Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Help diagnosing Hijackthis log, thanks!

In Progress 
2K views 1 reply 2 participants last post by  dbreeze 
#1 ·
Downloaded an infected file, computer started making "customized" ads, keeps trying to install new random virus/scanner programs, infinite pop ups, windows that wont close etc. Was hoping hijack this would take care of the issues, thanks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 8075 Mb
Graphics Card: Intel(R) HD Graphics Family, -1984 Mb
Hard Drives: C: Total - 693784 MB, Free - 2033 MB;
Motherboard: ASUSTeK COMPUTER INC., Q501LA
Antivirus: Windows Defender, Disabled

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*LOG*

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:31:07 AM, on 9/1/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 34.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
C:\Program Files (x86)\MPC Cleaner\AdCleaner.exe
C:\Program Files (x86)\MPC Cleaner\MPCDesktop.exe
C:\Program Files\WebDiscoverBrowser\2.167.2\browser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\MPC Cleaner\AdxEngine.exe
C:\Program Files (x86)\win_en_77\win_en_77.exe
C:\Program Files (x86)\mpck\wincom_7E4.exe
C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Program Files (x86)\supernovas\streamlined.exe
C:\Program Files\WebDiscoverBrowser\2.167.2\browser.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\Daniel\AppData\Roaming\ProxyGate\PGNet.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Program Files (x86)\msrtn32\msrtn32.exe
C:\Program Files (x86)\win_en_77\win_en_77.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe
C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe
C:\Users\Daniel\AppData\Local\Temp\msconfig.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\Temp\9E5E.tmp
C:\Program Files (x86)\msrtn32\cdhtr.exe
C:\Windows\Temp\24D4.tmp
C:\Users\Daniel\AppData\Roaming\MicrosoftExch\tascmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Users\Daniel\Downloads\HijackThis.exe
C:\Program Files (x86)\msrtn32\rthdcpd.exe
C:\Windows\SysWOW64\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www-searching.com/?pid=s&s=G...114b-416c-8eb1-a6048d378da0,&vp=ch&prd=set_ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DailyWiki] C:\Users\Daniel\AppData\Roaming\DailyWiki\DailyWiki.exe su
O4 - HKLM\..\Run: [TrailerWatch] C:\Users\Daniel\AppData\Roaming\TrailerWatch\TrailerWatch.exe su
O4 - HKLM\..\Run: [cpx] "C:\Program Files (x86)\cpx\cpx.exe" -starup
O4 - HKLM\..\Run: [msrtn32] "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60
O4 - HKLM\..\Run: [accrual] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKLM\..\Run: [win_en_77] "C:\Program Files (x86)\win_en_77\win_en_77.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify] "C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Playback] "C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe" /background
O4 - HKCU\..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
O4 - HKCU\..\Run: [ProxyGate] C:\Users\Daniel\AppData\Roaming\ProxyGate\MainService.exe
O4 - HKCU\..\Run: [amoeba] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKCU\..\Run: [amble] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKCU\..\Run: [streamlined] "C:\Program Files (x86)\supernovas\streamlined.exe"
O4 - HKCU\..\Run: [maeve] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKCU\..\Run: [WebDiscoverBrowser] C:\Program Files\WebDiscoverBrowser\2.167.2\browser.exe --docked
O4 - HKCU\..\Run: [Caster] C:\Program Files\SpaceSoundPro\wizzcaster.exe
O4 - HKCU\..\Run: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs"
O4 - HKCU\..\RunOnce: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs"
O4 - HKUS\S-1-5-18\..\Run: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'Default user')
O4 - Startup: FreeDownloadmanager.exe
O4 - Startup: geste.lnk = ?
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Startup: tascmgr.exe.lnk = Daniel\AppData\Roaming\MicrosoftExch\tascmgr.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9D49B2B-8E22-4498-BE2C-73191F86FF08}: NameServer = 188.120.239.115,8.8.8.8
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\ProgramData\Lamzap\Tantolab.dll
O23 - Service: 32cf22a991a70e1dc1cbc230df18925a - Unknown owner - C:\Program Files\32cf22a991a70e1dc1cbc230df18925a\b29c39c6ab7fe8fd4cfb2e6857f5d214.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Background Logic Handler (backlh) - Unknown owner - C:\ProgramData\Logic Handler\set.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CHNGTSvc - Unknown owner - c:\exervice.exe
O23 - Service: CloudPrinter - Unknown owner - C:\ProgramData\\CloudPrinter\\CloudPrinter.exe
O23 - Service: ConsumerInput Update Service (consumerinput_update) (consumerinput_update) - ConsumerInput - C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
O23 - Service: ConsumerInput Update Service (consumerinput_updatem) (consumerinput_updatem) - ConsumerInput - C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Windows Cpu Essentials (CpuEssentials) - Unknown owner - C:\Windows\CpuEssentials\16841\CpuEssentials.exe
O23 - Service: Windows CpuHeatMapping (CpuHeatMapping) - Unknown owner - C:\Windows\system32\CpuHeatMapping/16641\CpuHeatMapping.exe
O23 - Service: Windows cSysSecure Service (cSysSecure) - Unknown owner - C:\Windows\cSysSecure1.0.0.5\SysSecure.exe
O23 - Service: cWindows Informations Service (cWinInfos) - Unknown owner - C:\Windows\cWinInfos\168201\WinInfos.exe
O23 - Service: Dragon Assistant Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
O23 - Service: Dataup Service (Dataup) - Unknown owner - C:\Program Files (x86)\dataup\dataup.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Renew Single Click (dowidoly) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: CD ROM Confirm (gupepytezbt) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lamzap - Unknown owner - C:\ProgramData\\Lamzap\\Lamzap.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotC United Inc - C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pront Spooler (ProntSpooler) - Unknown owner - C:\Users\Daniel\AppData\Local\Apps\2.0\abril.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Reservation Plastic (rijufoze) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Search Module Update (SMUpd) - Search Module Ltd. - C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TTService - TorrentsTime - C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WebDiscover Browser Startup Service (wdsvc) - Startup Service - C:\Program Files\WebDiscoverBrowser\wdsvc2.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Windows Management Service (windowsmanagementservice) - Google Inc. - C:\Users\Daniel\AppData\Local\Temp\20160826\ct.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ciGtflaWnt (YuJTUcYJ) - Unknown owner - C:\Program Files (x86)\WebShield\WebShield.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
O23 - Service: Double Spaced Firewall (zigipyro) - Unknown owner - C:\Users\Daniel\AppData\Local\7E03EB01-1472507602-6F4D-173E-40167E01114C\qnsj1649.tmp

