Author Topic: [Resolved after R&R]Can't Remove Trojan win32.startpage.fw  (Read 1853 times)

Offline koolriz86

  • Bronze Member
  • Posts: 2
[Resolved after R&R]Can't Remove Trojan win32.startpage.fw
« on: January 21, 2016, 02:31:41 AM »
Have had problems with my computer (laptop-win7) slowing down and occasional hiccups. Upon searching with many anti-spy/malware softwares, found the above mentioned trojan and some other spy/malware in my system. The trojan win32.startpage.fw was only shown with the eTrust PestPatrol software (needs an activated premium version to get rid of the trojan, but couldn't find one).
Tried many softwares in safe mode and methods from the internet but couldn't get rid of it.
I suspect some hacker is monitoring my activity using this trojan.
Please provide me with some assistance using your expertise.
The DDS.txt and Attach.txt log files are as folllows.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by TOSHBA at 11:14:16 on 2016-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1224 [GMT 5.5:30]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\Dialog Mobile Broadband\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\McAfee\Real Protect\RealProtect.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\bdwtxapps.exe
C:\Program Files (x86)\SinhalaTamil IME\SinhalaTamil IME.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PestPatrol5.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\TOSHBA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
uRun: [Google Update] "C:\Users\TOSHBA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [CaISSDT] "C:\Program Files (x86)\CA\eTrust Internet Security Suite\caissdt.exe"
mRun: [eTrustPPAP] "C:\Program Files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
StartupFolder: C:\Users\TOSHBA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SinhalaTamil IME.lnk - C:\Program Files (x86)\SinhalaTamil IME\SinhalaTamil IME.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BDBKPF~1\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BDBKPF~1\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - C:\Users\TOSHBA\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\TOSHBA\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{29564EE2-0D48-41EA-8A23-6CF03BFA3673} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{AB82DBB8-AA87-4B2A-86BC-F23FFE2E3FD2} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
x64-mStart Page = about:blank
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-RunOnce: [RealProtect] "C:\Program Files\McAfee\Real Protect\RealProtect.exe" --run
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2015-4-29 1369288]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2015-4-29 160032]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2015-4-29 107080]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2016-1-17 63000]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-4-30 26528]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-3-28 89840]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2016-1-17 441144]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-1-16 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-1-16 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-1-16 171928]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2015-4-29 67320]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2015-5-31 90112]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-4-27 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2016-1-6 454416]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2016-1-6 129224]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2015-4-30 272600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-1 134512]
S2 Dialog Mobile Broadband. RunOuc;Dialog Mobile Broadband. OUC;C:\Program Files (x86)\Dialog Mobile Broadband\UpdateDog\ouc.exe [2015-5-31 655712]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-5-23 2152736]
S2 OpenDHCPServer;Open DHCP Server;C:\Windows\TEMP\OpenDHCPServer.exe --> C:\Windows\TEMP\OpenDHCPServer.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2015-4-29 271272]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2015-4-29 747120]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2015-4-29 82824]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-1 134512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2015-4-30 103448]
S3 esgiguard;esgiguard;C:\Users\TOSHBA\Downloads\SpyHunter.4.21.10.4585.Portable\esgiguard.sys [2016-1-21 15920]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2016-1-21 22704]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2015-5-31 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2015-5-31 13952]
S3 HideMyIpSRV;HideMyIpSRV;C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe --> C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [?]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2015-5-31 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2015-5-31 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2015-5-31 238080]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 ZapyaService;ZapyaService;"C:\Program Files (x86)\Zapya-en\ZapyaService.exe" --> C:\Program Files (x86)\Zapya-en\ZapyaService.exe [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2016-01-20 22:00:06   --------   d-----w-   C:\Program Files\McAfee
