Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

advanced system protector & ad window popups


  • This topic is locked This topic is locked
5 replies to this topic

#1 zorginho

zorginho

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 April 2014 - 11:07 AM

hi all sorry if i'm not introduced myself but i have a pc of my friend and it's infected, i can't do a backup on an external usb because i can't connect usb devices anymore, they can't be recognised.

Also when windows starts i see ad popups and starts itself a scan with a fake antivirus.

here are some screens:

screen2.png

screen1.png

 

 

here is the dds log:
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by Pezzella at 17:46:26 on 2014-04-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.5867.4303 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=muh&from=muh&uid=WDCXWD5000BPVT-22HXZT1_WD-WXG1A31K6276K6276&ts=1358874767
mStart Page = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=muh&from=muh&uid=WDCXWD5000BPVT-22HXZT1_WD-WXG1A31K6276K6276&ts=1358874767
mDefault_Page_URL = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=muh&from=muh&uid=WDCXWD5000BPVT-22HXZT1_WD-WXG1A31K6276K6276&ts=1358874767
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
BHO: Search-Results Toolbar: {503e067f-2914-4edd-8432-2d6c52635e23} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Guida per l'accesso a Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: VirtualDJ Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TB: VirtualDJ Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
TB: Search-Results Toolbar: {503e067f-2914-4edd-8432-2d6c52635e23} - 
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Pezzella\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\20DOLL~1.LNK - C:\Program Files (x86)\20Dollars2Surf\20dollars2surf.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BF025EB8-CF9A-4DC3-8C1B-3602CC55FD4A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF025EB8-CF9A-4DC3-8C1B-3602CC55FD4A}\14C6963656D27363638373130303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF025EB8-CF9A-4DC3-8C1B-3602CC55FD4A}\4505D2C494E4B4 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{CE1A7247-CFB3-49BB-92C1-C66F9498C5DB} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pezzella\AppData\Roaming\Mozilla\Firefox\Profiles\ttbt2yju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.it/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_it_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_0c492b00040943f99649886a63aa8d93_39_1006_20130618_IT_ff_sp_
FF - prefs.js: keyword.URL - hxxp://www.amazon.it/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_it_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_0c492b00040943f99649886a63aa8d93_39_1006_20130618_IT_ff_ab_&tag=bds-p23-serp-it-ff-21&query=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Pezzella\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - f09ec694000000000000b870f4a77b44
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15819
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1615:23:15
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;C:\Program Files (x86)\Music Toolbar\Datamngr\x64\setmgrc1.cfg [2014-4-7 36248]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-1-17 198784]
R2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [2014-4-7 3544088]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-31 352848]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-1-17 873064]
R2 Updater Service for AMZN;Updater Service for AMZN;C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2013-3-21 222368]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2012-1-17 57344]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-18 46136]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-1-18 52144]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-1-17 77424]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-17 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-18 1255736]
.
=============== Created Last 30 ================
.
2014-04-24 05:53:42	10651704	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52816C5C-F5F2-41AE-B6DE-5B885AB9AF40}\mpengine.dll
2014-04-23 05:44:19	10651704	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-19 11:03:21	1031560	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C1528945-8E25-4679-BBA4-CD759183DDEB}\gapaengine.dll
2014-04-07 16:18:34	--------	d-----w-	C:\ProgramData\Datamngr
2014-04-03 12:26:39	--------	d-----w-	C:\Users\Pezzella\AppData\Local\Systweak
.
==================== Find3M  ====================
.
2014-03-12 17:51:52	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 17:51:51	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:51:28	5777288	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-11 07:52:30	133928	----a-w-	C:\Windows\System32\drivers\NisDrvWFP.sys
2014-02-23 06:54:58	2334720	----a-w-	C:\Windows\System32\jscript9.dll
2014-02-23 06:48:31	1392128	----a-w-	C:\Windows\System32\wininet.dll
2014-02-23 06:46:42	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2014-02-23 06:45:36	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:27	599040	----a-w-	C:\Windows\System32\vbscript.dll
2014-02-23 06:44:02	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2014-02-23 05:47:19	1806848	----a-w-	C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:40:18	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:08	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49	421376	----a-w-	C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:36:22	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2014-02-07 01:23:30	3156480	----a-w-	C:\Windows\System32\win32k.sys
2014-02-04 02:32:22	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12	624128	----a-w-	C:\Windows\System32\qedit.dll
2014-02-04 02:04:22	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18	484864	----a-w-	C:\Windows\System32\wer.dll
2014-01-29 02:06:47	381440	----a-w-	C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46	228864	----a-w-	C:\Windows\System32\wwansvc.dll
2014-01-24 23:19:42	268512	----a-w-	C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 17:46:48,59 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 17/01/2012 20:43:17
System Uptime: 24/04/2014 17:18:44 (0 hours ago)
.
Motherboard: Acer |  | Aspire 5250
Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 402,418 GiB free.
D: is CDROM ()
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Multi-Card      
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20090516388200000&0#
Manufacturer: Generic-
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20090516388200000&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
20Dollars2Surf 1.1
Acer Crystal Eye Webcam
Acer ePower Management
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop CS6
Advanced System Protector
Amazon Browser Settings
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Ashampoo Burning Studio 6 FREE v.6.80
Ask Toolbar
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility64
CCC Help English
CCleaner
Conexant HD Audio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta toolbar  
Diskeeper 2010 Pro Premier
EnhanceMySe7en
Facebook Video Calling 2.0.0.447
Free Studio version 2013
Junk Mail filter update
Launch Manager
MagicDisc 2.7.106
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (ITA)
Microsoft .NET Framework 4.5.1 (Italiano)
Microsoft Antimalware Service IT-IT Language Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (Italian) 2010
Microsoft Office Excel MUI (Italian) 2010
Microsoft Office Groove MUI (Italian) 2010
Microsoft Office InfoPath MUI (Italian) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Italian) 2010
Microsoft Office Outlook MUI (Italian) 2010
Microsoft Office PowerPoint MUI (Italian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (Italian) 2010
Microsoft Office Publisher MUI (Italian) 2010
Microsoft Office Shared 64-bit MUI (Italian) 2010
Microsoft Office Shared MUI (Italian) 2010
Microsoft Office Word MUI (Italian) 2010
Microsoft Security Client
Microsoft Security Client IT-IT Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 28.0 (x86 it)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NBA 2K12
Paint.NET v3.5.10
PDF-Viewer
PDF-XChange Lite 4
PDF Settings CS6
PokerStars.it
Qualcomm Atheros Fast Reconnect
QuickShare
Raccolta foto di Windows Live
RegClean Pro
Search-Results Toolbar
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Synaptics Pointing Device Driver
Trial Logosmartz Logo Maker Software 8.0
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VirtualDJ Home FREE
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
.
==== End Of File ===========================