--
End of file - 23403 bytes
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:31:07 AM, on 9/1/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 34.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
C:\Program Files (x86)\MPC Cleaner\AdCleaner.exe
C:\Program Files (x86)\MPC Cleaner\MPCDesktop.exe
C:\Program Files\WebDiscoverBrowser\2.167.2\browser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\MPC Cleaner\AdxEngine.exe
C:\Program Files (x86)\win_en_77\win_en_77.exe
C:\Program Files (x86)\mpck\wincom_7E4.exe
C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Program Files (x86)\supernovas\streamlined.exe
C:\Program Files\WebDiscoverBrowser\2.167.2\browser.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\Daniel\AppData\Roaming\ProxyGate\PGNet.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Program Files (x86)\msrtn32\msrtn32.exe
C:\Program Files (x86)\win_en_77\win_en_77.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe
C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe
C:\Users\Daniel\AppData\Local\Temp\msconfig.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\Temp\9E5E.tmp
C:\Program Files (x86)\msrtn32\cdhtr.exe
C:\Windows\Temp\24D4.tmp
C:\Users\Daniel\AppData\Roaming\MicrosoftExch\tascmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Program Files (x86)\cpx\cpx.exe
C:\Users\Daniel\Downloads\HijackThis.exe
C:\Program Files (x86)\msrtn32\rthdcpd.exe
C:\Windows\SysWOW64\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www-searching.com/?pid=s&s=G...114b-416c-8eb1-a6048d378da0,&vp=ch&prd=set_ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.sonic-search.com/?p=mKO...b0TOLtAbkOmleezVqlLge3ll6Auui&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DailyWiki] C:\Users\Daniel\AppData\Roaming\DailyWiki\DailyWiki.exe su
O4 - HKLM\..\Run: [TrailerWatch] C:\Users\Daniel\AppData\Roaming\TrailerWatch\TrailerWatch.exe su
O4 - HKLM\..\Run: [cpx] "C:\Program Files (x86)\cpx\cpx.exe" -starup
O4 - HKLM\..\Run: [msrtn32] "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60
O4 - HKLM\..\Run: [accrual] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKLM\..\Run: [win_en_77] "C:\Program Files (x86)\win_en_77\win_en_77.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify] "C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Playback] "C:\Users\Daniel\AppData\Local\Playback\app-1.6.12\Playback.exe" /background
O4 - HKCU\..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
O4 - HKCU\..\Run: [ProxyGate] C:\Users\Daniel\AppData\Roaming\ProxyGate\MainService.exe
O4 - HKCU\..\Run: [amoeba] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKCU\..\Run: [amble] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKCU\..\Run: [streamlined] "C:\Program Files (x86)\supernovas\streamlined.exe"
O4 - HKCU\..\Run: [maeve] "C:\Program Files (x86)\photographers\laundries.exe"
O4 - HKCU\..\Run: [WebDiscoverBrowser] C:\Program Files\WebDiscoverBrowser\2.167.2\browser.exe --docked
O4 - HKCU\..\Run: [Caster] C:\Program Files\SpaceSoundPro\wizzcaster.exe
O4 - HKCU\..\Run: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs"
O4 - HKCU\..\RunOnce: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs"
O4 - HKUS\S-1-5-18\..\Run: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WinResSync] C:\Windows\system32\regsvr32.exe /s "C:\Users\Daniel\AppData\Roaming\Microsoft\Protect\ba4c7318c531dd6ccf7c.rs" (User 'Default user')
O4 - Startup: FreeDownloadmanager.exe
O4 - Startup: geste.lnk = ?
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Startup: tascmgr.exe.lnk = Daniel\AppData\Roaming\MicrosoftExch\tascmgr.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9D49B2B-8E22-4498-BE2C-73191F86FF08}: NameServer = 188.120.239.115,8.8.8.8