2016-01-20 21:59:27   --------   d-----w-   C:\Program Files (x86)\stinger
2016-01-20 20:08:58   22704   ----a-w-   C:\Windows\System32\drivers\EsgScanner.sys
2016-01-20 19:45:25   --------   d-----w-   C:\Users\TOSHBA\AppData\Roaming\KSafe
2016-01-20 19:45:25   --------   d-----w-   C:\ProgramData\KSafe
2016-01-20 19:45:17   --------   d-----w-   C:\Program Files (x86)\DllTool
2016-01-20 19:40:18   --------   d-----w-   C:\Users\TOSHBA\AppData\Roaming\Curiolab
2016-01-20 19:39:16   --------   d-----w-   C:\Program Files (x86)\Exterminate It!
2016-01-20 17:52:13   --------   d-----w-   C:\ProgramData\Licenses
2016-01-20 17:51:45   --------   d-----w-   C:\ProgramData\Simply Super Software
2016-01-20 17:14:43   --------   d-----w-   C:\ProgramData\CA
2016-01-20 17:14:40   --------   d-----w-   C:\Program Files (x86)\Common Files\Scanner
2016-01-20 17:14:30   --------   d-----w-   C:\Program Files (x86)\CA
2016-01-20 16:56:42   --------   d-----w-   C:\Users\TOSHBA\AppData\Local\Opera Software
2016-01-20 16:56:41   --------   d-----w-   C:\Users\TOSHBA\AppData\Roaming\Opera Software
2016-01-20 16:03:13   --------   d-----w-   C:\Program Files (x86)\MSSOAP
2016-01-20 16:03:13   --------   d-----w-   C:\Program Files (x86)\Common Files\MSSoap
2016-01-17 12:39:15   --------   d-----w-   C:\Users\TOSHBA\AppData\Roaming\Zbshareware Lab
2016-01-17 11:08:42   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-01-17 09:58:07   --------   d-----w-   C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-17 09:49:12   192216   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-17 09:45:52   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2016-01-17 09:45:52   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2016-01-17 09:45:52   109272   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2016-01-17 09:45:52   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-16 15:06:04   821920   ----a-w-   C:\Users\TOSHBA\Post Win10 Spybot-install.exe
2016-01-16 14:09:39   21040   ----a-w-   C:\Windows\System32\sdnclean64.exe
2016-01-16 14:09:38   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
2016-01-16 14:09:34   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-16 09:51:34   --------   d-----w-   C:\Program Files\TAP-Windows
2016-01-16 09:36:03   --------   d-----w-   C:\Users\TOSHBA\AppData\Roaming\Steganos VPN
2016-01-16 09:35:42   --------   d-----w-   C:\Program Files (x86)\Common Files\Steganos
2016-01-16 09:31:15   --------   d-----w-   C:\Users\TOSHBA\AppData\Roaming\Steganos
2016-01-06 07:09:25   454416   ----a-w-   C:\Windows\System32\drivers\IntcDAud.sys
2016-01-06 07:07:20   4161536   ----a-w-   C:\Windows\System32\drivers\athrx.sys
2016-01-06 07:06:34   129224   ----a-w-   C:\Windows\System32\drivers\L1C62x64.sys
2016-01-05 09:15:08   --------   d-----w-   C:\Program Files (x86)\Audacity
2016-01-03 16:49:45   --------   d-----w-   C:\Users\TOSHBA\AppData\Local\CEF
2016-01-03 14:36:41   --------   d-----w-   C:\Users\TOSHBA\Adobe CS6
2015-12-25 15:07:50   --------   d-----w-   C:\Users\TOSHBA\AppData\Roaming\10KHits
.
==================== Find3M ====================
.
2016-01-21 04:59:48   17920   ----a-w-   C:\Windows\System32\rpcnetp.exe
2016-01-21 04:59:45   78032   ----a-w-   C:\Windows\SysWow64\rpcnet.dll
2016-01-21 04:54:48   17920   ----a-w-   C:\Windows\SysWow64\rpcnetp.dll
2016-01-21 04:54:25   17920   ----a-w-   C:\Windows\SysWow64\rpcnetp.exe
2015-04-27 16:33:23   15931448   ----a-w-   C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 11:14:51.10 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2015 11:08:28 AM
System Uptime: 1/21/2016 10:29:05 AM (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU1 | 1776/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 57.497 GiB free.
D: is FIXED (NTFS) - 365 GiB total, 257.384 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\QCI0701\2&DABA3FF&2
Manufacturer:
Name:
PNP Device ID: ACPI\QCI0701\2&DABA3FF&2
Service:
.
Class GUID:
Description:
Device ID: ACPI\TOS6205\2&DABA3FF&2
Manufacturer:
Name:
PNP Device ID: ACPI\TOS6205\2&DABA3FF&2
Service:
.
==== System Restore Points ===================
.
RP78: 1/16/2016 3:08:53 PM - Device Driver Package Install: TAP-Windows Adapter V9 Network adapters
RP79: 1/16/2016 3:21:46 PM - Device Driver Package Install: TAP-Windows Provider V9 Network adapters
RP80: 1/20/2016 10:11:58 PM - Removed CA eTrust PestPatrol Anti-Spyware
RP81: 1/21/2016 3:21:04 AM - Removed Ask.com Toolbar.
.
==== Installed Programs ======================
.
3DP Chip v15.11
4K Video Downloader 3.6
Active@ File Recovery Professional 13
Adobe Acrobat Reader DC
Adobe After Effects CS6
Adobe AIR
Adobe Help Manager
Adobe Media Player
Adobe Refresh Manager
Adobe Widget Browser
