Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Problem Removing Trojan win32.startpage.fw

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
koolriz86
Newbie


Joined: 20 Jan 2016
Last Visit: 01 Jan 2017
Posts: 2

PostPosted: Wed Jan 20, 2016 9:56 pm    Post subject: Problem Removing Trojan win32.startpage.fw Reply with quote

Have had problems with my computer (laptop-win7) slowing down and occasional hiccups. Upon searching with many anti-spy/malware softwares, found the above mentioned trojan and some other spy/malware in my system. The win32.startpage.fw was only shown with the eTrust PestPatrol software (needs an activated premium version to get rid of the trojan, but couldn't find one).
Tried many softwares and methods from the internet but couldn't get rid of it.
I suspect some hacker is monitoring my activity using this trojan.
Please provide me with some assistance using your expertise.
The DDS.txt and Attach.txt log files are as folllows.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by TOSHBA at 11:14:16 on 2016-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1224 [GMT 5.5:30]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\Dialog Mobile Broadband\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\McAfee\Real Protect\RealProtect.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\bdwtxapps.exe
C:\Program Files (x86)\SinhalaTamil IME\SinhalaTamil IME.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PestPatrol5.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
uRun: [Google Update] "C:\Users\TOSHBA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [CaISSDT] "C:\Program Files (x86)\CA\eTrust Internet Security Suite\caissdt.exe"
mRun: [eTrustPPAP] "C:\Program Files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
StartupFolder: C:\Users\TOSHBA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SinhalaTamil IME.lnk - C:\Program Files (x86)\SinhalaTamil IME\SinhalaTamil IME.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BDBKPF~1\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BDBKPF~1\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - C:\Users\TOSHBA\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\TOSHBA\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{29564EE2-0D48-41EA-8A23-6CF03BFA3673} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{AB82DBB8-AA87-4B2A-86BC-F23FFE2E3FD2} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
x64-mStart Page = about:blank
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-RunOnce: [RealProtect] "C:\Program Files\McAfee\Real Protect\RealProtect.exe" --run
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2015-4-29 1369288]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2015-4-29 160032]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2015-4-29 107080]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2016-1-17 63000]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-4-30 26528]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-3-28 89840]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2016-1-17 441144]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-1-16 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-1-16 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-1-16 171928]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2015-4-29 67320]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2015-5-31 90112]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-4-27 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2016-1-6 454416]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2016-1-6 129224]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2015-4-30 272600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-1 134512]
S2 Dialog Mobile Broadband. RunOuc;Dialog Mobile Broadband. OUC;C:\Program Files (x86)\Dialog Mobile Broadband\UpdateDog\ouc.exe [2015-5-31 655712]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-5-23 2152736]
S2 OpenDHCPServer;Open DHCP Server;C:\Windows\TEMP\OpenDHCPServer.exe --> C:\Windows\TEMP\OpenDHCPServer.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2015-4-29 271272]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2015-4-29 747120]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2015-4-29 82824]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-1 134512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2015-4-30 103448]
S3 esgiguard;esgiguard;C:\Users\TOSHBA\Downloads\SpyHunter.4.21.10.4585.Portable\esgiguard.sys [2016-1-21 15920]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2016-1-21 22704]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2015-5-31 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2015-5-31 13952]
S3 HideMyIpSRV;HideMyIpSRV;C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe --> C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [?]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2015-5-31 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2015-5-31 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2015-5-31 238080]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 ZapyaService;ZapyaService;"C:\Program Files (x86)\Zapya-en\ZapyaService.exe" --> C:\Program Files (x86)\Zapya-en\ZapyaService.exe [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2016-01-20 22:00:06 -------- d-----w- C:\Program Files\McAfee
2016-01-20 21:59:27 -------- d-----w- C:\Program Files (x86)\stinger
2016-01-20 20:08:58 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2016-01-20 19:45:25 -------- d-----w- C:\Users\TOSHBA\AppData\Roaming\KSafe
2016-01-20 19:45:25 -------- d-----w- C:\ProgramData\KSafe
2016-01-20 19:45:17 -------- d-----w- C:\Program Files (x86)\DllTool
2016-01-20 19:40:18 -------- d-----w- C:\Users\TOSHBA\AppData\Roaming\Curiolab
2016-01-20 19:39:16 -------- d-----w- C:\Program Files (x86)\Exterminate It!
2016-01-20 17:52:13 -------- d-----w- C:\ProgramData\Licenses
2016-01-20 17:51:45 -------- d-----w- C:\ProgramData\Simply Super Software
2016-01-20 17:14:43 -------- d-----w- C:\ProgramData\CA
2016-01-20 17:14:40 -------- d-----w- C:\Program Files (x86)\Common Files\Scanner
2016-01-20 17:14:30 -------- d-----w- C:\Program Files (x86)\CA
2016-01-20 16:56:42 -------- d-----w- C:\Users\TOSHBA\AppData\Local\Opera Software
2016-01-20 16:56:41 -------- d-----w- C:\Users\TOSHBA\AppData\Roaming\Opera Software
2016-01-20 16:03:13 -------- d-----w- C:\Program Files (x86)\MSSOAP
2016-01-20 16:03:13 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2016-01-17 12:39:15 -------- d-----w- C:\Users\TOSHBA\AppData\Roaming\Zbshareware Lab