Edited by zorginho, 24 April 2014 - 11:20 AM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:12 PM

Posted 24 April 2014 - 12:02 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi zorginho,
 
We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
20Dollars2Surf 1.1
Ask Toolbar
Delta toolbar
RegClean Pro
Search-Results Toolbar
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 zorginho

zorginho
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 24 April 2014 - 02:44 PM

i've done the steps u told me and now is a lot better, no more ads and fake virus/errors scan.

but seems that i still can't use usb devices.

here the logs that you've requested:

 

r0

# AdwCleaner v3.202 - Rapporto creato 24/04/2014 in 21:32:35
# Aggiornato 23/04/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Pezzella - PEZZELLA-PC
# In esecuzioen da : C:\Users\Pezzella\Desktop\AdwCleaner.exe
# Opzione : Scansione

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Trovato : C:\Users\Pezzella\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Cartella Trovato C:\Program Files (x86)\Music Toolbar
Cartella Trovato C:\ProgramData\DataMngr

***** [ Collegamenti ] *****


***** [ Registro ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v28.0 (it)

[ File : C:\Users\Pezzella\AppData\Roaming\Mozilla\Firefox\Profiles\ttbt2yju.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Pezzella\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [993 octets] - [24/04/2014 21:32:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1052 octets] ##########

s0

# AdwCleaner v3.202 - Rapporto creato 24/04/2014 in 21:35:52
# Aggiornato 23/04/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Pezzella - PEZZELLA-PC
# In esecuzioen da : C:\Users\Pezzella\Desktop\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\DataMngr
Cartella Eliminato : C:\Program Files (x86)\Music Toolbar
Cartella Eliminato : C:\Users\Pezzella\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof

***** [ Collegamenti ] *****


***** [ Registro ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v28.0 (it)

[ File : C:\Users\Pezzella\AppData\Roaming\Mozilla\Firefox\Profiles\ttbt2yju.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Pezzella\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1132 octets] - [24/04/2014 21:32:35]
AdwCleaner[S0].txt - [1061 octets] - [24/04/2014 21:35:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1121 octets] ##########


Edited by zorginho, 24 April 2014 - 02:47 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:12 PM

Posted 25 April 2014 - 10:24 AM

Hi zorginho,
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Uninstalling a driver:

  • Press windows key Windows_Logo_key.gif + r, type devmgmt.msc and press enter on the keyboard.
  • Under Universal Serial Bus controllers, right-click any items listed and click Uninstall.
  • Windows will prompt you to confirm the device’s removal. Click OK to remove the driver.
  • After the uninstallation is complete, reboot your computer.

--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to download the 64bit version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • Do USBs work now?
  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:12 PM

Posted 28 April 2014 - 12:11 PM

Hi zorginho,

 

This is a 3 day bump:

 

It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:12 PM

Posted 01 May 2014 - 12:19 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users