	--------	d-----w-	c:\users\Cody\AppData\Roaming\Apple Computer
2012-07-27 20:37 . 2012-07-27 20:37	--------	d-----w-	c:\users\Cody\AppData\Local\ElevatedDiagnostics
2012-07-27 19:36 . 2012-07-27 19:36	--------	d-----w-	c:\users\Cody\AppData\Local\Diagnostics
2012-07-27 09:01 . 2012-07-27 09:01	--------	d-----w-	c:\users\Cody\AppData\Local\Macromedia
2012-07-27 08:34 . 2012-07-27 08:34	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 08:34 . 2012-07-27 08:34	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 04:46 . 2012-07-27 04:46	--------	d-----w-	c:\users\Cody\AppData\Local\Downloaded Installations
2012-07-25 17:48 . 2012-07-25 17:48	189424	----a-w-	c:\windows\system32\javaw.exe
2012-07-25 17:48 . 2012-07-25 17:48	188912	----a-w-	c:\windows\system32\java.exe
2012-07-25 17:48 . 2012-07-25 17:48	--------	d-----w-	c:\program files\Java
2012-07-25 10:02 . 2012-07-25 10:03	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-07-25 09:20 . 2012-07-27 08:38	--------	d-----w-	c:\users\Cody\AppData\Local\Adobe
2012-07-25 08:57 . 2012-07-25 08:57	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-07-25 08:56 . 2012-07-25 08:56	--------	d-----w-	c:\program files (x86)\Oracle
2012-07-25 08:55 . 2012-07-25 08:55	--------	d-----w-	c:\program files (x86)\Java
2012-07-25 01:52 . 2012-07-25 01:53	--------	d-----w-	c:\users\Cody\AppData\Roaming\ooVoo Details
2012-07-23 23:41 . 2012-07-23 23:41	--------	d-----w-	c:\programdata\Age of Empires 3
2012-07-20 22:52 . 2012-07-20 22:57	--------	d-----w-	c:\program files (x86)\BandiMPEG1
2012-07-18 00:31 . 2012-07-18 00:31	--------	d-----w-	c:\program files (x86)\Bohemia Interactive
2012-07-17 05:48 . 2012-07-17 05:48	--------	d-----w-	c:\users\Cody\AppData\Local\SIX_Projects
2012-07-17 04:19 . 2012-07-17 06:42	--------	d-----w-	c:\users\Cody\AppData\Roaming\six-updater
2012-07-17 04:19 . 2012-07-17 04:19	--------	d-----w-	c:\users\Cody\AppData\Roaming\six-zsync
2012-07-17 04:18 . 2012-07-17 04:18	--------	d-----w-	c:\program files (x86)\SIX Projects
2012-07-16 19:37 . 2012-07-29 05:36	--------	d-----w-	c:\users\Cody\AppData\Local\ArmA 2 OA
2012-07-15 03:53 . 2012-07-15 04:21	--------	d-----w-	c:\users\Cody\AppData\Local\Skyrim
2012-07-14 03:16 . 2012-07-14 03:16	--------	d-----w-	c:\program files (x86)\Microsoft XNA
2012-07-11 04:26 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 04:03 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-05 03:40 . 2012-07-05 03:40	--------	d-----w-	c:\users\Cody\AppData\Local\VirtualStore
2012-07-04 22:05 . 2012-07-25 04:52	--------	d-----w-	c:\program files (x86)\Steam
2012-07-04 07:33 . 2012-07-04 07:33	--------	d-----w-	c:\users\Cody\AppData\Local\Western_Digital
2012-07-04 04:47 . 2012-04-09 16:16	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D400E41E-4261-4C67-8950-DEA6824727EF}\gapaengine.dll
2012-06-29 18:53 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-06-29 18:53 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-06-29 18:50 . 2012-06-29 18:50	--------	d-----w-	c:\programdata\Western Digital
2012-06-29 18:50 . 2012-06-29 18:50	--------	d-----w-	c:\program files\Western Digital
2012-06-29 18:49 . 2012-06-29 18:49	--------	d-----w-	c:\program files (x86)\Western Digital
2012-06-29 18:49 . 2012-06-29 18:49	--------	d-----w-	c:\program files (x86)\Common Files\Western Digital
2012-06-29 18:49 . 2012-06-29 18:50	--------	d-----w-	c:\users\Cody\AppData\Local\Western Digital
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-25 17:48 . 2012-06-18 14:19	268784	----a-w-	c:\windows\system32\javaws.exe
2012-07-25 17:48 . 2012-06-18 14:19	955888	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-25 17:48 . 2012-06-18 14:19	839152	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-11 04:23 . 2012-04-09 15:51	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2012-04-15 19:56	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-29 18:47 . 2012-04-09 15:32	32320	----a-w-	c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-06-10 17:04 . 2012-06-10 04:02	283416	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-06-10 04:48 . 2012-06-10 03:55	283416	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-06-02 22:19 . 2012-06-21 12:01	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:01	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 12:01	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:01	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:01	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 12:01	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 12:01	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:01	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 12:01	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-09 16:21 . 2012-05-02 11:06	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-08 21:25 . 2012-05-08 21:25	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-05-08 21:25 . 2012-05-08 21:25	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-05-08 21:25 . 2012-05-08 21:25	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-05-08 21:25 . 2012-05-08 21:25	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-05-08 21:25 . 2012-05-08 21:25	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-05-08 21:25 . 2012-03-09 04:35	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-05-08 21:25 . 2012-03-09 05:14	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-05-08 21:25 . 2012-03-09 04:11	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-05-08 21:25 . 2012-05-08 21:25	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-05-08 21:25 . 2012-05-08 21:25	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-05-08 21:25 . 2012-05-08 21:25	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-05-08 21:25 . 2012-05-08 21:25	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-05-08 21:25 . 2012-05-08 21:25	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-05-08 21:25 . 2011-04-20 05:27	64000	----a-w-	c:\windows\system32\coinst.dll