2016-01-17 11:08:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-01-17 09:58:07 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-17 09:49:12 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-17 09:45:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-01-17 09:45:52 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-01-17 09:45:52 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-01-17 09:45:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-16 15:06:04 821920 ----a-w- C:\Users\TOSHBA\Post Win10 Spybot-install.exe
2016-01-16 14:09:39 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2016-01-16 14:09:38 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2016-01-16 14:09:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-16 09:51:34 -------- d-----w- C:\Program Files\TAP-Windows
2016-01-16 09:36:03 -------- d-----w- C:\Users\TOSHBA\AppData\Roaming\Steganos VPN
2016-01-16 09:35:42 -------- d-----w- C:\Program Files (x86)\Common Files\Steganos
2016-01-16 09:31:15 -------- d-----w- C:\Users\TOSHBA\AppData\Roaming\Steganos
2016-01-06 07:09:25 454416 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2016-01-06 07:07:20 4161536 ----a-w- C:\Windows\System32\drivers\athrx.sys
2016-01-06 07:06:34 129224 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2016-01-05 09:15:08 -------- d-----w- C:\Program Files (x86)\Audacity
2016-01-03 16:49:45 -------- d-----w- C:\Users\TOSHBA\AppData\Local\CEF
2016-01-03 14:36:41 -------- d-----w- C:\Users\TOSHBA\Adobe CS6
2015-12-25 15:07:50 -------- d-----w- C:\Users\TOSHBA\AppData\Roaming\10KHits
.
==================== Find3M ====================
.
2016-01-21 04:59:48 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2016-01-21 04:59:45 78032 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2016-01-21 04:54:48 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2016-01-21 04:54:25 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2015-04-27 16:33:23 15931448 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 11:14:51.10 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2015 11:08:28 AM
System Uptime: 1/21/2016 10:29:05 AM (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU1 | 1776/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 57.497 GiB free.
D: is FIXED (NTFS) - 365 GiB total, 257.384 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\QCI0701\2&DABA3FF&2
Manufacturer:
Name:
PNP Device ID: ACPI\QCI0701\2&DABA3FF&2
Service:
.
Class GUID:
Description:
Device ID: ACPI\TOS6205\2&DABA3FF&2
Manufacturer:
Name:
PNP Device ID: ACPI\TOS6205\2&DABA3FF&2
Service:
.
==== System Restore Points ===================
.
RP78: 1/16/2016 3:08:53 PM - Device Driver Package Install: TAP-Windows Adapter V9 Network adapters
RP79: 1/16/2016 3:21:46 PM - Device Driver Package Install: TAP-Windows Provider V9 Network adapters
RP80: 1/20/2016 10:11:58 PM - Removed CA eTrust PestPatrol Anti-Spyware
RP81: 1/21/2016 3:21:04 AM - Removed Ask.com Toolbar.
.
==== Installed Programs ======================
.
3DP Chip v15.11
4K Video Downloader 3.6
Active@ File Recovery Professional 13
Adobe Acrobat Reader DC
Adobe After Effects CS6
Adobe AIR
Adobe Help Manager
Adobe Media Player
Adobe Refresh Manager
Adobe Widget Browser
Audacity 2.0.5
AVS Video Editor 7.1
Bitdefender Antivirus Plus 2015
BitTorrent
Bonjour
CA eTrust PestPatrol Anti-Spyware
Dialog Mobile Broadband
Dropbox
Dropbox Update Helper
Exterminate It!
Google Chrome
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
Intel(R) Chipset Device Software
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
IObit Uninstaller
LAME v3.99.3 (for Windows)
LastPass (uninstall only)
Malwarebytes Anti-Exploit version 1.04.1.1012
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft .NET Framework 4.5.2
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP2 and SOAP Toolkit 3.0
PDF Settings CS6
Realtek Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Skype Click to Call
Skype™ 7.13
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TAP-Windows 9.21.1
VLC media player 2.0.1
Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (09/09/2014 6.16.00.3154)
Windows Driver Package - Qualcomm Atheros (L1C) Net (07/16/2013 2.1.0.21)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (01/08/2014 10.0.0.279)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (03/31/2014 10.0.0.288)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (08/14/2015 10.0.0.326)
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/21/2016 9:35:57 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:09:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/21/2016 9:09:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/21/2016 9:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/21/2016 9:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/21/2016 9:09:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/21/2016 9:09:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/21/2016 9:08:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf DfsC discache ESProtectionDriver gzflt HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx trufos vwififlt Wanarpv6 WfpLwf ws2ifsl
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 3:19:52 AM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2016 3:19:50 AM, Error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
1/21/2016 3:19:40 AM, Error: ssidrv [26] -
1/21/2016 3:06:51 AM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
1/21/2016 3:05:19 AM, Error: Service Control Manager [7000] - The esgiguard service failed to start due to the following error: This driver has been blocked from loading
1/21/2016 3:05:19 AM, Error: Application Popup [1060] - \??\C:\Users\TOSHBA\Downloads\SpyHunter.4.21.10.4585.Portable\e has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/21/2016 12:18:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 discache ESProtectionDriver gzflt HWiNFO32 spldr trufos Wanarpv6
1/21/2016 10:29:39 AM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Dialog Mobile Broadband. OUC service to connect.
1/21/2016 10:29:39 AM, Error: Service Control Manager [7000] - The Dialog Mobile Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/20/2016 9:53:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2016 8:52:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/20/2016 11:42:56 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/17/2016 2:42:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/17/2016 10:17:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf DfsC discache gzflt HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx trufos vwififlt Wanarpv6 WfpLwf ws2ifsl
1/16/2016 10:02:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 discache gzflt HWiNFO32 spldr trufos Wanarpv6
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Fri Jan 22, 2016 3:07 am    Post subject: Reply with quote

Duplicate post therefore closed.
http://spywarewarrior.com/viewtopic.php?t=35408
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group