# help! Applications uninstalling themselves!



## Baco (Jun 7, 2010)

, I have an issue with my win7 that I have never seen before, I am having applications completely dissapear from my harddrive,
 the folder is still left behind in the start window but is empty, even if I click on the apps desktop icon & open properties, the file path is greyed out confirming its gone!
 Im useing a 64bit so its not a rootkit, I find nothing in AV scans, & so far I have not seen the issue if I run a vurtual box, wtf is going on? 
 Its not just third party app disapearing either , windows media center vanished nad so does windows movie maker, # I am stumped, I found practicaly nothing about this on the web,
So what the hell is going on?

 thanks in advance


----------



## claylomax (Jun 7, 2010)

Welcome to TPU. Wait for the experts but I think you have a bad spirit in your PC.


----------



## epicfail (Jun 7, 2010)

off topic: someone in your family is pulling your leg and laughing right now at you posting asking about it.

ontopic: Welcome to TPU,


----------



## _JP_ (Jun 7, 2010)

Baco said:


> , I have an issue with my win7 that I have never seen before, I am having applications completely dissapear from my harddrive,
> the folder is still left behind in the start window but is empty, even if I click on the apps desktop icon & open properties, the file path is greyed out confirming its gone!
> *Im useing a 64bit so its not a rootkit*, I find nothing in AV scans, & so far I have not seen the issue if I run a vurtual box, wtf is going on?
> Its not just third party app disapearing either , windows media center vanished nad so does windows movie maker, # I am stumped, I found practicaly nothing about this on the web,
> ...



Welcome to TPU! 

Uhm, yeah, about that, well just because you're running a 64-bit OS it doesn't mean that you are immune from rootkits. There are also 64-bit rootkits, just not as many as 32-bit. But the fact that it is rare to find one, isn't something you should go ignoring, because it can bite you when you're not looking.
Also, a 64-bit OS can run 32-bit applications, programs and files.
If it isn't a rootkit, you could start looking for trojans, worms, the usual stuff.

BTW, what AV are you using?

EDIT: Baco, you should really edit your Thread Title. It goes against the rules, you should have read them. Please, don't anger the Mods. Thanks.


----------



## Baco (Jun 7, 2010)

well first of all , its not someone in my family because I live alone, I use eset smart security , mlware bytes, with winpatrol, I have not found any malware trojans etc in the scans I have done, as for rootkits , can you suggest what I could use to scan a 64bit OS? 
 ps whats wrong with my thread title? 
 thanks all . baco


----------



## AsRock (Jun 7, 2010)

You could try chkdisk and see if there is errors on the HDD.  And with it being a boot drive make sure it reboots before checking.


----------



## _JP_ (Jun 7, 2010)

Never mind the title then. 

Try installing and running a program called HijackThis. Just run it in administrator mode, do a scan and save a logfile, and after paste that logfile into this site's textbox. Press analyze and check if there's anything wrong. If you have any doubts, please, post them here.

The ESET Smart Security is an A-OK AV, in my opinion, as I also use it. There's just one problem with it, without real-time protection over all things, rootkits get in very easily (as well as with any other AV with real-time disabled) and are (almost) never spotted after they're in.
Winpatrol is a very good tool, but only if you know what you are looking for.
And if Malware bytes didn't find a rootkit, either it's very well buried (and in that case, any other anti-rootkit won't find it) or it isn't there at all.

You said you didn't find practically anything about you're problem. I did some research, as this is a rather odd thing, and found out that this, in case of not being a rootkit, it's most likely a corrupt registry.

Backup your files, boot into safe mode, and run for a last time all of your security systems, as an administrator and enable low-lever searches if that's available. Low-lever searches are needed because the rootkit (if there is one) can be running with a kernel driver and in safe mode it will be disabled (hopefully ).

If it was a rootkit and you solved it, your problems should be gone, if not, there are more drastic measures:

_*1 - Repair Install*_

Then login to your computer, take your Win7 DVD, and with it try to do a repair it with the repair install option. This may correct any problems with the Windows registry. Beware some applications and drivers may need to be reinstalled after this. Heres a neat Guide on how to do it.

*2 - Format and Reinstall Windows*

This one is pretty much known by everyone that uses a computer and already has had a serious problem with it. It's the harshest approach, but most of the times, the most effective.

Due to the lack of info on that particular problem, there aren't any more options I can give you (for the time being...), as it is a very awkward problem.

P.S.: If anyone else wants to give any more inputs to help, I think they would be very welcome.


----------



## Baco (Jun 8, 2010)

thanks for your reply , but I thought I would mention I have allready reinstalled my OS more than once and the issue was still there, but I will take on board  what you have sugested and will post the results, 
 regards ,  Baco


----------



## DonInKansas (Jun 8, 2010)

If you're having this problem after a reinstall, I'd be willing to bet on a bad HDD.


----------



## Baco (Jun 8, 2010)

odd, as I have done a memory test and a chkdsk test and both reported no errors,  I am going to buy a new HDD as that will tell me for sure one way or the other,
 I have also since run the sophos rootkit scan and that was also clean,
 what is odd though (to me at least) is that I have not (yet) seen the issue when I ran my OS in a VMware virtual box..
  its really perplexing, I have encountered and cured most things you would encounter but this is definatly a new one for me!


----------



## n-ster (Jun 8, 2010)

maybe a bad OS install? Like your DVD is corrupted? Are you doing complete reinstalls?