Audacity 2.0.5
AVS Video Editor 7.1
Bitdefender Antivirus Plus 2015
BitTorrent
Bonjour
CA eTrust PestPatrol Anti-Spyware
Dialog Mobile Broadband
Dropbox
Dropbox Update Helper
Exterminate It!
Google Chrome
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
Intel(R) Chipset Device Software
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
IObit Uninstaller
LAME v3.99.3 (for Windows)
LastPass (uninstall only)
Malwarebytes Anti-Exploit version 1.04.1.1012
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft .NET Framework 4.5.2
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP2 and SOAP Toolkit 3.0
PDF Settings CS6
Realtek Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Skype Click to Call
Skype™ 7.13
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TAP-Windows 9.21.1
VLC media player 2.0.1
Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (09/09/2014 6.16.00.3154)
Windows Driver Package - Qualcomm Atheros (L1C) Net (07/16/2013 2.1.0.21)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (01/08/2014 10.0.0.279)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (03/31/2014 10.0.0.288)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (08/14/2015 10.0.0.326)
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/21/2016 9:35:57 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:09:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/21/2016 9:09:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/21/2016 9:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/21/2016 9:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/21/2016 9:09:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/21/2016 9:09:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/21/2016 9:08:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf DfsC discache ESProtectionDriver gzflt HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx trufos vwififlt Wanarpv6 WfpLwf ws2ifsl
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 9:08:48 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2016 3:19:52 AM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2016 3:19:50 AM, Error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
1/21/2016 3:19:40 AM, Error: ssidrv [26] -
1/21/2016 3:06:51 AM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
1/21/2016 3:05:19 AM, Error: Service Control Manager [7000] - The esgiguard service failed to start due to the following error: This driver has been blocked from loading
1/21/2016 3:05:19 AM, Error: Application Popup [1060] - \??\C:\Users\TOSHBA\Downloads\SpyHunter.4.21.10.4585.Portable\e has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/21/2016 12:18:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 discache ESProtectionDriver gzflt HWiNFO32 spldr trufos Wanarpv6
1/21/2016 10:29:39 AM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Dialog Mobile Broadband. OUC service to connect.
1/21/2016 10:29:39 AM, Error: Service Control Manager [7000] - The Dialog Mobile Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/20/2016 9:53:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/20/2016 8:52:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/20/2016 11:42:56 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/17/2016 2:42:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/17/2016 10:17:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf DfsC discache gzflt HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx trufos vwififlt Wanarpv6 WfpLwf ws2ifsl
1/16/2016 10:02:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 discache gzflt HWiNFO32 spldr trufos Wanarpv6
.
==== End Of File ===========================
« Last Edit: February 28, 2016, 04:26:35 AM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved after R&R]Can't Remove Trojan win32.startpage.fw
« Reply #1 on: January 21, 2016, 03:16:04 AM »
Hello and welcome to SpywareHammer,

My screen name is kevinf80, either that or Kevin is good for replies. Ok lets continue:

P2P/illegal software Warning:

Quote
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the Forum policy on P2P and Illegal Software.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Download [COLOR="Blue"]Malwarebytes Anti-Malware[/COLOR] to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.
Let me see those logs in your reply....

Thank you,

Kevin...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved after R&R]Can't Remove Trojan win32.startpage.fw
« Reply #2 on: January 25, 2016, 05:14:19 AM »
Do you still need help :sd

Offline koolriz86

  • Bronze Member
  • Posts: 2
Re: [Resolved after R&R]Can't Remove Trojan win32.startpage.fw
« Reply #3 on: February 21, 2016, 01:57:36 AM »
Thanks...did a full format and installed win 10.
appreciate your support and look forward in any mishap.
cheers...!

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved after R&R]Can't Remove Trojan win32.startpage.fw
« Reply #4 on: February 28, 2016, 04:25:40 AM »
Thanks for the update, good to hear all is now ok for you....

Regards,

Kevin.

 

Click Here