2012-05-08 21:25 . 2012-05-08 21:25	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-05-08 21:25 . 2012-03-09 03:58	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-05-08 21:25 . 2012-05-08 21:25	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-05-08 21:25 . 2012-05-08 21:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-05-08 21:25 . 2012-05-08 21:25	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-05-08 21:25 . 2012-05-08 21:24	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-05-08 21:24 . 2012-03-09 03:56	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-05-08 21:24 . 2012-05-08 21:24	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-05-08 21:24 . 2012-05-08 21:24	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-05-08 21:24 . 2012-05-08 21:24	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-05-08 21:24 . 2012-05-08 21:24	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-05-08 21:24 . 2012-05-08 21:24	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-05-08 21:24 . 2012-05-08 21:24	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-05-08 21:24 . 2012-05-08 21:24	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-05-08 21:24 . 2012-05-08 21:24	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-05-08 21:24 . 2012-05-08 21:24	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-05-08 21:24 . 2012-05-08 21:24	95760	----a-w-	c:\windows\system32\drivers\AtihdW76.sys
2012-05-08 21:24 . 2012-05-08 21:24	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-05-08 21:24 . 2012-03-09 05:11	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-05-08 21:24 . 2012-05-08 21:24	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-05-08 21:24 . 2012-05-08 21:24	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-05-08 21:24 . 2012-05-08 21:24	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-05-08 21:24 . 2012-05-08 21:24	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-05-08 21:24 . 2012-03-09 03:56	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-05-08 21:24 . 2011-04-20 05:21	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-05-08 21:24 . 2012-05-08 21:24	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-05-08 21:24 . 2012-05-08 21:24	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-05-08 21:24 . 2012-03-09 04:45	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-05-08 21:24 . 2012-05-08 21:24	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-05-08 21:24 . 2012-05-08 21:24	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-05-08 21:24 . 2012-05-08 21:24	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-05-08 21:24 . 2012-05-08 21:24	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-05-04 11:06 . 2012-06-12 18:44	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 18:44	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 18:44	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 18:44	209920	----a-w-	c:\windows\system32\profsvc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Cody\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Cody\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Cody\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-04-09 5019360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1712128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-08 236544]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
R2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 246688]
R2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
R2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-05-08 11174400]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-05-08 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-08 95760]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-12-16 14464]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2009-10-21 767488]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2010-11-20 34400]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-04-09 15936]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-30 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-30 370152]
S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys [2011-01-27 23048]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-06-29 32320]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-25 76912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 08:34]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2804903819-2998110877-3757278766-1000Core.job
- c:\users\Cody\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 16:27]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2804903819-2998110877-3757278766-1000UA.job
- c:\users\Cody\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 16:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Cody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Cody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Cody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Cody\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\b7ib2ig0.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Bandicam - d:\bandicam\uninstall.exe
AddRemove-BattlEye for OA - d:\steam\steamapps\common\arma 2 operation arrowhead\Expansion\BattlEye\UnInstallBE.exe
AddRemove-Steam App 105450 - d:\steam\steam.exe
AddRemove-Steam App 12100 - d:\steam\steam.exe
AddRemove-Steam App 12110 - d:\steam\steam.exe
AddRemove-Steam App 12120 - d:\steam\steam.exe
AddRemove-Steam App 212180 - d:\steam\steam.exe
AddRemove-Steam App 33900 - d:\steam\steam.exe
AddRemove-Steam App 33930 - d:\steam\steam.exe
AddRemove-Steam App 440 - d:\steam\steam.exe
AddRemove-Steam App 55230 - d:\steam\steam.exe
AddRemove-Steam App 620 - d:\steam\steam.exe
AddRemove-Steam App 72850 - d:\steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2804903819-2998110877-3757278766-1000\Software\SecuROM\License information*]
"datasecu"=hex:65,0a,d9,0f,48,6c,4e,36,ad,c2,c7,14,b7,52,c9,5c,f5,39,5a,56,6c,
   9e,4d,f5,87,73,2a,1c,66,d6,33,91,a7,10,11,f3,e3,4f,df,4d,fb,17,f0,c3,49,3b,\
"rkeysecu"=hex:58,68,fc,24,73,e1,73,59,43,61,67,65,a9,d2,67,ab
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-29  02:07:11 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-29 06:07
.
Pre-Run: 431,752,237,056 bytes free
Post-Run: 431,821,500,416 bytes free
.
- - End Of File - - A33422A9319FBB62E625EB60A7E1CA62