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\ProgramData\Lamzap\Tantolab.dll
O23 - Service: 32cf22a991a70e1dc1cbc230df18925a - Unknown owner - C:\Program Files\32cf22a991a70e1dc1cbc230df18925a\b29c39c6ab7fe8fd4cfb2e6857f5d214.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Background Logic Handler (backlh) - Unknown owner - C:\ProgramData\Logic Handler\set.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CHNGTSvc - Unknown owner - c:\exervice.exe
O23 - Service: CloudPrinter - Unknown owner - C:\ProgramData\\CloudPrinter\\CloudPrinter.exe
O23 - Service: ConsumerInput Update Service (consumerinput_update) (consumerinput_update) - ConsumerInput - C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
O23 - Service: ConsumerInput Update Service (consumerinput_updatem) (consumerinput_updatem) - ConsumerInput - C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Windows Cpu Essentials (CpuEssentials) - Unknown owner - C:\Windows\CpuEssentials\16841\CpuEssentials.exe
O23 - Service: Windows CpuHeatMapping (CpuHeatMapping) - Unknown owner - C:\Windows\system32\CpuHeatMapping/16641\CpuHeatMapping.exe
O23 - Service: Windows cSysSecure Service (cSysSecure) - Unknown owner - C:\Windows\cSysSecure1.0.0.5\SysSecure.exe
O23 - Service: cWindows Informations Service (cWinInfos) - Unknown owner - C:\Windows\cWinInfos\168201\WinInfos.exe
O23 - Service: Dragon Assistant Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
O23 - Service: Dataup Service (Dataup) - Unknown owner - C:\Program Files (x86)\dataup\dataup.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Renew Single Click (dowidoly) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing)
O23 - Service: @oem22.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: CD ROM Confirm (gupepytezbt) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lamzap - Unknown owner - C:\ProgramData\\Lamzap\\Lamzap.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotC United Inc - C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pront Spooler (ProntSpooler) - Unknown owner - C:\Users\Daniel\AppData\Local\Apps\2.0\abril.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Reservation Plastic (rijufoze) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Search Module Update (SMUpd) - Search Module Ltd. - C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TTService - TorrentsTime - C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WebDiscover Browser Startup Service (wdsvc) - Startup Service - C:\Program Files\WebDiscoverBrowser\wdsvc2.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Windows Management Service (windowsmanagementservice) - Google Inc. - C:\Users\Daniel\AppData\Local\Temp\20160826\ct.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ciGtflaWnt (YuJTUcYJ) - Unknown owner - C:\Program Files (x86)\WebShield\WebShield.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
O23 - Service: Double Spaced Firewall (zigipyro) - Unknown owner - C:\Users\Daniel\AppData\Local\7E03EB01-1472507602-6F4D-173E-40167E01114C\qnsj1649.tmp

--
End of file - 23403 bytes
 
See less See more
#2 ·
Hi danoo94

Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

    - Save ALL Tools to your Desktop-
    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
    Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.
    Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    Internet Explorer - Click the Tools menu in the upper right-corner of the browser.
    Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Let's get started....

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top