----------



## Baco (Jun 8, 2010)

yep complete, and not only  that but I have used two different DVDs so I doubt they would both be corrupted with the same issue?  one is a vista home prem to win 7 prem upgrade disk the other is a full win7 ultimate disc, I will keep checking the ideas/suggestions that get posted to me here and will install to a different HDD and will keep the thread updated as to my progress, as it may be usefull to another user in the future?  Thanks for all the inputs so far peeps..
 Baco.


----------



## n-ster (Jun 8, 2010)

maybe someone is accessing your computer remotely? Are you connect to a network? is your connection secure?


----------



## Baco (Jun 8, 2010)

yep its secure Im on my wired home network through my router firewall and my pc firewall,plus I have tested the problem unplugged...


----------



## Solaris17 (Jun 8, 2010)

run HD tune. prntscrn S.M.A.R.T data screen for your boot drive and run a (long) check for bad sectors on your boot(OS) drive. also check sata cables iv seen/had some weird shit happen with loose sata cables.


----------



## Baco (Jun 9, 2010)

well heres an update of sorts, I ran HDTune deep scan and that came back all green , no bad sectors, there were no loose sata cables, as for the prntscm S>M>A>R>T data screen thats something new to me though the cmd does seem to suggest a print out? could you give me more details and I will give it a try, 
 thanks, ,Baco


----------



## Solaris17 (Jun 9, 2010)

Baco said:


> well heres an update of sorts, I ran HDTune deep scan and that came back all green , no bad sectors, there were no loose sata cables, as for the prntscm S>M>A>R>T data screen thats something new to me though the cmd does seem to suggest a print out? could you give me more details and I will give it a try,
> thanks, ,Baco



just open the SMART screen and take a screen shot. then hit paste in paint save it and upload here so we can read the SMART read out of the drive.


----------



## FordGT90Concept (Jun 10, 2010)

Open up "Computer" and in the address bar, clear everything in there, put the following line in, and hit enter:

%windir%\ehome\ehshell.exe

If Windows Media Center opens, the application is still there but your links are gone/bad.


----------



## Baco (Jun 10, 2010)

hi thanks for your reply , its not just media center its allmost EVERY appin my start menu that dissapears the only thing left is an empty folder and the desktop icon,
 if I click on the D.T icon and click properties /find target the target line is greyed out cos its gone, now recently even Malwarebytes refuses to reinstall after it too disapears,as a sytem file is gone & wont reistall, so I dont have to explain everthing , if you havent allready? please read all the other posts & replies, thanks again for your post,
 Baco

Ok I will save and upload a screen shot , but I dont see how that will help you get any more info? aas all you will see is a Block of green with no red at all , As like I said before there was no damaged sektors , And also paint is another app that has dissapeared..
 but I will see what I can do to post all the stats that the test gives me,
 regards Baco


----------



## FordGT90Concept (Jun 10, 2010)

Did you try it?

If you did and it says file not found, you got a virus.  You're best fix for that is erasing the computer and reinstalling Windows from the disk.


----------



## Solaris17 (Jun 10, 2010)

Baco said:


> hi thanks for your reply , its not just media center its allmost EVERY appin my start menu that dissapears the only thing left is an empty folder and the desktop icon,
> if I click on the D.T icon and click properties /find target the target line is greyed out cos its gone, now recently even Malwarebytes refuses to reinstall after it too disapears,as a sytem file is gone & wont reistall, so I dont have to explain everthing , if you havent allready? please read all the other posts & replies, thanks again for your post,
> Baco
> 
> ...




the green boxes arent what i want i want the "HEALTH" tab.


----------



## Baco (Jun 11, 2010)

*re my last reply*

ok, Sorry about that I missunderstood what you wanted, 
  will do, 
 Baco.


----------



## duperudee (Sep 14, 2018)

_JP_ said:


> Never mind the title then.
> 
> Try installing and running a program called HijackThis. Just run it in administrator mode, do a scan and save a logfile, and after paste that logfile into this site's textbox. Press analyze and check if there's anything wrong. If you have any doubts, please, post them here.
> 
> ...



Please help. I am having the same issue. Thank you.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:08:51 PM, on 9/14/2018
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Users\ugyen sir\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Users\ugyen sir\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [DTRun] C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enumn /alertsn /notificationsn /fln /frn /appDatan /tmcpn
O4 - HKLM\..\Run: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [McAfeeSafeConnect] C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
O4 - HKCU\..\Run: [WildMeadow] "C:\Windows\rss\csrss.exe"
O4 - HKCU\..\Run: [CloudNet] "C:\Users\ugyen sir\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" 31339
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5A50334-1C8A-4C73-9E66-432909EAD553}: NameServer = 202.144.128.214,202.144.128.205
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Program Files\IDT\WDM\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - C:\Windows\SysWOW64\flcdlock.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: HP LaserJet Service - Unknown owner - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (file missing)
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QMEmulatorService - Tencent - C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtlISMServ - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soda PDF 5 Helper Service - LULU Software - C:\Program Files (x86)\Soda PDF 5\HelperService.exe
O23 - Service: Soda PDF 5 Service - LULU Software - C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - Unknown owner - C:\Program Files\IDT\WDM\STacSV64.exe (file missing)
O23 - Service: TCPSvc - Unknown owner - C:\Users\ugyen sir\AppData\Local\Temp\csrss\proxy\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows Defender Helper Service (Windows 1703 Creators Update) (WinDefender) - Unknown owner - C:\Windows\windefender.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15023 bytes


----------



## RCoon (Sep 14, 2018)

Please make a new thread and link to this one as prior evidence. Necroing a 10 year old thread with an OP that likely doesn't visit the site anymore isn't going to help anyway, and I know for sure people are not gonna read the thread date and start replying to eight year old posts.


----------