----------



## johnb35

PLease do the following.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

*Vista and Windows 7 users must right click on the hijackthis icon and click on run as.  If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.* 



Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## codyd47

Ive ran malwarebytes many times and already have it, but ive updated and ran full scans atleast 3 times. But theres never anything found. I also ran it in safe mode with networking yesterday and nothing, but im installing hijackthis now, will get back to you on it, Thanks.


----------



## codyd47

OK, i acquired the log files.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cody :: CODY-PC [administrator]

7/29/2012 2:46:02 PM
mbam-log-2012-07-29 (14-46-02).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 395725
Time elapsed: 1 hour(s), 3 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:51:56 PM, on 7/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
O4 - Global Startup: NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WDFME (WDFMEService) - Western Digital  - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRules (WDRulesService) - Western Digital  - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9680 bytes


----------



## johnb35

I don't see any issues.  Can you explain your issue exactly?  Does the system bootup normally as fast as it usually does or does it boot up slower?


----------



## codyd47

Well, in recent logs, I have scanned and saw trojans and other virus's. I scaned in malwayrebytes and deleted them from my computer, or so it said. But i did a scan a couple days later and found the same trojan that was a C:\Users\Cody\AppData\Local\Temp\.exe (Trojan.Agent) but it was the same virus file. I then ran ccleaner, and deleted useless temp. files. Thinking I was good, I restarted my comp. Next day I went on, and all loads fine, the only problem is that some of the programs/applications I open, won't completely appear on my desktop. I notice them running in tskmngr under procces's. Some example of the programs that don't start up completely are steam (gaming program), oovoo, and game applications. Ive defragged both my hard drives, installed the most recent updates, and patches. Not sure why its doing this to only certain porgrams and not many. But this only happens once in a while. But once it happens, it happens permanetly to thosse programs, until I restart my computer or log off. Was told by a trusted microsoft certified tech. (who i trust) that it may of just been a bug.. and he is the one who built my computer. And ive had it for about 4 months now. It runs flawless but now with this little issue. The startup on the computer is about the same. Maybe I just have to reinstall the programs, i dont know.


----------



## johnb35

Well without seeing any list of trojans you had, I would like for you to do the following 2 scans and post the logs that they create.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.






If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it.  Please open the log and copy and paste it back here.

2.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## codyd47

Hey, no threats detected in both tdsskiller and eset online scanner. And i followed the steps you instructed me. But I dont know. Can i say though, the only applications that stop responding and that don't load back up correctly are the ones mainly on my external hard drive, which is still happening. Which i have them on there so my games that I install with that program, don't eat up all my space on my main c: drive. Thanks for the help though.


----------



## codyd47

Also, i noticed under my C: drive, in the program files (x86), there is a folder that was created by combofix i think, that inside lies a quarintine folder, that has a file in there called usft_ext.dll.vir, should i delete this or the file named, "Qoobox"?


----------



## johnb35

codyd47 said:


> Hey, no threats detected in both tdsskiller and eset online scanner. And i followed the steps you instructed me. But I dont know. Can i say though, the only applications that stop responding and that don't load back up correctly are the ones mainly on my external hard drive, which is still happening. Which i have them on there so my games that I install with that program, don't eat up all my space on my main c: drive. Thanks for the help though.



Did you just copy and paste these programs from one drive to another?  If so then that could be why they aren't working correctly.  You would have to reinstall those programs directly to that drive.  



codyd47 said:


> Also, i noticed under my C: drive, in the program files (x86), there is a folder that was created by combofix i think, that inside lies a quarintine folder, that has a file in there called usft_ext.dll.vir, should i delete this or the file named, "Qoobox"?



Click on start, in the search bar, type combofix /uninstall hit enter.  Make sure there is a space between the X and the /.  This will remove any leftover files and folders from combofix.


----------



## S.T.A.R.S.

codyd47 said:


> Hey, no threats detected in both tdsskiller and eset online scanner. And i followed the steps you instructed me. But I dont know. Can i say though, the only applications that stop responding and that don't load back up correctly are the ones mainly on my external hard drive, which is still happening. Which i have them on there so my games that I install with that program, don't eat up all my space on my main c: drive. Thanks for the help though.



Were those programs ORIGINALLY installed on that external hard disk drive and now all of a sudden they do not work?
If yes,the reasons could be the following:

-the drive letter of the hard disk drive partition has changed.If you are not sure which drive letter it originally was before,check the shortcut's properties to see the original path location.Such as:"Z:\PowerISO\PowerISO.exe"
-the registry value which points to those programs/games (path location) has changed or been deleted by some programs like Ccleaner,Eusing free registry cleaner or some antivirus programs
-some files of those programs/games were damaged or deleted
-some sectors (readable information) needs to be recovered on that drive (if possible).If that's the case,use the following CMD commands to fix that (if possible):

chkdsk.exe Z: /F /R /X /V

"Z:" is the drive letter of your external hard disk drive so be sure you write the correct one.




Cheers!


----------

